Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore in Windows XP


  • Please log in to reply
6 replies to this topic

#1 jazzwineman

jazzwineman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 06 July 2013 - 02:11 PM

I am really surprised with all of your knowledge that one of your defaults is to reset to active the system restore in Windows XP. You well know it is the briar patch for the virus rabbits that are looking for a place to hide and function. None of the major virus scanners will scan that area and most if not all tell you to disable to scan anyway. It is a substantial security risk and rarely works well in XP.

 

Tom in Dallas


Edited by hamluis, 07 July 2013 - 06:54 PM.
Moved from XP to AV, Firewall, etc. - Hamluis.


BC AdBot (Login to Remove)

 


#2 JHMcG

JHMcG

  • Members
  • 242 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 July 2013 - 05:59 PM

See : http://www.bleepingcomputer.com/forums/t/498215/system-restore/

And that will show you how to allow your A/V software to access the "System Volume Information" files in XP.

#3 jazzwineman

jazzwineman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 07 July 2013 - 06:49 PM

See : http://www.bleepingcomputer.com/forums/t/498215/system-restore/

And that will show you how to allow your A/V software to access the "System Volume Information" files in XP.

 Why are you sending me to this link. I have been a MCSE and MCITP and manage some 3500 computers. I know how to turn system restore on and off. I am not trying to be rude, but my question was why did Combofix, in windows xp , want to re-enable a part of the system that virus creators know is not normally scanned by AV software and as such is a huge security venerability??

 

Tom in Dallas


Edited by jazzwineman, 07 July 2013 - 06:50 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 PM

Posted 07 July 2013 - 08:26 PM

JHMcG may have misunderstood your initial question as it related to the topic title. I did until I read your second reply which clarified your question.

Many of us do not recommend disabling System Restore as the first step when attempting to clean a system or when scanning for malware. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice.ComboFix attempts to create a new System Restore point as an added safety net. There is always the possibility of something going awry during the malware removal process and you can end up with more serious problems than the original infection. If restore points are available, you can use System Restore to return the computer to a previous working state and hopefully regain some stability. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Although System Restore is not always 100% guaranteed to work all the time and it may restore some malware, it at least gives you another option before resorting to more drastic measures.

ComboFix /Uninstall resets System Restore...clears the System Restore cache to prevent possible reinfection and creates a new Restore point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jazzwineman

jazzwineman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 07 July 2013 - 09:35 PM

JHMcG may have misunderstood your initial question as it related to the topic title. I did until I read your second reply which clarified your question.

Many of us do not recommend disabling System Restore as the first step when attempting to clean a system or when scanning for malware. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice.

ComboFix attempts to create a new System Restore point as an added safety net. There is always the possibility of something going awry during the malware removal process and you can end up with more serious problems than the original infection. If restore points are available, you can use System Restore to return the computer to a previous working state and hopefully regain some stability. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Although System Restore is not always 100% guaranteed to work all the time and it may restore some malware, it at least gives you another option before resorting to more drastic measures.

ComboFix /Uninstall resets System Restore...clears the System Restore cache to prevent possible reinfection and creates a new Restore point.

I know that Combo resets and I am specifically relating this to XP, the system restore as well as the silly and fairly useless firewall and security center in XP and you may have to  do that to get it to work properly in  other systems and that is fine. However, I have found that always as a standard precaution in XP always turn off in the beginning: system restore, security center and firewall. I cannot tell you how many virus and related problems I have found in xp system restore and in extensive testing with the firewall, I have found that it seems to never block anything but programs that someone legitimately tries to install and then they are lost and know not what to do and thus more ground base -5 type work has to be done by me. The security center wants to nag someone about windows update and thinks the most important thing on the planet is to download more nonsense from Microsoft that really does not download everything they need, tie up a network bandwidth and have nag screens all over the place when they are trying to get their work done. I would rather script out an update when the network is not in use. The Win 7 and above firewall and system restore is far superior and anyone stuck with Vista is just that- stuck.

 

If you can’t tell, I am a Mac Unix/Linux user personally and never have this junk on my computer or these type computer problems.

 

Tom



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 PM

Posted 08 July 2013 - 07:11 AM

I agree with you in regards to the XP Firewall...but fortunately many of us are beyond that now with Windows 7 and 8 Firewall. I also agree that malware hides itself in System Restore points which is the reason we purge system restore after malware disinfection. As I said doing so beforehand eliminates that safety net if something goes awry and the system becomes unstable. If System Restore works and even if it restores whatever malware it was holding, we can then deal with it again but at least have a more stable system on which to run our tools.

The majority of our members here are novice Microsoft Windows user's. We still provide assistance for those requesting help with Windows 95/98/ME/2000.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ranchhand_

ranchhand_

  • Members
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:01:45 PM

Posted 08 July 2013 - 07:27 AM

What Quietman said. Most advanced users have no need of this forum, but it's  a godsend to Joe Average who only wants to get what he wants done on his computer and go to work because he has a family to support.  System Restore, even in XP, is a valuable backup resource compared to not having a computer that boots. Unfortunately, Microsoft and commercial manufacturers no longer supply OEM system disks for retail units so that prevents a repair reinstall. If Joe Average uses the restore partition that they supply, he loses all his programs and data. So the American consumer gets screwed again by manufacturers with the blessing of our government who lets them get away with this.


Edited by ranchhand_, 08 July 2013 - 07:28 AM.

Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users