Jump to content

Restore from older backup is not overwriting registry

Guest FUBARinSFO

By Guest FUBARinSFO
in Windows 2003 Server

 Share

Recommended Posts

Guest FUBARinSFO

Guest FUBARinSFO

Posted
Posted

Hi:

 

I'm trying to roll back my Windows 2003 Server C:\ drive to an earlier

configuration, before the registry got contaminated and mangled. But

restoring the full .bkf, specifying overwite files, does not seem to

be overwriting the system registry files (among other files). There's

some trace in the .log report of access denied with SxS file

manifests, but nothing about failure to overwrite the registry files

themselves. I've unchecked "preserve existing volume mount points"

and specied always overwrite. I must be missing something pretty

basic here.

 

Is this an illegal operation under Windows 2003 Server? I would have

done it from either the Recovery Console or from ERD Commander 2005,

but I've been unable to run ntback.exe under either environment. I'm

afraid I don't have a clean environment here with which to overwrite

the exixting c:\WINDOWS directory tree. I can't boot in safe mode

(the SAFEBOOT registry branch having been delreted by a Win32/Bagle

variant, from which I am trying to recover). I tried applying the

backup over the wire under ERD Commander 2005 but that didn't appear

to work either (did not send the registry back to the ealier state).

 

Thank you for any light you can throw on this problem.

 

-- Roy Zider

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Restore from older backup is not overwriting registry

 

Personally I wouldn't trust the machine anymore but restore the backup to an

alternate location then replace the registry hive files via the recovery

console.

 

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"FUBARinSFO" wrote:

> Hi:

>

> I'm trying to roll back my Windows 2003 Server C:\ drive to an earlier

> configuration, before the registry got contaminated and mangled. But

> restoring the full .bkf, specifying overwite files, does not seem to

> be overwriting the system registry files (among other files). There's

> some trace in the .log report of access denied with SxS file

> manifests, but nothing about failure to overwrite the registry files

> themselves. I've unchecked "preserve existing volume mount points"

> and specied always overwrite. I must be missing something pretty

> basic here.

>

> Is this an illegal operation under Windows 2003 Server? I would have

> done it from either the Recovery Console or from ERD Commander 2005,

> but I've been unable to run ntback.exe under either environment. I'm

> afraid I don't have a clean environment here with which to overwrite

> the exixting c:\WINDOWS directory tree. I can't boot in safe mode

> (the SAFEBOOT registry branch having been delreted by a Win32/Bagle

> variant, from which I am trying to recover). I tried applying the

> backup over the wire under ERD Commander 2005 but that didn't appear

> to work either (did not send the registry back to the ealier state).

>

> Thank you for any light you can throw on this problem.

>

> -- Roy Zider

Guest FUBARinSFO

Guest FUBARinSFO

Posted
Posted

Re: Restore from older backup is not overwriting registry

 

Further to the first post:

 

It may be that my earler registry also had bad entries, from an even

earlier recovery from a Win32/Bagle worm variant. LEGACY_SROSA entries

are still in the registry, but the actual file srosa.sys is no longer

in c:\windows\system32\drivers. Neither is hldrrr.exe, another

element of the worm. But the SafeBoot branch is still empty, and the

system will not boot from safe mode.

 

So perhaps the restore did take place, but my month-older full backup

had bad entries as well. What would be most helpful, then, if someone

were to confirm that there is nothing special about the restore of the

systemroot in Windows 2003 Server using ntbackup.exe that I should

worry about that wouldn't be in the report log generated from the

backup itself.

 

Thank you in advance for your help.

 

-- Roy Zider

Guest FUBARinSFO

Guest FUBARinSFO

Posted
Posted

Re: Restore from older backup is not overwriting registry

 

Dave:

 

I came to the same conclusion last night. But since I don't appear to

have an old enough or good enough backup (which would contain the

replacemnt registry hive), I've got to rebuild it from scratch. So

bare metal install it is.

 

Thanks for the comment.

 

-- Roy Zider

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Restore from older backup is not overwriting registry

 

You're welcome.

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"FUBARinSFO" wrote:

> Dave:

>

> I came to the same conclusion last night. But since I don't appear to

> have an old enough or good enough backup (which would contain the

> replacemnt registry hive), I've got to rebuild it from scratch. So

> bare metal install it is.

>

> Thanks for the comment.

>

> -- Roy Zider

 Share
Go to topic listing
×
×
  • Create New...