Dumb question: If you have Norton Ghost running, and assuming you do
incremental backups, why don't you just choose one of its latest restore
points and Restore that?
I think I've heard of arguements between Norton's GoBack and System
Restores, but not with Ghost, to my knowlege at least.
Since your System Restore Points are crapped, you would do well to turn
System Restore off and then back on: That will purge all the old System
Restore Points and start over again. That way you can't screw up inj a week
or so and revert to one of the corrupted points, should they start to work.
Inline:
Yesterday I clicked some Google search results and got a page which
was obviously not what I wanted, but there was a popup with the usual
junk warning about "your system may be...etc". Usually I right click
these messages and choose 'close', but I inadvertently clicked the
red X to close it, and was bombarded with messages from Windows
defender, firewall disabled warning, and AVG free warnings about
files. I shut down and rebooted to safe mode, then proceeded to run
Spybot S&D, AVG full scan, Windows Defender, and after all this and
some manual cleanup (and many found spyware/trojans just from that
minute or two it was on) ended up with clean scans and all seemed OK.
Did you update each of then before you did the scans? If not, update them
and run tham again; all of them.
One minor exception is that when the computer sits for a few minutes,
the broadband connection is lost and I get a message offering to fix
it, which it does. But it happens again after sitting. Virus and
spyware scans all remain fully clean. Other computers on the network
are connected fine.
Sounds like file corruption somewhere; possibly multiple locations so one
fix isn't going to necessarily going to be all that's needed. It's not
unusual to fix one thing and either have it come back later or find
something else that borked.
So I thought the best way would be to use system restore to restore
to two days ago, before the spyware bout. However, it failed, after
rebooting giving me a message that it "cannot be restored" to that
date and to try a different one (no further explanations). I
disabled AVG free and tried that and two other dates, as well as safe
mode restores, and the same result.
Restore Points are trashed or the Restore mechanism is.
It would be nice if there were some other explanation besides it
"cannot be restored", but there is none. A web search produces
results for Norton AV users, however I have no Norton anything except
Ghost 2003. Management/services shows system restore is running OK.
Then WHY aren't you using Ghost to go back to an earlier time?!?
Any suggestions? I thought of disabling restore to get rid of all
previous points and start fresh,
You should do that. All they're doing right now is wasting space.
but if the connectivity issue
continues I might kick myself if I can't find a fix for that. Why
would it fail and give no explanation?
That's all the "explanation" it ever gives in my experience.
I'm assuming the spyware must
have done something to corrupt the files, as it managed to disable
the firewall (grumble grumble, for the fact that it's even possible
to do that!). Is there any way to get more info out of the system
restore to find out if it's failing because of corrupted files or
some other issue?
Thanks for any suggestions.
Gary
Something below might help. Sorry, don't have the links or that's all I
would have posted:
How do I reinstall System Restore?
Warning: This will delete ALL existing restore points.
Go to Start - Run and type %Windir%\INF then press enter.
In Windows Explorer go to Tools - Folder Options - View Tab and uncheck
“Hide extensions for known file types”.
Find the sr.inf file, right click on it and select Install.
Or simply type or paste the following command into the Start - Run box and
press enter.
rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf
If the Files Needed dialog box appears, click Browse and point to the i386
folder on the Windows XP CD or to the i386 folder on the hard drive, if it
exists, of for systems updated with the Service Pack 2 CD or Download from
Microsoft, browse to the C:\Windows\ServicePackFiles\i386 folder.
Troubleshoot System Restore “Restore Point Failures” in Windows XP
At any point during this troubleshoot procedure you feel
uncomfortable, help is a click away on the Microsoft Newsgroups and on the
AumHa Forums
If Real Player is installed on the system click HERE and update to the
latest version.
IBM Rescue and Recovery with Rapid Restore - Microsoft System Restore
"Restore Points" are not preserved or System Restore errors are logged in
Event Viewer.
System Restore's Restore Points are not saved in IBM Rapid Restore
Ultra's backup. When restoring using Rapid Restore Ultra, System Restore
will log an error message in the Windows Event Viewer and if you start
System Restore, any prior System Restore Points are not available.
For systems that have Norton 2006 applications installed click here.
For Systems shipped with a Recovery Partition, such as HP, Compaq and
Dell, to name a few, DO NOT let system restore monitor these partitions. See
Disable Monitored Drives.
Scan for Virus and Spyware infection.
If the system will not boot, here’s a list of Disaster Recovery Tools
within WindowsXP.
Make note of any error messages produced by System Restore or any low
Free Disk space warnings, exactly as they appear.
Use the Event Viewer to investigate System Restore service errors. To
do this, follow these steps:
Go to Start - Run and type eventvwr.msc and press enter.
In the left pane click on System.
Click the gray title “Source” at the top of the source name column in
the right pane to sort by source name, look for "sr" and "srservice."
Double-click each of these services, and evaluate the event description for
any indication of the cause of the problem. Make note of the Description,
EventID and Source of these Event Properties that show an Error or Warning.
If you would like assistance in examining the "sr" and "srservice"
events, double click on each event then, click on the button below the two
arrows in the upper right corner. This will copy the event information to
the clipboard. Paste the information for each event to a post in either the
AumHa Forums or to this Microsoft Newsgroup along with any other error
messages received. Please use a appropriate subject line (including “System
Restore”) when creating the post.
Install the latest Service Pack (SP) for WindowsXP. SP1 (fixes the
locked files issue) and SP2 include bug fixes for System Restore that may
fix the problem.
From Windows Update
Order WindowsXP Service Pack 2 on CD
Download WindowsXP from Microsoft - 272mb’s
Confirm that the “Task Scheduler” and “System Restore Service” are
running:
Click Start, click Run, and then type cmd /k net start then press
enter. Check to make sure that the Task Scheduler and System Restore
Services are running.
To start the “Task Scheduler” Service.
Go to Start - Run and type Services.msc then press enter.
Double click on “Task Scheduler”.
Set ‘Startup type’ to Automatic then press Start and Wait for the
Service Control progress indicator to close.
Do the same if the “System Restore Service” was missing. Close the
Services window.
Confirm and make note of the amount of the Free Disk Space on all of
the drives System Restore is monitoring.
To check for Free Disk Space go to Start - Run and type diskmgmt.msc
then press enter. Look at each drive System Restore is monitoring for free
space.
If the free space on any partition system restore is monitoring falls
below 50MB, System Restore will SUSPEND & PURGE all restore points to free
up disk space. You should have already receive a low free disk space message
by now. System Restore will resume monitoring when free disk space reaches
200MB’s.
In most cases it is not necessary to have System Restore monitor
Partitions/drives other than the one Windows is installed on. System Restore
does not monitor data files. Monitored File Extensions.
How to disable a monitored drive in System Restore.
Adjust the Disk Space Used by System Restore. By default System
Restore will use 12% disk space for most size drives. With larger drives the
data store can get quite large, which has been know to cause problems in
System Restore. Setting the data store to just under 1GB should be adequate.
Click here for more System Restore Health tips. Note: Reducing the data
store size will purge the oldest restore points on a FIFO (first in first
out) bases and leave as many recent restore points as the new size will
allow.
Test System Restore to confirm it is functioning correctly.
Create a new restore point named TEST.
Create a new folder on the desktop an name it TEST.
Now restore to the Test restore point.
You will receive a message if the restore was successful, and the Test
folder on the desktop will be gone.
The above test can also be performed in Safe Mode.
If this fails, that would indicate there is a corrupt restore point
and all restore points should be purged.
How to purge the System Restore Store.
To do so Turn off System Restore follow these steps:
Click Start, right-click My Computer, and then click Properties.
Click the System Restore tab.
Put a check next to ‘Turn off System Restore on all drives’, then
click OK.
Click Yes when you receive the prompt to the turn off System Restore.
Reboot the system.
Turn System Restore back on by following the previous steps and
uncheck ‘Turn off System Restore on all drives’. A new restore point will be
automatically created at that time.
As suggested earlier it is not necessary to have System Restore
monitor Partitions/drives that Windows is not installed on.
Test System Restore as previously described.
If System Restore fails at this point, reinstall System Restore.
If all else fails perform a Repair Install.
Home
Support
FeedbackFeedback (antispam email encoder used)
Site Map
Site Last updated
Sunday, June 11, 2006
Start Date 2/27/05
View My Stats
Copyright © 2005 - 2006 Bert Kinney
View an image of the Event Viewer utility
Symantec Document ID:2005113009323013
Last Modified:12/01/2005
Message: "Restoration Incomplete . . . " when running Windows System
Restore
Situation:
You have installed a 2006 version of a Norton program, such as Norton
AntiVirus 2006, Norton Internet Security 2006, Norton Personal Firewall
2006, or Norton SystemWorks 2006. You run the Windows System Restore to
restore your computer to a previous point. When you do, you see the message:
"Restoration Incomplete. Your computer cannot be restored . . "
Solution:
To fix this problem, follow the steps in this section. You will
disable the Symantec Resource Protection feature, run Windows System Restore
again, and then turn on Symantec Resource Protection.
To turn off Symantec Resource Protection and run Windows System
Restore again
Start your Norton program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Miscellaneous.
In the right pane, uncheck Turn protection on for my Symantec protect.
Click OK.
Run Windows System Restore again.
When the system is restored, go on to the next section.
To turn on Symantec Resource Protection
Start your Norton program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Miscellaneous.
In the right pane, check Turn protection on for my Symantec protect.
Click OK.
You must repeat each of these procedures any time that you run Windows
System Restore.
Product(s): Norton AntiVirus 2006, Norton Internet Security 2006,
Norton SystemWorks 2006, SYMPROTECT
Operating System(s): Windows 2000, Windows XP
Date Created: 11/30/2005
Home
Support
FeedbackFeedback (antispam email encoder used)
Site Map
Site Last updated
Sunday, June 11, 2006
Start Date 2/27/05
View My Stats
Copyright © 2005 - 2006 Bert Kinney
How do I Test System Restore’s functionality?
Create a new restore point named TEST.
Create a new shortcut on the desktop and point it to My Computer or any
other file of your choice and name it TEST.
Now restore to the Test restore point.
The system will now reboot, and you will receive a message if the restore
was successful, and the Test shortcut on the desktop will be gone. If not,
follow these troubleshooting tips.
Note: This should be conducted on a regular basis. Once a month should do.
Or if the system has been subject to virus or malware/spyware infection but
only after the system has been fully cleaned.
