System Restore

Hi All:

I'd like to get a consensus of opinion, or at least the
best pros and cons, regarding the latest reference by
Vanguard to turn off System Restore, "disable System
Restore" for cleaning up the box.

Several times Bill S has questioned that wisdom.....

How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
Bullwinkle JM, Frank S, Steve W and Randy K? What say
you?

Tks,

RobbieA

Yes, it does have its risk, but my recommendation after doing a thorough
scan in safe mode is to restart back immediately in Normal Mode and
immediately reenable system restore and create a new restore point right
away!

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> wrote in message
news:0a7701c53171$0f088810$a501280a@phx.gbl...
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.
>
> Several times Bill S has questioned that wisdom.....
>
> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
> Bullwinkle JM, Frank S, Steve W and Randy K? What say
> you?
>
> Tks,
>
> RobbieA

Disabling sys restore is now current when removing a lot of viruses (they
use sysrestore to restore themselves). Usullay, I try a first shot with sys
restore active.


"RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> a écrit dans le message
de news: 0a7701c53171$0f088810$a501280a@phx.gbl...
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.
>
> Several times Bill S has questioned that wisdom.....
>
> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
> Bullwinkle JM, Frank S, Steve W and Randy K? What say
> you?
>
> Tks,
>
> RobbieA

But who says the same can't happen with Spyware as they are even more
intelligent than viruses.

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Jacques" <anonymous@discussions.microsoft.com> wrote in message
news:uPn04OXMFHA.940@cpmsftngsa05.privatenews.microsoft.com...
> Disabling sys restore is now current when removing a lot of viruses (they
> use sysrestore to restore themselves). Usullay, I try a first shot with
> sys restore active.
>
>
> "RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> a écrit dans le message
> de news: 0a7701c53171$0f088810$a501280a@phx.gbl...
>> Hi All:
>>
>> I'd like to get a consensus of opinion, or at least the
>> best pros and cons, regarding the latest reference by
>> Vanguard to turn off System Restore, "disable System
>> Restore" for cleaning up the box.
>>
>> Several times Bill S has questioned that wisdom.....
>>
>> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
>> Bullwinkle JM, Frank S, Steve W and Randy K? What say
>> you?
>>
>> Tks,
>>
>> RobbieA
>
>

RobbieA wrote:
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.

I don´t like that method in first step and if it also
is a PC with only problem with IE and "slowdowns" I first tries
combinations of other methods.

I ask myself this:

- Can this PC be infested with virus, spyware ?

- Updated virusprogram ? No, Housecall onlinescanning or
Stinger.
Scan reports about virus or spyware within certain
restorepoints RP ?
I then remove specific restorepoints within C:/System Volyme
Information

- Servicepacks ?, Firewall ?, Update after spyware removal !

- Any backups ? With no backups you must be careful.

Then it´s time for safemode:

- Run CCleaner, in all three tabs to save scantime and
remove all junk.
And this really saves a lot scantime ! I always use default
settings and
removes everything. I know this is against MS policy but
someone must have
had a bad day when he/she approved this temporarily
"graveyard" within all WindowsPC.

- Run Adaware, sometimes also Spybot.

- Run MSAS again

- Restart, if problem persist I then check around some
wellknown forum.

- If this PC really is infested it can be a good idea to
clear out SR after this and
then directly start SR again with a new RP.

--
plun

Hi Robbie,

<What say you?>
IMVHO, there is no set rule for when you kick SR to the curb. I usually
use gut instinct and try my tricks first w/o stopping SR just on the offhand
case that something very bad may happen when I work on the machine.
That said, once I get a feel that the machine has a bundle of woes, the
temp, TIF, and SR get kicked.

Additionally, there is a MSKB Article about it, and I can post that for you
after I get back to the office on Monday.

Ron Chamberlin
MS-MVP



"RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> wrote in message
news:0a7701c53171$0f088810$a501280a@phx.gbl...
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.
>
> Several times Bill S has questioned that wisdom.....
>
> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
> Bullwinkle JM, Frank S, Steve W and Randy K? What say
> you?
>
> Tks,
>
> RobbieA
>

My View is If you have a virus,Trojan or Worm identified
as being on your system then disable system restore
before peforming any clean up,I wouldnt attempt to clean
a pc up with restore left on as you can be forever going
round in cirlces cleaning up the same stuff as any trace
in the restore files of the malware will in many cases
cause it to regenerate when you reboot your pc.

Sure if you have only just picked up malware then use the
restore first to go back to a time when you know the
system was clean but if you cannot do this then the
restore points are useless depending on what the
infection is,

If you have some adware/spyware issues then system
restore can be left on and dealing with the adware
manually can be the best option.But once its clear there
is viruses/worms or trojans involved id always advise
disabling the restore area or helping people is a waste
of their and my time when they reboot and everything
comes back

I appreciate everyone will have different views on this
so its a good question to ask but i wouldnt personally
help someone clean a pc of malware who wanted to keep the
restore switched on as its a waste of time,Id advise them
to use it if they can to clear the scumware and failing
that id advise disabling it then only enable it again
once everything is clean

Regards Andy

Jacques-what evidence can you cite to show that viruses "use sysrestore to
restore themselves."

Even Symantec, who make this recommendation do not say that. What they do
say does not justify removing this important safety net, in my opinion.

Can someone show me a published technical note from an antivirus vendor
which states that viruses can be in some way automatically restored from
System Restore--Symantec certainly doesn't say anything like that?


--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Jacques" <anonymous@discussions.microsoft.com> wrote in message
news:uPn04OXMFHA.940@cpmsftngsa05.privatenews.microsoft.com...
> Disabling sys restore is now current when removing a lot of viruses (they
> use sysrestore to restore themselves). Usullay, I try a first shot with
> sys restore active.
>
>
> "RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> a écrit dans le message
> de news: 0a7701c53171$0f088810$a501280a@phx.gbl...
>> Hi All:
>>
>> I'd like to get a consensus of opinion, or at least the
>> best pros and cons, regarding the latest reference by
>> Vanguard to turn off System Restore, "disable System
>> Restore" for cleaning up the box.
>>
>> Several times Bill S has questioned that wisdom.....
>>
>> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
>> Bullwinkle JM, Frank S, Steve W and Randy K? What say
>> you?
>>
>> Tks,
>>
>> RobbieA
>
>

I have yet to hear an argument from the proponents of turning off SR that
has a clear basis in fact. I've read what Symantec says about doing this,
and it doesn't seem to me to justify the action. It says that 1) viruses
may be detected by their software in the SR store area, and 2) if you use an
infected restore point, the virus will be restored.

I'm going to do some digging at other antivirus vendors sites--but you would
think that if this really was a significant issue in virus removal, that
every antivirus vendor would have a clear statement about doing this as part
of the cleaning operation.

My preference continues to be to clean the machine first, then destroy old
restore points and create a new one.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> wrote in message
news:0a7701c53171$0f088810$a501280a@phx.gbl...
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.
>
> Several times Bill S has questioned that wisdom.....
>
> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
> Bullwinkle JM, Frank S, Steve W and Randy K? What say
> you?
>
> Tks,
>
> RobbieA

Here's what Trend Micro has to say:
============================
Windows Millennium Edition (ME) and Windows XP have a feature known as
System Restore, which creates backups of certain files in the _Restore
folder. The System Restore feature usually backs up files with EXE or COM
extensions, which may include infected files and malware programs. Files in
the _Restore folder are protected and can only be accessed using System
Restore. This feature must be disabled first before Trend Micro antivirus
can access and clean these files.
========================

Frankly, this statement also appears inaccurate to me. I'm uncertain about
Windows Millennium edition, but when you disable SR on XP, the restore
points are destroyed (i.e. the files are deleted)--so the bit about "Trend
Micro antivirus can access and clean these files" makes no sense!

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm


"RobbieA" <RobbieA@nospam-ProLog-Slapbass_ptd.net> wrote in message
news:0a7701c53171$0f088810$a501280a@phx.gbl...
> Hi All:
>
> I'd like to get a consensus of opinion, or at least the
> best pros and cons, regarding the latest reference by
> Vanguard to turn off System Restore, "disable System
> Restore" for cleaning up the box.
>
> Several times Bill S has questioned that wisdom.....
>
> How about it Bill, Plun, Andre, Ron K, Steve D, Ron C,
> Bullwinkle JM, Frank S, Steve W and Randy K? What say
> you?
>
> Tks,
>
> RobbieA