Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA | Do you disable 'System Restore' and then do a virus-scan?
Is that how ideally a scan should be done, to make sure that the virus if found, dosent end up being restored upon rebooting the scanned pc? |
|
Elite
join:2002-10-03
Orange, CT
 ·Optimum Online
| For the most part, a well written scanning engine, which wouldn't be limited by NTFS permissions, should be able to scan System Volume Information without any problem.
Some shittier engines get a bunch of "Permission Denied" errors because they don't run as SYSTEM or use a better method of reading the disk.
I'd recommend disabling it for the hell of it.
Or you could tell us what apps you're using.
--
QUAD!!!! |
|
mozilla user
@rr.com
 from:
jaykaykay 
| reply to Shriyash
I never disable system restore, if there is a virus in there it can't hurt you unless you use system restore. I do the scan, if there was a virus, I let my AV take care of the virus. Then I would disable system restore and enable, a infected restore point is better than none at all. Same with spyware, get rid of the spyware, make sure your running up to par, disable and turn it back on. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| reply to Shriyash
First, System Restore points are not used at reboot.
Second, I have never seen an active malware infection use System Restore points as a locus. And, I have looked.
Third, in my opinion, the "Common Wisdom" to disable System Restore as part of a malware cleaning effort is one of the most pernicious computer myths on the Web. It is easy to find this recommendation from major antivirus vendors.
What are you going to do if the cleanup removes a file that is linked to the LSA area, without having removed the registry link in HKLM? The only thing between you and a fresh or in-place upgrade reinstallation is System Restore. Even the extreme measure of attempting to rebuild the registry is dependent on having System Restore points from which to harvest relatively curent hives.
Do not disable System Restore. You can use the Disk Cleanup tool when finished, and ask it under "More Options", System Restore, to remove all but the newest Restore Point.
I would much rather when my ocean liner goes down to use a Life Boat with holes in it, then having nothing at all.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest
| reply to Shriyash
said by Shriyash :Is that how ideally a scan should be done, to make sure that the virus if found, ... If you are really wanting to detect and remove trojans/viruses (malware); I would suggest booting from a BART-PE CD that has the scanners (anti-malware tools) on the CD.
--
Do yourself a favor, just say no to anything Windows. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
3 edits | reply to Elite
I was using Avast! boot-scan on an infected laptop, and a few virus entries came up infected in something like 'system_volume_information\restore,
so i was just thinking that means it is in the System Restore folders....orf course i dont really know that for sure, because im a novice at cleaning infected pc's.
I still have to do another 'boot scan' as it is called by Avast! on the laptop, and i just thought i will disable the system-restore thing and scan again to see what comes up.
Edit: i wasnt getting any permission denied entries, no. |
|
astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest
| reply to bcastner
said by bcastner :Do not disable System Restore. ... I would much rather when my ocean liner goes down to use a Life Boat with holes in it, then having nothing at all. Based on my experience with MS's "System Restore", I would not even get on that Ocean Liner. I have seen others here post similar comments about MS's "System Restore" being unreliable.
To each his own leaky dingy... 
--
Do yourself a favor, just say no to anything Windows. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to bcastner
said by bcastner :Third, in my opinion, the "Common Wisdom" to disable System Restore as part of a malware cleaning effort is one of the most pernicious computer myths on the Web. It is easy to find this recommendation from major antivirus vendors. yes i mean i see that being recommended by knowledgeable folks all the time,and so i thought it must be all right.  |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
2 edits | reply to bcastner
said by bcastner :First, System Restore points are not used at reboot. You mean the viruses/trojans CANT use System Restore to get their deleted entries back automatically?
Probably in some cases they do?
Because then it does sound silly to disable the 'system restore' function! What would be the point.
Edit: Perhaps i have misunderstood what System Restore actually means, and how and when it works...i will do some reading up on this pronto.
--
The Very Latest SOHO Images
»sohowww.nascom.nasa.gov/data/rea···ges.html
|
|
ZZZZZZZ
Premium
join:2001-05-27
PARADISE
| reply to Shriyash
I disabled system restore permanently years ago and installed this instead.
»www.larshederer.homepage.t-online.de/erunt/
but as stated already,SR doesn't come into play unless you actually use an infected restore point.
--
~~Get our troops home...now!!~~ |
|
starfish8
join:2004-06-30
| reply to astirusty
said by astirusty :said by bcastner :Do not disable System Restore. ... I would much rather when my ocean liner goes down to use a Life Boat with holes in it, then having nothing at all. Based on my experience with MS's "System Restore", I would not even get on that Ocean Liner. I have seen others here post similar comments about MS's "System Restore" being unreliable. To each his own leaky dingy... I believe that System Restore works better in Vista than XP because it is based on Shadow Copy technology. In XP System Restore watches for changes to a limited set of file extensions and makes copies when files are updated. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: | reply to astirusty
You misunderstood what I wrote.
I do not do a System Restore.
I harvest the registry hives from System Restore to use. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to Shriyash
said by Shriyash :Is that how ideally a scan should be done, to make sure that the virus if found, dosent end up being restored upon rebooting the scanned pc? Good grief, no. Suppose the scan finds something that's so bad you need to revert your system to an earlier date? Or suppose the scanner is so stupid as to delete something vital to OS operation? Then you carefully threw away the means by which you could recover, just before you might need it. |
|
yuutomo
The Wonder Kitter
Premium
join:2001-08-27
Missoula, MT | reply to Shriyash
I always disable system restore, cuts down the ways a virus/trojan/whatever can infect a system or reinfect.
system restore is a joke, and a bad one at that.
I manually backup my data, and I always reload my OS fresh. |
|
bcruze
join:2006-03-03
USA
·Windstream
| said by yuutomo :I always disable system restore, cuts down the ways a virus/trojan/whatever can infect a system or reinfect. system restore is a joke, and a bad one at that. I manually backup my data, and I always reload my OS fresh. 110%
im with this guy |
|
joako
Premium
join:2000-09-07
/dev/null | reply to Shriyash
I disable system restore period. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to ZZZZZZZ
said by ZZZZZZZ :...but as stated already,SR doesn't come into play unless you actually use an infected restore point. Thanks for clearing that up! Im more informed now then when i started this thread.
My motto is "If you dont know something, just ask! (or google)" |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Shriyash
All you ever wanted to know about System Restore:
»www.microsoft.com/technet/commun···faq.mspx
and "How antivirus software and System Restore work together"
»support.microsoft.com/default.as···ct=winxp
I always exclude System Volume Information from my AV scanners both real time and on demand. If you allow the AV scanner to rummage around in System Volume Information and it finds something like eicar and deletes it that causes invalidation of all restore points. So, when you need a restore point, you won't have it. It will be there but the computer will not be restored. I learned this the hard way. I had 90 restore points (the maximum) and I tried every one of them I was so desperate...none worked and they spanned a three month period. I later traced the problem to eicar that was in the most recent of the restore points and my antivirus found it and deleted it and that screwed up the restore point and all before it. As bcastner says a restore point with holes is far better than no restore point at all if you are facing disaster. I would use the restore point and then let my AV catch the virus.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Shriyash
Can't Update Windows after System Restore in Windows Update
New Vista PC
»www.microsoft.com/communities/ne···&m=1&p=1
Windows XP update and System Restore Errors
»www.winforums.com/showthread.php?t=4140
System Restore and Windows Update
What should I do after restoring my system to an earlier date?
1. After restoring a system to an earlier date all monitored files and
folders will be reverted back to that date.
2. Any type of application that requires regular updates, such as virus and
spyware applications may need to have there definitions updated.
3. Run Windows Update and MS Office Update, if installed
4. Any application installed after the restore point you are reverting to
may not function. What happens is, System Restore only removes monitored
files for the installed applications and the rest are left behind. This can
cause the application not to function. And in some cases, can also cause the
uninstall and reinstall process of the partially removed application to
fail. It is recommended to uninstall any applications that was installed
after the restore point you will be restoring to.
5. Application that were uninstalled will not be fully reinstalled in the
restore process because the installation may have contained unmonitored file
types. Monitored files from that installation will be restored. To remove
one of these partially installed application it may be necessary to
reinstall it, then uninstall it via add/remove programs in Control Panel.
»www.vistax64.com/vista-performan···ate.html
Bert Kinney MS-MVP Shell/User in my opinion knows more about System Restore than most and has all you want to know about all versions at his site.
System Restore then and now :
Data Integrity with Windows Vista:
Improvements:
»bertk.mvps.org/html/vista.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
*
A fun/friendly/informative forum for the mature elder crowd
»www.theover50goldengroup.net
|
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| reply to Shriyash
When you really need one, a restore point that was saved with a virus in it is better than no restore point at all.
Look at it this way: the lifetime is this
Time T-0. You get virus
Time T-1. You inadvertently save virus in restore point
Time T-2. You detect virus on live system
We assume you were happy that you could clean up your system at time T-2. If you then revert to the state of the system at time T-1, you've just gone backwards in time, and an immediate Antivirus run will remove your virus, it having had LESS time to do damage than previously.
Yes, you've just reinfected yourself. But you're not worse off than you were at point T-1 or T-2.
(Obviously, the ideal thing is not to get a virus in the first place, and/or not to screw up your system so you actually need the insurance of System Restore. But you can't guarantee those things, which is why we have the tools.) |
|
