Turn off system restore using WSH or command line

  • Thread starter Thread starter Mondy
  • Start date Start date
M

Mondy

Trying to deal with mydoom virus, and was wondering if
there was a way to turn off system restore from the
command line or using WSH or VB.
 
Hi Mondy,

To disable System Restore, follow these steps:
1) Click Start.
2) Right-click My Computer, and then click Properties.
3) Click the System Restore tab.
4) Select "Turn off System Restore" or "Turn off System Restore on all
drives" check box as shown in this illustration:
5) Click Apply.
6) If your computer prompts "Do you want to turn off system restore?",
Click Yes to do this. As noted in the message, this will delete all existing
restore points.
7) Click OK.

The System Restore tool will be disabled now.

For more information on the "My Doom" virus and the instructions to remove
the same, please refer and perform the instructions available in the links
given below:
http://us.mcafee.com/virusInfo/default.asp?id=mydoom


http://securityresponse.symantec.com/avcenter/venc/data/[email protected]


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.
R

For online virus scan, please visit the link given below:

http://housecall.trendmicro.com/housecall/start_corp.asp
 
Mondy,

Here you can find the WMI script [but on a per-drive basis]
http://support.microsoft.com/default.aspx?scid=KB;en-us;295299&#4

You may modify the code to include additional drives [if you are using it over a Network and all units have identical partitions setup].

--
Ramesh - Microsoft MVP
http://www.mvps.org/sramesh2k
-------------------------------------------
Prevent Spyware from being installed:
http://www.mvps.org/sramesh2k/Malware_Defence.htm
-------------------------------------------


Trying to deal with mydoom virus, and was wondering if
there was a way to turn off system restore from the
command line or using WSH or VB.
 
control system restore::

1) Turn Off (so, it should delete all system restore points) :
sc config srservice start= disabled
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f
net stop srservice

2) Turn On it:
sc config srservice start= Auto
net start srservice
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 0 /f
 
Back
Top