1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Windows Restore re-enabled without my knowledge?

Discussion in 'Windows XP' started by RASelkirk, 2007/12/10.

  1. 2007/12/10
    RASelkirk

    RASelkirk Inactive Thread Starter

    Joined:
    2003/01/01
    Messages:
    139
    Likes Received:
    0
    Hi All,

    My AVG just found a few trojans hiding in my (hidden) "C:\System Volume Information" folder. I distinctly remember turning off Windows Restore a long time ago, but it's now (somehow) turned on? I turned it off again, and all files were removed except "MountPointManagerRemoteDatabase" and "tracking.log "...

    Is this the result of these virii? I mean, can running an external file turn on system restore? I do know that running certain programs (like registry backups and driver installs) will create restore points, could that be what happened? Is this something I need to check on a regular basis?

    Thanks!

    Russ
     
    RASelkirk,
    #1
  2. 2007/12/10
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hi Russ,

    I've experienced SR turning on for external dives even though disabled SR for them but never for internal drives.

    I can't tell you for certian having always had SR enabled for OS partitions, but I did experince SR turned on for the inactive OS partition (in a dual boot) when I modified the registry one time for the active one - supprised me :eek:

    You can delete what's left in Sys vol folder - if you can :) Windows may argue.
     
    charlesvar,
    #2


  3. to hide this advert.

  4. 2007/12/10
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    I'm backing up my system using Ghost and have not only disabled SR for all drives but also disabled the SR Service. It never gets back.

    I don't think that Windows will let you delete whatever is left in the SVI folder. You will have to take ownership of the folder and I'm not sure how that is done. (I have read about it but never done it.)

    Christer
     
    Christer,
    #3
  5. 2007/12/10
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hi Christer,

    I've done it - for the non OS partitions. I think it can be done as long as it's not the folder being deleted but the contents.
     
    charlesvar,
    #4
  6. 2007/12/10
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    Hi Charles!

    I get an access denied message as soon as I click to view the contents and that's true for all drives.

    That may be due to different settings regarding file sharing and such.

    Christer
     
    Christer,
    #5
  7. 2007/12/10
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    Christer,
    #6
  8. 2007/12/10
    RASelkirk

    RASelkirk Inactive Thread Starter

    Joined:
    2003/01/01
    Messages:
    139
    Likes Received:
    0
    I previously added full access for myself (Admin) under security so I could see what was in the folder. Then turned off SR (again) and all the files went away except for two fore-mentioned files. Disabled SR service and will continue to monitor this situation.

    Thanks!

    Russ
     
    RASelkirk,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...