Hi All,

it's regarding removing a virus in System Restore in XP.

In winMe it is possible to delete the virus without disabling System Restore this way:

"Boot using your Windows ME diskette, select Minimal and use DEL command.

A:\>DEL C:\_Restore\Temp\ and add the name(s) of the file(s) in question.

Remove the diskette, reboot and you're done."

My question: Iis this way also possible for removing a virus in XP or is there a different method - and I am NOT talking about disabling System Restore - or is disabling System Restore the ONLY way for XP??

Thanks a LOT ;)

Hi Marianna,

While it may well be possible to bypass the protection Windows ME gives it's System Restore area by booting to DOS and deleting individual files, I still would strongly recommend against doing that. The whole reason Windows protects the System Restore area is to preserve continuity of all the files saved there and the related tracking files and change logs.

Yes, I know you are deleting a virus file, a file you don't want restored, but the fact remains that the restore points involved will be corrupt - they won't have all the files listed in the logs that are needed to accomplish a restore.

As for Windows XP, if your XP system is built upon a NTFS disk partition, then you won't be able to do anything similar unless you get some kind of DOS based boot disk that has full write support to NTFS. (There aren't a lot of those out there.) And, I wouldn't recommend trying it in any case for the same reasons as above.

Thanks a LOT, LWM :)

I really appreciate your reply!

I also got another reply in a different forum - maybe you have a look at the link I got:

"Most likely the Recovery Console. http://www.wown.com/j_helmig/wxprcons.htm gives you an EXCELLANT pictoral of how to get there."

What do YOU think about that??

LWM,

I "fw" your reply - got this as a reply to yours:

"That's true, but some systems went wildly unstable after the turn off/on of System Restore on Windows ME. So I found a less intrusive method. The restore will fail if we muck with it too much so there seems to be a safety valve of sorts there.

YOUR CHOICE ON THE MATTER, but small changes always seem to be preferable to big changes.

AS TO XP and some DOS boot disk. I don't use such and supplied a pictoral on how to use the XP supplied tool. If it was so protected or such, why would we need such a tool? (Sorry, no need to answer since this is rhetorical.)

The reason to do this is SIMPLE. Microsoft is not "all-knowing" as to what will happen out in the real world. You have to find ways to use the tools. The reply you gave is typical if one thinks that Microsoft supplied it so and that's how it should be. I'd re-write that last sentence, but I'll let it stand.

IN CLOSING... You supply this statement -> "I wouldn't recommend trying it in any case for the same reasons as above." For the record, I do this at least weekly it seems to dispatch the bugs without much ado and with no apparent side effects other than an restore date that doesn't work. At least one can still restore to other dates on the list so I consider this a workable solution.

In the end, your choice on the matter. "

Any comments from YOUR side?

That it appears to work does not make it the right thing to do. And certainly, results will vary system to system.

>> "The restore will fail if we muck with it too much..."

That says it all for me.

Simply put, it is not recommended to delete individual files from the restore area. However, if you want to do it, then do it. If it works for you, (or for the person you quoted), that's fine. But, the fact remains that it is not recommended by either Microsoft or the anti-virus companies, which is why Symantec and McAfee have pages on disabling System Restore to clear viruses stored there.

>> "If it was so protected or such, why would we need such a tool?"

To turn around this person's rhetorical question... If files were meant to be deleted from that area, then why must such tools or methods be used in order to be able to delete them? Wouldn't they be delete-able on their own if they were meant to be deleted?

Thanks, LWM !

I appreciate your view !