Restore point, Windows XP

Discussion in 'Computer Information' started by Dave C., Dec 24, 2010.

  1. Dave C.

    Dave C. Guest

    What exactly does the restore point do? Does it purge the registry
    and replace it with the one from the restore point?

    For example, if I establish a restore point today. And, next week,
    say, I get hit with a FakeAV which puts rogue lines in the registry as
    well as install a rogue program on the hard disk that can't be easily
    removed.

    Does the "restore" place everything back to the restore date including
    removing the rogue program?

    I guess the other option would be to use ERUNT registry backup at the
    same time.

    These Fake AV have shown up recently around here quite a bit.

    Regards,

    Dave
     
    Dave C., Dec 24, 2010
    #1
    1. Advertising

  2. Dave C.

    Paul Guest

    Dave C. wrote:
    > What exactly does the restore point do? Does it purge the registry
    > and replace it with the one from the restore point?
    >
    > For example, if I establish a restore point today. And, next week,
    > say, I get hit with a FakeAV which puts rogue lines in the registry as
    > well as install a rogue program on the hard disk that can't be easily
    > removed.
    >
    > Does the "restore" place everything back to the restore date including
    > removing the rogue program?
    >
    > I guess the other option would be to use ERUNT registry backup at the
    > same time.
    >
    > These Fake AV have shown up recently around here quite a bit.
    >
    > Regards,
    >
    > Dave


    Any properly designed malware, attacks the restore points,
    so they contain the same infections as your current
    environment. Restore points aren't of much use to you,
    for repairing such damage.

    Restore points, are of more usage, for "trivial damage".
    Like, say you use a registry cleaner, and can no longer boot.
    The procedure for recovering from that, makes use of copies of the
    registry stored in restore points. That would be an example,
    of where they're golden. But against malware, very few
    things come with guarantees. Even if you had full backups,
    just the action of connecting a USB drive, can lead to a
    re-infection (Autorun). If malware is aggressive enough, at some
    point, you may have to "nuke your install" to get rid of it. It's
    even possible for malware to attack firmware devices in the
    computer - a well designed and targeted malware, is pretty
    nasty. The generic malware you normally get from the Internet,
    is a lot tamer by comparison (it's designed to work with as many
    different kinds of computers as possible, so doing firmware
    attacks is just, too much work).

    Paul
     
    Paul, Dec 24, 2010
    #2
    1. Advertising

  3. Dave C.

    Kele Guest

    Not once has restoring from a restore point (XP) been successful for me;
    always "cannot be completed..." error. Now I just disable that Service. On
    the Win7 computer, I tried to restore to a restore point once and had
    similar results. I will say that Win7's "System Image" works great. But,
    need a back-up drive to move the bulky files too first, because Imaging
    includes those large personal files/folders and could be over a dozen
    DVD-R's to Image the included personal files. Creating an image disc for
    the OS and installed programs only still fits on one DVD-R and if used will
    put everything back to the way the PC was when the Image disc was created.
    I was very impressed with Win7's System Image, not so with Restore Points.

    Paul, are you saying that "Restore Points" has everything to do with the
    registry? If so, then can I use a registry back-up created from a registry
    cleaner like CCleaner to restore the system? If true, the CCleaner's
    back-up would erase (undo) the malware damage? The last malware attacks
    I've gotten all seemed like the same one... All system Services are
    disabled and IE browser security changes. Malwarebytes finds the culprit
    even when my paid anti-virus subscription does not (Kaspersky, Norton, Panda
    have all failed me with this particular malware). It's a hassle putting
    everything back to the way it was before the attack. If I could use a
    CCleaner back-up as a pseudo restore point, that would be a time saver.


    -----------------------
    "Paul" <> wrote:

    Any properly designed malware, attacks the restore points,
    so they contain the same infections as your current
    environment. Restore points aren't of much use to you,
    for repairing such damage.

    Restore points, are of more usage, for "trivial damage".
    Like, say you use a registry cleaner, and can no longer boot.
    The procedure for recovering from that, makes use of copies of the
    registry stored in restore points. That would be an example,
    of where they're golden. But against malware, very few
    things come with guarantees. Even if you had full backups,
    just the action of connecting a USB drive, can lead to a
    re-infection (Autorun). If malware is aggressive enough, at some
    point, you may have to "nuke your install" to get rid of it. It's
    even possible for malware to attack firmware devices in the
    computer - a well designed and targeted malware, is pretty
    nasty. The generic malware you normally get from the Internet,
    is a lot tamer by comparison (it's designed to work with as many
    different kinds of computers as possible, so doing firmware
    attacks is just, too much work).

    Paul
     
    Kele, Dec 25, 2010
    #3
  4. Dave C.

    Paul Guest

    Kele wrote:
    > Not once has restoring from a restore point (XP) been successful for me;
    > always "cannot be completed..." error. Now I just disable that Service. On
    > the Win7 computer, I tried to restore to a restore point once and had
    > similar results. I will say that Win7's "System Image" works great. But,
    > need a back-up drive to move the bulky files too first, because Imaging
    > includes those large personal files/folders and could be over a dozen
    > DVD-R's to Image the included personal files. Creating an image disc for
    > the OS and installed programs only still fits on one DVD-R and if used will
    > put everything back to the way the PC was when the Image disc was created.
    > I was very impressed with Win7's System Image, not so with Restore Points.
    >
    > Paul, are you saying that "Restore Points" has everything to do with the
    > registry? If so, then can I use a registry back-up created from a registry
    > cleaner like CCleaner to restore the system? If true, the CCleaner's
    > back-up would erase (undo) the malware damage? The last malware attacks
    > I've gotten all seemed like the same one... All system Services are
    > disabled and IE browser security changes. Malwarebytes finds the culprit
    > even when my paid anti-virus subscription does not (Kaspersky, Norton, Panda
    > have all failed me with this particular malware). It's a hassle putting
    > everything back to the way it was before the attack. If I could use a
    > CCleaner back-up as a pseudo restore point, that would be a time saver.
    >
    >


    A Restore Point is more than just registry. When I look at the
    ones here, a lot of them seem to have copies of the registry
    in them. But other kinds of files are tracked as well. I've even
    had downloaded files tracked in there.

    I'm not a Restore Point expert. I know enough about them,
    to know they're the "option of last resort". For example, if
    my registry was damaged, and I couldn't boot the computer
    properly any more, my first priority would be securing my data
    files. Then, I could attempt to repair the damage. And a Restore
    Point may just return my registry to its original condition.
    (It's a two step process. First, you put back a copy of
    "empty" registry files, that are already on the computer.
    Those allow you to boot. Then, you use System Restore, to
    put back the "real" registry files. After a reboot, you're
    back to normal.)

    But because of the side effects of using Restore Points,
    their usage isn't always the best option. And the implementation
    leaves a bit to be desired. If you want a real "Restore", a
    full backup is a better option than a Restore Point. But if
    used with caution, they can be useful.

    http://www.wikinfo.org/index.php/System_Restore:_Limitations_and_Complications

    To give an example of when I use them, sometimes I need to
    experiment with my network settings. For example, the other
    day, I tried out ICS (Internet Connection Sharing), as I'd added
    a second network card. Now, in the past, some of the network
    experiments I've tried, have had side effects. Now, before I
    change my network settings, I set a Restore Point. I do the
    experiment. If I don't like the results, rather than trying
    to undo it via settings, I use the Restore Point instead. I
    find that works pretty well. But using a two month old restore
    point, to resolve an issue, would have too many unintended
    consequences, to be practical. Short time frames are usually
    the best, especially when you don't know all the details
    about what is backed up and what isn't.

    Paul
     
    Paul, Dec 25, 2010
    #4
  5. Dave C.

    GTS-NJ Guest

    "Dave C." <> wrote in message
    news:...
    > What exactly does the restore point do? Does it purge the registry
    > and replace it with the one from the restore point?
    >
    > For example, if I establish a restore point today. And, next week,
    > say, I get hit with a FakeAV which puts rogue lines in the registry as
    > well as install a rogue program on the hard disk that can't be easily
    > removed.
    >
    > Does the "restore" place everything back to the restore date including
    > removing the rogue program?
    >
    > I guess the other option would be to use ERUNT registry backup at the
    > same time.
    >
    > These Fake AV have shown up recently around here quite a bit.
    >
    > Regards,
    >
    > Dave


    System restore handles these items: registry, files in dllcache folder,
    local user profile, IIS, COM+ and WMI database
    Malware often infects the system restore repository. Additionally complex
    malware will often not be fixed this way (e.g may infect the boot sector,
    may reside in executables run at startup, etc.). Although system restore
    will sometimes work to recover from malware it is by no means certain and is
    not wise to rely on it.

    For the kind of protection you're seeking a full system backup is the
    solution. I'm partial to Acronis True Image but there are many options
    including some good free ones. This will protect against disk failure and
    other problems as well.
     
    GTS-NJ, Dec 25, 2010
    #5
  6. Dave C.

    Dave C. Guest

    On Dec 25, 2:55 pm, "GTS-NJ" <> wrote:
    > "Dave C." <> wrote in message
    >
    > news:...
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > > What exactly does the restore point do?  Does it purge the registry
    > > and replace it with the one from the restore point?

    >
    > > For example, if I establish a restore point today.  And, next week,
    > > say, I get hit with a FakeAV which puts rogue lines in the registry as
    > > well as install a rogue program on the hard disk that can't be easily
    > > removed.

    >
    > > Does the "restore" place everything back to the restore date including
    > > removing the rogue program?

    >
    > > I guess the other option would be to use ERUNT registry backup at the
    > > same time.

    >
    > > These Fake AV have shown up recently around here quite a bit.

    >
    > > Regards,

    >
    > > Dave

    >
    > System restore handles these items:  registry, files in dllcache folder,
    > local user profile, IIS, COM+ and WMI database
    > Malware often infects the system restore repository.  Additionally complex
    > malware will often not be fixed this way  (e.g may infect the boot sector,
    > may reside in executables run at startup, etc.).   Although system restore
    > will sometimes work to recover from malware it is by no means certain and is
    > not wise to rely on it.
    >
    > For the kind of protection you're seeking a full system backup is the
    > solution.  I'm partial to Acronis True Image but there are many options
    > including some good free ones.  This will protect against disk failure and
    > other problems as well.


    Thanks, plenty of information especially about Windows restore
    points. Sometime in the past, I tried restore with no success. These
    rogue FakeAV are quite insidious.

    Until recently, I was using Xxclone successfully but I think when I
    added SP3, it did not seem to work anymore.

    Does adding a wireless modem provide any general benefits? I was in a
    conversation where a comment was make about a wireless modem, which
    provides "WiFi" also is like a hardware firewall.

    Dave C.
     
    Dave C., Dec 27, 2010
    #6
  7. Dave C.

    Dave C. Guest

    On Dec 27, 9:43 am, "Dave C." <> wrote:
    > On Dec 25, 2:55 pm, "GTS-NJ" <> wrote:
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > > "Dave C." <> wrote in message

    >
    > >news:....

    >
    > > > What exactly does the restore point do?  Does it purge the registry
    > > > and replace it with the one from the restore point?

    >
    > > > For example, if I establish a restore point today.  And, next week,
    > > > say, I get hit with a FakeAV which puts rogue lines in the registry as
    > > > well as install a rogue program on the hard disk that can't be easily
    > > > removed.

    >
    > > > Does the "restore" place everything back to the restore date including
    > > > removing the rogue program?

    >
    > > > I guess the other option would be to use ERUNT registry backup at the
    > > > same time.

    >
    > > > These Fake AV have shown up recently around here quite a bit.

    >
    > > > Regards,

    >
    > > > Dave

    >
    > > System restore handles these items:  registry, files in dllcache folder,
    > > local user profile, IIS, COM+ and WMI database
    > > Malware often infects the system restore repository.  Additionally complex
    > > malware will often not be fixed this way  (e.g may infect the boot sector,
    > > may reside in executables run at startup, etc.).   Although system restore
    > > will sometimes work to recover from malware it is by no means certain and is
    > > not wise to rely on it.

    >
    > > For the kind of protection you're seeking a full system backup is the
    > > solution.  I'm partial to Acronis True Image but there are many options
    > > including some good free ones.  This will protect against disk failure and
    > > other problems as well.

    >
    > Thanks, plenty of information especially about Windows restore
    > points.  Sometime in the past, I tried restore with no success.  These
    > rogue FakeAV are quite insidious.
    >
    > Until recently, I was using Xxclone successfully but I think when I
    > added SP3, it did not seem to work anymore.
    >
    > Does adding a wireless modem provide any general benefits?  I was in a
    > conversation where a comment was make about a wireless modem, which
    > provides "WiFi" also is like a hardware firewall.
    >
    > Dave C.


    In my last post above, I meant a wireless router instead of wireless
    modem....probably the same thing.

    Dave C.
     
    Dave C., Dec 27, 2010
    #7
  8. Dave C.

    GTS-NJ Guest

    SNIP
    >>
    >> Does adding a wireless modem provide any general benefits? I was in a
    >> conversation where a comment was make about a wireless modem, which
    >> provides "WiFi" also is like a hardware firewall.
    >>
    >> Dave C.

    >
    > In my last post above, I meant a wireless router instead of wireless
    > modem....probably the same thing.
    >
    > Dave C.


    You're welcome.

    Actually, not the same thing though there are combined modem / routers. I
    guess you're directly connected to a cable or DSL modem? Using a router
    would provide some security benefit. As you say it is a "hardware firewall"
    type of protection.
     
    GTS-NJ, Dec 27, 2010
    #8
  9. Dave C.

    Dave C. Guest

    On Dec 27, 10:50 am, "GTS-NJ" <> wrote:
    > SNIP
    >
    >
    >
    > >> Does adding a wireless modem provide any general benefits?  I was in a
    > >> conversation where a comment was make about a wireless modem, which
    > >> provides "WiFi" also is like a hardware firewall.

    >
    > >> Dave C.

    >
    > > In my last post above, I meant a wireless router instead of wireless
    > > modem....probably the same thing.

    >
    > > Dave C.

    >
    > You're welcome.
    >
    > Actually, not the same thing though there are combined modem / routers.   I
    > guess you're directly connected to a cable or DSL modem?  Using a router
    > would provide some security benefit.  As you say it is a "hardware firewall"
    > type of protection.


    I am using a modem supplied by Comcast, and the device I was referring
    to was a wireless router. I personally would keep my desktop directly
    wired through the router. The only interest I have is to provide
    additional protection. Comcast provides Norton to its customers and I
    am happy with it so far.

    I am not sure exactly what I plan to do but I will give it some more
    thought as to what the benefits are.

    Best regards and have a HAPPY NEW YEAR.

    Dave
     
    Dave C., Dec 30, 2010
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NEMISIES

    Re: System Restore won't restore WinXP Pro

    NEMISIES, Jun 27, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    2,377
    NEMISIES
    Jun 27, 2003
  2. David Sudjiman
    Replies:
    0
    Views:
    1,108
    David Sudjiman
    Jun 8, 2006
  3. cgott

    Can't Restore Comp. from any Restore Point

    cgott, Sep 19, 2005, in forum: Computer Information
    Replies:
    3
    Views:
    803
    Brian
    Oct 1, 2005
  4. Larry Hale

    System restore will no longer restore

    Larry Hale, Mar 15, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    681
    Ron Martell
    Mar 16, 2006
  5. Jimi

    System Restore won't restore

    Jimi, May 16, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    588
    ronklem
    May 17, 2006
Loading...

Share This Page