Guest David H. Lipman Posted September 18, 2008 Posted September 18, 2008 Re: Can Zlob be removed by using a restore point? From: "rod" <pookiethai@NOSPAMiprimus.com.au> | Thanks David, understood. YW and Good Luck ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest Plato Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? rod wrote: > you cant remove trojans/viruses using system restore
Guest rod Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? OK. thanks "Plato" <|@|.|> wrote in message news:48d47d47$0$85713$bb4e3ad8@newscene.com... > rod wrote: >> > you cant remove trojans/viruses using system restore > >
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? From: "Plato" <|@|.|> | rod wrote: | you cant remove trojans/viruses using system restore That is a misleading statement. It is not a black and white issue. There are greay areas. While there are some viruses like Parite and Virut that can not be removed via a restoration from a System Restore point, there are others such as email borne viruses that can. Likewise with trojans. A RootKit or strongly embedded one can not be removed via a restoration from a System Restore point, but a simple Dialer or BHO can. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest DrTeeth Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? On Sat, 20 Sep 2008 18:52:37 +0800, "rod" <pookiethai@NOSPAMiprimus.com.au> wrote: >OK. thanks > > >"Plato" <|@|.|> wrote in message >news:48d47d47$0$85713$bb4e3ad8@newscene.com... >> rod wrote: >>> >> you cant remove trojans/viruses using system restore >> >> > Yes you can! Any files will not be deleted BUT the crap that autoloads it **will**l be gone. The virus/trojan will not be active and will not reinitialise. You can then delete their files. -- Cheers, DrT ** Stress - the condition brought about by having to ** resist the temptation to beat the living daylights ** out of someone who richly deserves it.
Guest Alias Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? David H. Lipman wrote: > From: "Plato" <|@|.|> > > | rod wrote: > > | you cant remove trojans/viruses using system restore > > > That is a misleading statement. > > It is not a black and white issue. There are greay areas. > > While there are some viruses like Parite and Virut that can not be removed via a > restoration from a System Restore point, there are others such as email borne viruses that > can. > > Likewise with trojans. > A RootKit or strongly embedded one can not be removed via a restoration from a System > Restore point, but a simple Dialer or BHO can. > First thing I do when cleaning an XP box is to disable system restore to flush out anything that might be lurking there. Alias
Guest DrTeeth Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? On Sat, 20 Sep 2008 14:28:17 +0200, Alias <iamalias@REMOVEgmail.com> wrote: >First thing I do when cleaning an XP box is to disable system restore to >flush out anything that might be lurking there. Why? Nothing can get out unless you let it. -- Cheers, DrT ** Stress - the condition brought about by having to ** resist the temptation to beat the living daylights ** out of someone who richly deserves it.
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? From: "Alias" <iamalias@REMOVEgmail.com> | First thing I do when cleaning an XP box is to disable system restore to | flush out anything that might be lurking there. | Alias I used to recommend that approach. However, through communication with peers and experience, I no longer suggest this as a first approach. The reason is the System Restore is a valuable fall-back position. If you remove malware and the OS becomes unstable or somehow corrupted, you can restore the PC to its previous (albeit infected) condition and then change the motive operandi in cleaning the system. After thorough examination and cleansing of the PC and you are greatly assured the system is clean and operating in a stable manner, then dump the System Restore cache. Reboot re-enable and then create a clean new restore point. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest Alias Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? DrTeeth wrote: > On Sat, 20 Sep 2008 14:28:17 +0200, Alias <iamalias@REMOVEgmail.com> > wrote: > >> First thing I do when cleaning an XP box is to disable system restore to >> flush out anything that might be lurking there. > > Why? Nothing can get out unless you let it. Yeah, sure, keep telling yourself that. Alias
Guest Alias Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? David H. Lipman wrote: > From: "Alias" <iamalias@REMOVEgmail.com> > > > | First thing I do when cleaning an XP box is to disable system restore to > | flush out anything that might be lurking there. > > | Alias > > I used to recommend that approach. > > However, through communication with peers and experience, I no longer suggest this as a > first approach. > > The reason is the System Restore is a valuable fall-back position. > > If you remove malware and the OS becomes unstable or somehow corrupted, you can restore > the PC to its previous (albeit infected) condition and then change the motive operandi in > cleaning the system. After thorough examination and cleansing of the PC and you are > greatly assured the system is clean and operating in a stable manner, then dump the System > Restore cache. Reboot re-enable and then create a clean new restore point. > If it gets to that point, I stop chasing ghosts and reinstall XP. Alias
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? From: "Alias" <iamalias@REMOVEgmail.com> | If it gets to that point, I stop chasing ghosts and reinstall XP. | Alias Well there is always the Cost-Benefit Analysis (CBA). However, the point is... Dumping the System restore cache should be the last item on the list, not the first. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest DrTeeth Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? On Sat, 20 Sep 2008 15:07:56 +0200, just as I was about to take a herb,Alias <iamalias@REMOVEgmail.com> disturbed my reverie and wrote: >Yeah, sure, keep telling yourself that. Instead of being sarcastic and infantile, why not post a like so that I can be proven wrong and actually learn something? -- Cheers, DrT ** Stress - the condition brought about by having to ** resist the temptation to beat the living daylights ** out of someone who richly deserves it.
Guest Alias Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? David H. Lipman wrote: > From: "Alias" <iamalias@REMOVEgmail.com> > > | If it gets to that point, I stop chasing ghosts and reinstall XP. > > | Alias > > Well there is always the Cost-Benefit Analysis (CBA). > > However, the point is... > Dumping the System restore cache should be the last item on the list, not the first. > Right. That way the blue meanies can keep raising their ugly heads out of SR even though you've nuked them in Normal, Safe Mode or a boot scan. Alias
Guest Alias Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? DrTeeth wrote: > On Sat, 20 Sep 2008 15:07:56 +0200, just as I was about to take a > herb,Alias <iamalias@REMOVEgmail.com> disturbed my reverie and wrote: > >> Yeah, sure, keep telling yourself that. > > Instead of being sarcastic and infantile, why not post a like so that > I can be proven wrong and actually learn something? How does one post "a like"? You can take my word for it or not. I am not going to do your research for you and I don't really care if you believe me or not. Alias
Guest Onsokumaru Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uGibxSyGJHA.456@TK2MSFTNGP06.phx.gbl... > From: "Alias" <iamalias@REMOVEgmail.com> > > | If it gets to that point, I stop chasing ghosts and reinstall XP. > > | Alias > > Well there is always the Cost-Benefit Analysis (CBA). > > And that would be to restore from the last known good backup that would take maybe an hour, (depending on machine specs of course).
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? From: "Alias" <iamalias@REMOVEgmail.com> | David H. Lipman wrote: >> From: "Alias" <iamalias@REMOVEgmail.com> >> | If it gets to that point, I stop chasing ghosts and reinstall XP. >> | Alias >> Well there is always the Cost-Benefit Analysis (CBA). >> However, the point is... >> Dumping the System restore cache should be the last item on the list, not the first. | Right. That way the blue meanies can keep raising their ugly heads out | of SR even though you've nuked them in Normal, Safe Mode or a boot scan. | Alias Nope, not true. The System Restore cache is akin to a quarantine. Please provide any facts (i.e., URLs) to any malware that actually runs from the System Restore cache. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest David H. Lipman Posted September 20, 2008 Posted September 20, 2008 Re: Can Zlob be removed by using a restore point? From: "Onsokumaru" <onsok-sama@ninja.village.jp> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:uGibxSyGJHA.456@TK2MSFTNGP06.phx.gbl... >> From: "Alias" <iamalias@REMOVEgmail.com> >> | If it gets to that point, I stop chasing ghosts and reinstall XP. >> | Alias >> Well there is always the Cost-Benefit Analysis (CBA). | And that would be to restore from the last known good backup that would take | maybe an hour, (depending on machine specs of course). No, the last know good backup is only for system related boot files and that doesn't keep a cronological history and it too can be loaded infected. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest Frank-FL Posted September 21, 2008 Posted September 21, 2008 Re: Can Zlob be removed by using a restore point? "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:OsZBsFyGJHA.3640@TK2MSFTNGP04.phx.gbl... > From: "Alias" <iamalias@REMOVEgmail.com> > > > | First thing I do when cleaning an XP box is to disable system restore to > | flush out anything that might be lurking there. > > | Alias > > I used to recommend that approach. > > However, through communication with peers and experience, I no longer suggest this as a > first approach. > > The reason is the System Restore is a valuable fall-back position. > > If you remove malware and the OS becomes unstable or somehow corrupted, you can restore > the PC to its previous (albeit infected) condition and then change the motive operandi in > cleaning the system. After thorough examination and cleansing of the PC and you are > greatly assured the system is clean and operating in a stable manner, then dump the System > Restore cache. Reboot re-enable and then create a clean new restore point. I don't really see windows system restore as an asset to use at any time. I use ESATA drives for complete system backups. I just happen to us acronis. I boot into linux using the acronis back up and restore CD. This will delete the infected partition, reformat and install the clean backup. No Rube Goldberg procedures.
Guest rod Posted September 21, 2008 Posted September 21, 2008 Re: Can Zlob be removed by using a restore point? Interesting, So how long would a typical acronis backup like this take? "Frank-FL" <bbunny@bqik.net> I don't really see windows system restore as an asset to use at any time. I use ESATA drives for complete system backups. I just happen to us acronis. I boot into linux using the acronis back up and restore CD. This will delete the infected partition, reformat and install the clean backup. No Rube Goldberg procedures.
Guest DrTeeth Posted September 21, 2008 Posted September 21, 2008 Re: Can Zlob be removed by using a restore point? On Sat, 20 Sep 2008 15:29:38 -0400, just as I was about to take a herb,"David H. Lipman" <DLipman~nospam~@Verizon.Net> disturbed my reverie and wrote: >Nope, not true. The System Restore cache is akin to a quarantine. I've already asked him to do that but the schmuck refused...quel surprise! He's kerplunked anyway. -- Cheers, DrT ** Stress - the condition brought about by having to ** resist the temptation to beat the living daylights ** out of someone who richly deserves it.
Guest Frank-FL Posted September 22, 2008 Posted September 22, 2008 Re: Can Zlob be removed by using a restore point? Size matters. Twenty to forty minutes on the initial backup. Ten to twenty minutes on the incremental. "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message news:ei9KyZ9GJHA.740@TK2MSFTNGP03.phx.gbl... > Interesting, > So how long would a typical acronis backup like this take? > > > "Frank-FL" <bbunny@bqik.net> > I don't really see windows system restore as an asset to use at any time. I > use ESATA > drives for complete system backups. I just happen to us acronis. I boot > into linux > using the acronis back up and restore CD. This will delete the infected > partition, reformat > and install the clean backup. No Rube Goldberg procedures.
Guest rod Posted September 22, 2008 Posted September 22, 2008 Re: Can Zlob be removed by using a restore point? Thanks, I have a fairly lean machine, My big chunk 25Gb image database I backup seperately. I went shopping for a "see through" scanner today and bumped into Acronis in the shop $69 I think I'll go for it. "Frank-FL" Size matters. Twenty to forty minutes on the initial backup. Ten to twenty minutes on the incremental. "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message news:ei9KyZ9GJHA.740@TK2MSFTNGP03.phx.gbl... > Interesting, > So how long would a typical acronis backup like this take? > > > "Frank-FL" <bbunny@bqik.net> > I don't really see windows system restore as an asset to use at any time. > I > use ESATA > drives for complete system backups. I just happen to us acronis. I boot > into linux > using the acronis back up and restore CD. This will delete the infected > partition, reformat > and install the clean backup. No Rube Goldberg procedures.
Recommended Posts