Why doesn't Windows "System Restore" work?

[KasinoKing]

You may have seen my other thread about malware I'm trying to get off my laptop...

Well anyway, I'm trying to do a System Restore as the final part of my latest clean-up attempt - but I'm having a problem (which I have had before - so I think it's not related to this virus).
I have now tried two dates: 3 days ago & 4 days ago - but both times my computer restarts and just says "Cannot restore to that date"
WHY THE HELL NOT???

Anyone know why and what to do about this?

Thanks again!
KK

PS: It's Windows XP Professional.

 

[Tirilej]

Probably because there is nothing saved for those days. Maybe you don't have your setting so it automaticly save restoredates.
I don't know. I have had that problem earlier too, and that time it was a virus that stopped me from going back.

HiJack this, have you tried that?

You do not have permission to view link Log in or register now.

 

[Mousey]

I'm not much help with these things, KK. Damn... and I posted about Reveton last month. Did you get it in a drive by? I'll go look the other thread. If you have subscribed/purchased/legit antivirus installed, I would contact their support immediately. Usually simply restoring back to previous will not take care of the infection. And the longer the malware is resident, the deeper it can burrow into your system.

Here's is a legit help site and forum... ...

You do not have permission to view link Log in or register now.

This is a good link to save to Favorites.

Here's

You do not have permission to view link Log in or register now.

.

Good luck.

 

[anniemac]

I had to do another system restore on mine last night and I get the same message that it didn't work but then it will fiddle around a minute and then tell me it did and sure enough, it did.

Bought one more time of this and mine's going back to the store.

 

[max1mike]

run system restore in safe mode. the malware is running and interferring with the restore.

 

[Mousey]

I had to do another system restore on mine last night and I get the same message that it didn't work but then it will fiddle around a minute and then tell me it did and sure enough, it did.

Bought one more time of this and mine's going back to the store.

I was reading last week about many new

You do not have permission to view link Log in or register now.

(specifically botware). Who's to say the parts installed (which most are made in China) on our new computers can't arrive infected as well. But then I'm kinda paranoid about malware. LOL

Good luck with yours. I wouldn't fight with it too much if you have the option to take it back for repair/replace.

 

[KasinoKing]

Probably because there is nothing saved for those days. Maybe you don't have your setting so it automatically save restoredates.

It only lets you even start the process if there is something saved, doesn't it?
Anyway - yes I was trying to restore to a confirmed back-up point. Tried about 7 or 8 dates in the end - and NONE worked.

run system restore in safe mode. the malware is running and interferring with the restore.

I was doing it in safe mode - no choice there as the virus completely disables your computer in normal mode.

KK

 

[rockycatt]

back up what is important and use the CD that came with the PC/lap top and start a complete restore from scratch the cd that came with the computer has the goods on it it should prompt you through its wizard

just a suggestion R C

PS you may already know about this

 

[ksech]

It will allow you to TRY to restore every time it has done one of it's update things, that's why you get a restore point. It may not be a good restore point though ( I once had to go back 9 months before I found a usable restore point...very frustrating!!!). Even if you CAN restore your computer, you still need to REMOVE the malware as it will just place itself in a different file/folder on reboot.

If you know the name of the malware do a search of all files/folders on all drives on your computer. You OS is XP correct?

Place cursor on start--> click on search...select all files/folders...in box type in name of malware

Hope this helps!

Kim

 

[Seventh777]

Windows XP Pro will have the recovery console installed, if you have set this up correctly it will be an option when you boot up, if not you can still use it via your XP Disc, in bios set CD-ROM to boot 1st, when the disc loads you will have the normal options, select recovery console (it`s like a command prompt window)

You will need to type in the following commands in bold; press the Enter key at the end of each line:

cd \
(the prompt should now be C:\>)
cd system~1\_resto~1
dir
You will now get a listing of all the restore points, with names like rp1, rp2, etc. You will need to use the one second from last.
cd rpx (where x is the number of the restore point we are using, if you have 50 restore points, type in cd rp49)
cd snapshot
copy _registry_machine_sam \windows\system32\config\sam
copy _registry_machine_security \windows\system32\config\security
copy _registry_machine_software \windows\system32\config\software
copy _registry_machine_system \windows\system32\config\system
copy _registry_user_.default \windows\system32\config\default
exit

Hope this helps .

If this fails there are still some options left, running virus scanners from recovery console or installing a fresh windows XP on a partition, boot up and remove the malware virus from the infected partition using your new drive, once this is done, reboot and format your partition.

 

[P.V.]

Search Engine Redirect Virus

Thank goodness for system restore! Last night when searching Google, when clicking different site links some type of virus kept redirecting me to gambling sites.

Nodepositxxxxxx, betfromxxxx, slotxxx among others. It was a persistent fart but once again by going into safe mode with networking and then doing a system restore alls good so far.

Anyone with problems need to keep in mind that these resurfacing viruses disable system restore in normal mode and it will continue to tell you the restore point failed.

Reboot your computer while pressing the F8 key and enter safe mode with networking. Find system restore and find a date where your computer worked fine and most of the time you're good to go.

I do wonder what the connection is to these OC's with this redirect virus?

BTW - It was happening on Yahoo too, so other engines are compromised and not just Google.

 

[universal4]

Many of the most destructive and damaging virus affect explorer.exe.

This means that going in to safe mode, will NOT help.

If it happens to be that situation, ONLY "Safe Mode Command Prompt" will help since it is the only safe mode that does not load explorer.

Rick

 

[Seventh777]

The more hard core viruses will write themselves into the directory and infest system restore files, memory dwellers are a whole new ball game as these become active as soon as BIOS does it`s memory check, thus loading before windows loads and in most cases will still go unchecked by such rigorous security suites like Hijack-This etc.

Script kiddies get more creative as time goes by and always have the edge on any security suites out there, certain viruses upon their discovery that write themselves to directory, will have these directory entries on show at various security software suppliers home pages, when this is done the virus creators change the directory entries, I just can`t believe that these mostly teenagers can constantly code script, that in due course rips through billions of dollars worth and years of research state of the art security software including Microsoft`s built in stuff, without so much as breaking a sweat.

$64,000 question time - Why don`t security suites and the behind the scene`s built in Microsoft security software like Dr Watson etcetera block any changes to the directory until we have authorised the changes?, it really is this simple, every single virus out there has to make some changes to the directory as to be executed for it to do it`s dirty work.

The reason these viruses constantly beat the system is their ability to register directory entries without even being asked `Why?`. It`s akin to banks having the best security systems out there, but - leaving the safes open and the doors unlocked.

 

[vinylweatherman]

The more hard core viruses will write themselves into the directory and infest system restore files, memory dwellers are a whole new ball game as these become active as soon as BIOS does it`s memory check, thus loading before windows loads and in most cases will still go unchecked by such rigorous security suites like Hijack-This etc.

Script kiddies get more creative as time goes by and always have the edge on any security suites out there, certain viruses upon their discovery that write themselves to directory, will have these directory entries on show at various security software suppliers home pages, when this is done the virus creators change the directory entries, I just can`t believe that these mostly teenagers can constantly code script, that in due course rips through billions of dollars worth and years of research state of the art security software including Microsoft`s built in stuff, without so much as breaking a sweat.
$64,000 question time - Why don`t security suites and the behind the scene`s built in Microsoft security software like Dr Watson etcetera block any changes to the directory until we have authorised the changes?, it really is this simple, every single virus out there has to make some changes to the directory as to be executed for it to do it`s dirty work.

The reason these viruses constantly beat the system is their ability to register directory entries without even being asked `Why?`. It`s akin to banks having the best security systems out there, but - leaving the safes open and the doors unlocked.

I can


A small group of students "ripped through" the security of the new Norsk Data N100 that the university had put in during 1980, one of the first mainframes to use video interactive terminals as opposed to paper teletype machines. Of course the aims were different, access to the games, both the demos included with the machine, and those written by the students.

Nothing they did managed to wipe the games off the system, not even the big purge during the long summer break of 1981

 

[Seventh777]

I can


A small group of students "ripped through" the security of the new Norsk Data N100 that the university had put in during 1980, one of the first mainframes to use video interactive terminals as opposed to paper teletype machines. Of course the aims were different, access to the games, both the demos included with the machine, and those written by the students.

Nothing they did managed to wipe the games off the system, not even the big purge during the long summer break of 1981

And how old was the creator of the very 1st virus back in 82 iirc? .