Malware found in _restore

[Guest]

Hi,

I am wondering if there's any way to clean malware found in the _restore
directories, without disabling system restore feature in XP (and losing
all restore points).

I realize it's probably not hurting anything, but if it shows up on
scans it's annoying.

Engel: before you reply, if someone searches for the word "update" and
your answer only has the word "updªte", I don't think your message will
yield a hit, will it?

 

[Guest]

Hello SF.

To delete all but the latest restore point on your machine by using the disk
cleanup utility: Go to 'Start > All Programs > Accessories > System Tools >
Disk Cleanup'. Click on Disk Cleanup and click the more options tab and then
click 'Clean up' in the System Restore box.

Have you try to use updªte in the Search For: box? Try and see what happen.

Good luck

 

[Bill Sanderson MVP]

Engel has posted the advice I would have--use the cleanup options.

--

Hi,

I am wondering if there's any way to clean malware found in the _restore
directories, without disabling system restore feature in XP (and losing
all restore points).

I realize it's probably not hurting anything, but if it shows up on
scans it's annoying.

Engel: before you reply, if someone searches for the word "update" and
your answer only has the word "updªte", I don't think your message will
yield a hit, will it?

 

[Guest]

The accepted theory is that Restore Points are a unit and that if you remove
something from the RP it becomes invalid.

The only way to test this would be to go into a restore point and remove
some files and try to Roll Back to that day and see what happens. I would
Not recommend testing this.

The safest procedure is to throughly scan your dirve with all the tools you
trust.
If everything comes up clean Except for the RP in question turn off System
Restore and then turn it back on again. I would not recommend doing this
till a least a week has past since any "significant" changes to your system
have occurred (eg, Patch Tuesday, the installing of new programs, etc.). As
long as you don't need to roll back to the date of the RP in question you
should be okay.

If you are feeling really geeky and know everything you need to about
editing the registry you could shorten the amount of "time" that the System
Restore Utility keeps it's files. The default is 90 days which is crazy. I
have mine set to 35 so I am covered from Patch Tuesday of one Month to Patch
Tuesday of the next. I also have discovered that this is an easier way of
dealing with RPs than to worry about size or space. After 35 days they are
gone not matter what the assigned space it set to. You never really want to
go back more than 2 or 3 weeks any way.

Tim
Geek w/o Portfolio
Tantum suspiciosissimi supersunt

 

[Guest]

Spamfighter,
Engel is correct (as usual
This method would maintain your "Last" restore point.

?
Tim

 

[Guest]

Hello SF.

To delete all but the latest restore point on your machine by using thedisk
cleanup utility: Go to 'Start > All Programs > Accessories > System Tools >
Disk Cleanup'. Click on Disk Cleanup and click the more options tab andthen
click 'Clean up' in the System Restore box.

Thanks for the pointer.

Have you try to use updªte in the Search For: box? Try and see what happen.

Curiously, Thunderbird won't find anything when I search in this
newsgroup... I don't access via the web interface. Anyway, my point is
just that a user would have to *guess* your wonderful spellings to find
your wonderful answers.

 

[Kayman]

Tim wrote:
"...editing the registry you could shorten the amount of "time" that the
System Restore Utility keeps it's files."

How do you that, please?

Cheers............................Kayman.