Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabling Windows XP System Restore to perform a full system scan


  • Please log in to reply
9 replies to this topic

#1 TM_Paul

TM_Paul

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:16 AM

Posted 23 October 2011 - 11:20 PM

I would just like to get some opinion about disabling system restore when doing a full system scan. I've read in many anti-virus sites and microsoft that system restore should be disabled to allow the anti-virus software to scan the infected (if infected)system properly. However, another source told me that I should not disable it in an event that the system crashes I cand still revert. Which should I believe in? Any feedbaks, would greatly be appreciated. Thanks in advance

Here are the list of site I've read for system restore disabling:

-MICROSOFT = http://support.microsoft.com/kb/q263455/
-MICROSOFT = http://support.microsoft.com/kb/831829
-ABOUT.COM = http://antivirus.about.com/od/windowsbasics/a/systemrestore.htm
-SYMANTEC = http://www.symantec.com/business/theme.jsp?themeid=full-system-scan
-TREND MICRO = http://about-threats.trendmicro.com/ArchiveVulnerability.aspx?language=us&name=DISABLING/ENABLING%20SYSTEM%20RESTORE
-MCaFEE = http://www.mcafee.com/us/downloads/free-tools/disabling-system-restore.aspx


"I'll be your silent gaurdian. A watchful protector. A dark knight..."


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 24 October 2011 - 02:20 PM

Did you notice that the first link you posted is a Microsoft KB article for Windows ME, not Windows XP?

I would not disable System Restore to perform a scan, I would rather use a Live CD from a AV company to perform an offline scan.
Are you familiar with AV Live CDs?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 24 October 2011 - 04:25 PM

I agree with Didier Stevens.

Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. If an incident renders your system problematic or unbootable, you can use System Restore to return it to a previous working state. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Disabling this feature could mean having to perform a repair install (or reformat in worst case scenarios) if you're unable to fix any problems which System Restore may be able to correct. Although System Restore is not always 100% guaranteed to work all the time, it at least gives you another option before resorting to more drastic measures.


Edited by quietman7, 24 October 2011 - 04:25 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 TM_Paul

TM_Paul
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:16 AM

Posted 25 October 2011 - 01:29 AM

Thank you for your comments. I will keep that in mind


"I'll be your silent gaurdian. A watchful protector. A dark knight..."


#5 TM_Paul

TM_Paul
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:16 AM

Posted 25 October 2011 - 01:38 AM

Did you notice that the first link you posted is a Microsoft KB article for Windows ME, not Windows XP?

I would not disable System Restore to perform a scan, I would rather use a Live CD from a AV company to perform an offline scan.
Are you familiar with AV Live CDs?


No sir I'm not. But thank you for sharing that with me. I googled already to get some idea and it way lot easier than wat I do :lol: Normally, when I get an infection and my system won't boot, I create a linux bootable using my Ubuntu that allows me to perform an offline scan on top the infected operating system.


"I'll be your silent gaurdian. A watchful protector. A dark knight..."


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 25 October 2011 - 03:59 AM

No sir I'm not. But thank you for sharing that with me. I googled already to get some idea and it way lot easier than wat I do :lol: Normally, when I get an infection and my system won't boot, I create a linux bootable using my Ubuntu that allows me to perform an offline scan on top the infected operating system.


Search also through the forums, quietman7 has posted lists of AV Live CDs before.
And I've made a video for F-Secure's Live CD:

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 25 October 2011 - 08:38 AM

That link is here: Anti-virus vendors that offer free LiveCD/Rescue CD utilities

I just updated it to include Didier Stevens' video for F-Secure Rescue CD.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 25 October 2011 - 09:29 AM

I just updated it to include Didier Stevens' video for F-Secure Rescue CD.


Thanks! :thumbup2:

And I'm bookmarking that link.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 TM_Paul

TM_Paul
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NABU
  • Local time:06:16 AM

Posted 26 October 2011 - 04:22 AM

That link is here: Anti-virus vendors that offer free LiveCD/Rescue CD utilities

I just updated it to include Didier Stevens' video for F-Secure Rescue CD.



Thank you as well, :thumbup2:


"I'll be your silent gaurdian. A watchful protector. A dark knight..."


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 26 October 2011 - 07:25 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users