Computer Hope
Microsoft => Microsoft Windows => Windows Vista and 7 => Topic started by: spiderlucci on January 19, 2009, 07:10:33 PM
-
hi guys, I'm studying for the 70-620 exam and on one of the questions it said:
Your Windows Vista computer has been hit by a virus. The damage is localized to a particular application that you installed a week ago. You want to return the computer to the state it was in prior to the installation of the application. Which of the following techniques could you employ?
The correct answer was: Boot off the installation media and perform a system restore.
I always thought the virus would still be there.... however in the pass when i got hit with one and try this way, just for giggles... it seem to work.
could there be a error in this book ???
it is called MCTS exam 70-620 Configuring Windows Vista Client by lan McLean and Orin Thomas
Thanks again! spider :)
-
Defiantly not the best way to go about doing it that's for sure.
-
give the parameters, that would make sense. It says the infection was localized to an application- so it would work.
-
I think, it's wrong....twice.
First of all, System Restore deals with system files only, not with application files, so System Restore won't uninstall application in question. Most likely, System Restore will make the program un-usable, because during installation some files will be installed into system directory, and those will be missing after using System Restore.
However, most other files from the application in question will remain in tact.
Secondly, I've never seen any malware, which "is localized to a particular application". Unless, it was written by really lousy malware creator.
In general, System Restore, in 99% cases, won't remove an infection
-
I think the second part would be hard to establish anyway. How could anybody be sure it was localized to that particular application?
-
It's possible...
(http://www.wearebsm.com/managed_objects/crystal_ball2_bmwPreview.jpg)
-
It's possible...
(http://www.wearebsm.com/managed_objects/crystal_ball2_bmwPreview.jpg)
true, but not everybody is a Gypsy. Although I've heard you can rent them through "Rent-a-Gypsy" and even buy them at "Gypsies-r-us".
-
not everybody is a Gypsy
You don't have to be.
I'm Polish, and I have one.
Also, patio, who is Korean (as we found out, lately), has one, too ;D
-
not everybody is a Gypsy
You don't have to be.
I'm Polish, and I have one.
Also, patio, who is Korean (as we found out, lately), has one, too ;D
do you rent or own?
that gypsy, you psychic...
-
I bought one, long, long time ago.
When I was a little, and I was misbehaving, my parents were scaring me with a Gypsy lady. One day she came, and I made a deal with her. I paid her well for one of her crystal balls, and she left me alone ;D
-
hi guys, I'm studying for the 70-620 exam and on one of the questions it said:
Your Windows Vista computer has been hit by a virus.
The damage is localized to a particular application that
you installed a week ago. You want to return the computer
to the state it was in prior to the installation of the application.
Which of the following techniques could you employ?
The correct answer was:
Boot off the installation media and perform a system restore.
The answer in the book is the answer in the book and the book is about the
70-620 exam and the objective is to pass the exam even it you never learn anything. ;)
Besides, the answer given is appropriate to the stipulations of the question.
If you think the answer is wrong, then the question must be wrong.
-
funny just had this argument the book is the right first step and it does remove applications as well. ;)
-
I've had experience with System Restore uninstalling programs installed since the restore point.
-
yeah well did mean to annoy any one with my other blog. i system restored yesterday after getting a false scan virus for ivpro.exe and virus is now gone.
so it works
my 3 steps
1. system restore
2. virus scan
3. registry cleaner
it works id say 90% of the time but you need to act as soon as infect rather than letting it spread. there honest statistics from a guy who disinfected machines for a living. me.
and when that doesent work i do what you guys do get a report and a little research on the bug
-
So....That's one out of, what, a billion viruses?
And it's a false positive, so it wasn't a virus at all?
-
ok whatever
-
System restore and virusscan make sense. But running a registry cleaner? I mean seriously! Anybody who knows how the registry works knows where particular values and several key locations where autorun information is stored, as well as the winlogon/notify. Although there might be a few remaining COM objects, a CCleaner will clean those up as well.
yeah well did mean to annoy any one with my other blog. i system restored yesterday after getting a false scan virus for ivpro.exe and virus is now gone.
so it works
my 3 steps
1. system restore
2. virus scan
3. registry cleaner
it works id say 90% of the time but you need to act as soon as infect rather than letting it spread. there honest statistics from a guy who disinfected machines for a living. me.
and when that doesent work i do what you guys do get a report and a little research on the bug
Anybody who runs a "registry booster" or "registry cleaner" application has no idea how the registry works; and likewise has no idea how the way that those two types of programs can cause it to NOT work.
when I get an infection, I don't follow the steps in the guide here... I have my own and they work pretty well:
1:Sysinternals Process explorer to identify DLLs and EXE programs to delete.
2:drop to recovery console. delete files.
3:reboot, start registry editor and remove infected keys. (RUN keys and WinLogon notify keys)
and you know what? it works 100% ALL THE TIME GUARANTEED... although sometimes I'll miss a dll the first time and it reinstalls the infections, which is why it's important to get all the DLL names right the first time.
But- Do I go on some random crusade trying to change the way they do malware removal? No. Even if the method was better (which is wouldn't be, after scaling it to those who come to the site, trying to direct a person through finding and then deleting the files in RC would be a huge nightmare)- the key point is- your not going to change the way they do it. If they are going to change the way they remove malware, they will decide too; they won't be influence by some two-bit grammar deficient lackey whose persistence in driving their malware removal method is only outweighed by they're naivety on the subject itself.
As far as your two-bit methods are concerned, System Restore is infected itself by most viruses. far more then 10%. So how it even sits in your method befuddles and confuses anybody who holds this common piece of information.
As well- other posts of yours suggest you use Norton 360, which puts the final nail in the coffin to any claim of expertise on your part. anybody who has a clue about malware prevention and removal knows that Norton 360, or any Norton Anti-virus product, is completely worthless at anything aside from hogging resources unnecessarily and digging itself into the very core of the operating system making uninstallation often take multiple reboots.
The fact is- after all that- your machine isn't clean at all, your Anti-virus justs blows the big one so hard you cannot see the 100+ trojans and what-not you would see with our currently defined method of malware removal, with REAL malware removal tools, not the piece of terd that has become almost any norton product.
And then; as a final step you run your "registry cleaner" or registry booster or whatnot, which as far as you can tell finds the keys and deletes them. Of course, the trouble is the malware is still infecting your computer- and simply recreates the keys. No harm done to them. All is as it was when you set out to disinfect, but your none the wiser.
-
yeah i know about the dormant unrestore point virus but its not active. inprisioned for life. actually sentenced to death because in time that unrestore point will be deleted.
and in regards to the registry here all i see here is that you would rather fetch a pail of water than use a tap. technology it works did you really think the dark ages would last forever..are we living in the days of no GUI.
yes norton 360 has malware detection problems.
penicillin cant detect java properly.
and mcfee misses false positives.
nothings perfect. if you have a wrench use it.
-
spacecat9
Experienced computer user (as you list your experience) can deal with malware problems any way they want, but your way is NOT the way recommended for an average computer user.
-
I never thought i would get this much info. You guys are fast .... Just post it last night..LOL
Thanks for the info! ;D
spider
-
You guys are fast
(http://www.mickphoto.com/photos/Fast%20Car.jpg)
-
Broni...is that the cream color Lexus you promised to never drive again in the Big City ? ?
Shame...Shame.
-
ROFL(http://img116.exs.cx/img116/1231/z7shysterical.gif)
-
I thought, you wouldn't remember ;D
-
I pay attention to all my Chrome investments...whether they are next door or across the fruited plain...
-
Most amazing to me is how somebody can get a picture of their own car!
-
He's fast...superfast ! !
-
That's it! ;D
-
hey guys, i look into this and ask Microsoft, you can use system restore point to remove your virus... the question was correct. this would work with any virus... That is what Microsoft said.
I figure i add that in for education guys.
but, sometimes if the virus has been in your computer for a long time, then you can't use system restore.
Hope to hear from you!
spider ;D
-
Go Micro$oft!!
-
hey guys, i look into this and ask Microsoft, you can use system restore point to remove your virus... the question was correct. this would work with any virus... That is what Microsoft said.
I figure i add that in for education guys.
but, sometimes if the virus has been in your computer for a long time, then you can't use system restore.
Hope to hear from you!
spider ;D
So you're saying you trust them more than our Resident Staff ? ?
Good Luck.
-
no i didn't say that but there was a lot of opinion and this was a test question for the 70-620 exam so i figure i double check my research so i don't fail! I believe you should still scan the PC for a virus anyway... system restore or not.
The chat line is free.
I didn't mean to offen anyone. :'(
spider
-
how would it remove a virus when a lot of viruses embed themself right into system restore?
-
So you're saying you trust them more than our Resident Staff ? ?
Good Luck.
[/quote]
Well Microsoft made windows, they should know how to fix problems on it. But that doesn't mean if somebody here is a computer guru with 20+ years of virus removal experience and is currently working for Norton orr Sophos, we wouldn't trust them ....
how would it remove a virus when a lot of viruses embed themself right into system restore?
See this link here, what would he do? http://www.computing.net/answers/security/system-restore-virus-attack/24320.html
-
how would it remove a virus when a lot of viruses embed themself right into system restore?
Simple. Call M$ ;D
-
I would not trust someone working for Norton. IMO Microsoft is just saying that to make it easy on them
-
I wanted to know this to be a fact on the test and was really hoping someone here is "MCTS microsoft" so if i took the test and that question ever came up... duh, what do I do... play with myself and guess the answer ???
If it's on the exam... then it must be right and if you don't trust Microsoft.... Switch to Linux, don't trust Norton, switch to Linux and stop crying.
There's to much ego going on and to much of a click and the instigator knows who they are. I'm sorry i offen once again.
I was really hoping to help out even more once i pass.... i guess you guys won't trust me.
don't worry, i'm going to delete my account for you.
Thanks for the help anyway!
-
I wanted to know this to be a fact on the test and was really hoping someone here is "MCTS microsoft" so if i took the test and that question ever came up... duh, what do I do... play with myself and guess the answer ???
If it's on the exam... then it must be right and if you don't trust Microsoft.... Switch to Linux, don't trust Norton, switch to Linux and stop crying.
There's to much ego going on and to much of a click and the instigator knows who they are. I'm sorry i offen once again.
I was really hoping to help out even more once i pass.... i guess you guys won't trust me.
don't worry, i'm going to delete my account for you.
Thanks for the help anyway!
*censored*?
it wasn't Microsoft that told you any of that anyway, it was a representative. It won't work with any virus, and I doubt there are any viruses out there that don't embed themselves into system restore.
If that is on the test, and you have previously been given the answer for that question, then by all means answer it that way, but be aware that such a situation never arises in real life.
Honestly- I trust Microsoft a lot more then I trust google. and if somebody doesn't trust Norton I would suggest simply not using Norton products, but on my part not using Norton products is not an issue of trust but rather that they are to a PC what a Lichen is to a rock.
If it's on the exam... then it must be right
It is. but the question is wrong, that's what we're trying to say.
and was really hoping someone here is "MCTS microsoft"
I suppose a Microsoft MVP certificate means nothing, then?
-
OK... I had to take a seat back and think this out what your telling me and it makes sense.
what piss me off was, everybody or some people... assumes that i don't trust you guys and that wasn't the point or true.
it wasn't like i was having a computer issue... more of a test question and it was driving me nuts!
I would love to help even more in the future too but, i don't want to be one of those Microsoft reps either... I want facts to back things up and know what I'm talking about... sorry, i get that way!
I realize what that question really was saying and your right... he was just a" microsoft Rep" and he didn't explain himself right... just to brush me off, he said it was Right and that was all he said but doesn't know why.
, I suspect that what they are suggesting is that if a computer is hit with a virus that is localized to a program that you installed a week ago you can use system restore to restore the computer to its state prior to the installation and then delete the program. The key is the statement "return the computer to the state it was in prior to the install. so the question was correct. was it not?
System Restore actually restores the registry settings it will not remove any infrected files
it may however remove a link within the registry to an infected file\
what system restore can do is to restore the operating system back to its configuration (how it was before the new app was installed) then you can delete the app and reinstall it
When you install an app the installer typically puts what are known as "hooks" in the registry they are pathnames and parameters that the program can use along with the OS to access special libraries of code that allow the program to interface with your OS etc. The program itself is actually written to your hard drive When you do a system restore it overwrites the registry containing the new "hooks" but the actual program is still present on the hard drive.
Does that make more sense and yes i can Say PC Programmer, you are right and the virus will still be there.
Thanks for getting back and talking to me. sorry for being a little harsh, i just felt like i was getting mob in here :P
Please let me know what you think about what i said and if I'm wrong... just let me know with the big high light messages!
spider :-[
-
I can give you contact info for 3 of my MS MVP friends for clarification of your dilemna if need be...
If you doubt that test writer's can not only pose an innaccurate question but also the wrong response.
The assumption is that the User would know approximately "when" they were infected...chances of this are slim to none.
The 2nd assumption is that the restore points themselves are valid and uninfected...again a dangerous broad assumption.
The 3rd and most dangerous assumption is that by restoring the registry the "hooks" as called have been found and disabled...there are many insidious infections out there including rootkits that may never make a registry entry.
-
the "hooks" are actually CLSID entries referencing COM components and component categories (which are used for BHO's)
as said- the answer was right, but the information provided by the question could never be known in a real-life situation.
-
Thanks for the learning Curve patio and BC_Programmer... for bringing me back to the real way of thinking.
I was going crazy with this subject and it didn't make sense.
I was thinking to my self at the time "why would Microsoft put that kind of question in the book ???
and BC_Programmer, your right about when you mention.. "I suppose a Microsoft MVP certificate means nothing, then? " it means nothing but the Microsoft reps need to be re-tested.
I hope I'm forgiving.... for Microsoft driving me crazy :'(
Thanks again! :-[
spider