Question - don't know WHERE to put it :(

Discussion in 'ten-forward' started by Marianna, Sep 6, 2003.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi All,

    it's regarding removing a virus in System Restore in XP.

    In winMe it is possible to delete the virus without disabling System Restore this way:

    "Boot using your Windows ME diskette, select Minimal and use DEL command.

    A:\>DEL C:\_Restore\Temp\ and add the name(s) of the file(s) in question.

    Remove the diskette, reboot and you're done."

    My question: Iis this way also possible for removing a virus in XP or is there a different method - and I am NOT talking about disabling System Restore - or is disabling System Restore the ONLY way for XP??

    Thanks a LOT ;)
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi Marianna,

    While it may well be possible to bypass the protection Windows ME gives it's System Restore area by booting to DOS and deleting individual files, I still would strongly recommend against doing that. The whole reason Windows protects the System Restore area is to preserve continuity of all the files saved there and the related tracking files and change logs.

    Yes, I know you are deleting a virus file, a file you don't want restored, but the fact remains that the restore points involved will be corrupt - they won't have all the files listed in the logs that are needed to accomplish a restore.

    As for Windows XP, if your XP system is built upon a NTFS disk partition, then you won't be able to do anything similar unless you get some kind of DOS based boot disk that has full write support to NTFS. (There aren't a lot of those out there.) And, I wouldn't recommend trying it in any case for the same reasons as above.
     
  3. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Thanks a LOT, LWM :)

    I really appreciate your reply!

    I also got another reply in a different forum - maybe you have a look at the link I got:

    "Most likely the Recovery Console. http://www.wown.com/j_helmig/wxprcons.htm gives you an EXCELLANT pictoral of how to get there."

    What do YOU think about that??
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    LWM,

    I "fw" your reply - got this as a reply to yours:

    "That's true, but some systems went wildly unstable after the turn off/on of System Restore on Windows ME. So I found a less intrusive method. The restore will fail if we muck with it too much so there seems to be a safety valve of sorts there.

    YOUR CHOICE ON THE MATTER, but small changes always seem to be preferable to big changes.

    AS TO XP and some DOS boot disk. I don't use such and supplied a pictoral on how to use the XP supplied tool. If it was so protected or such, why would we need such a tool? (Sorry, no need to answer since this is rhetorical.)

    The reason to do this is SIMPLE. Microsoft is not "all-knowing" as to what will happen out in the real world. You have to find ways to use the tools. The reply you gave is typical if one thinks that Microsoft supplied it so and that's how it should be. I'd re-write that last sentence, but I'll let it stand.

    IN CLOSING... You supply this statement -> "I wouldn't recommend trying it in any case for the same reasons as above." For the record, I do this at least weekly it seems to dispatch the bugs without much ado and with no apparent side effects other than an restore date that doesn't work. At least one can still restore to other dates on the list so I consider this a workable solution.

    In the end, your choice on the matter. "

    Any comments from YOUR side?
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    That it appears to work does not make it the right thing to do. And certainly, results will vary system to system.

    >> "The restore will fail if we muck with it too much..."

    That says it all for me.

    Simply put, it is not recommended to delete individual files from the restore area. However, if you want to do it, then do it. If it works for you, (or for the person you quoted), that's fine. But, the fact remains that it is not recommended by either Microsoft or the anti-virus companies, which is why Symantec and McAfee have pages on disabling System Restore to clear viruses stored there.

    >> "If it was so protected or such, why would we need such a tool?"

    To turn around this person's rhetorical question... If files were meant to be deleted from that area, then why must such tools or methods be used in order to be able to delete them? Wouldn't they be delete-able on their own if they were meant to be deleted?
     
  6. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Thanks, LWM !

    I appreciate your view !
     
Thread Status:
Not open for further replies.