Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
A recent infection of a CPY file by a W32.Blackmal.E@mm (worm) virus has drawn my attention to the contents of C:\_Restore\TEMP\. I've been able to reduce the number of CPY files from 4000 to 4 by a VERY drawn out deletion procedure, starting from a bootfloppy's DOS prompt. But the folder is being repopulated. (How) Can that be prevented ?
I've already ticked 'disable system restore'; deleted Scheduled Tasks and UNticked PCHealth in MSConfig - what else can I do ?
Basty
Sebastian42, once you disabled restore, did you clean the infection prior to a reboot?
HTH.
Ed in Texas.
0 
I want you to delete _RESTORE entirely using the boot disk and the DOS command line in post #4 of your other thread. From the A:>prompt
c:\windows\command\deltree /y c:\_restore
And then I want you to switch off the machine completely for a few minutes and then restart and cold boot the machine and say if _RESTORE has been put back.
So make a mental note of where it is in Windows Explorer before you delete it.
And it's a very valid question from Ed in Texas.
0
Ed in Texas.
My early attemps to get rid of that worm failed, so I exploited a technique I have, of making a clone every week. The previous week's clone had not been infected - THAT is what I now use - the infected drive was cloned over afresh.
The point of the exercise for me is that those CPY files are apparently vulnerable, so since I don't need them, I would rather not have them. I am NOT after REPAIR, but PREVENTION.Basty
0
Viking
Thanks for your very explicit instructions.I did run that line of script, but have found \_Restore\ whenever I have looked for it (in Windows - in DOS it can be 'invisible')
I will try it again, and report if successful.
PS I don't think I ran it from the boot floppy, but from RUN in Windows ....Basty
0
The bottom line is, you are going to have to get rid of _RESTORE, for Windows to rebuild a new one, and to get it to function normally.
From there you can either leave system restore on by putting all the settings you've changed back and setting a maximum limit on it, or turn it off completely.
And you would need to use your ME startup disk (boot disk) to type that line in - I did exactly the same and tested it yesterday and deleted _RESTORE in ME, so I know it should work.
0
VIKING - Thanks for yout patience and perseverence - it worked as you predicted,
provided ALL your instructions were followed.You computing.NET guys (and gals) really ARE tops with your prompt, informed, helpful and gratis advice !
Basty
0
lol. Glad you got it sorted Sebastian.
Did you end up keeping system restore turned on (with a small limit) or off ?
0
You may have seen my post explaining I wanted
future protection, not a cure. In that, I out-lined that weekly I clone the contents of my Master HDD to 'the next one', then 'operate' that one - it means I am at most a week away from a HDD that worked well, should the current one develop faults. So I see NO use for Restore in my way of doing things. I have not changed the (ineffective) setting of 'Disable System Restore'.Basty
0
It does actually behave when you finally manage to turn it off, it does actually stay off (you don't get file fill-up). The only thing to watch for is if you use scheduled tasks, I've noticed that can trigger either restore or file fill-up again.
You aren't by any chance using the latest Ghost or Acronis True Image are you? If so, how do you find them/it.
0
I have checked various times - \_Restore\ has NOT returned. Presumably the same pesky CPY files are not being created in ANOTHER folder - I COULD search for them to make sure. I also have Scheduled Tasks turned off.
Ghost 2003 is simpe and adequate, so I don't bother looking further. An earlier Ghost could actually be left on the HDD, but this one has to be run from a floppy - that's OK.
For an altogether different situation, when I want to ghost (to) a partition, I use CasperXP - which offers far more options than Ghost.
Basty
0
Thanks, good to know. :)
I'm doing a mental survey in preparation for a specific domestic situation.
0  |
 need help my computer is ...
|
Browsers won't work!
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
