Vista test question

[patio]

hey guys, i look into this and ask Microsoft, you can use system restore point to remove your virus... the question was correct. this would work with any virus... That is what Microsoft said.

I figure i add that in for education guys.

but, sometimes if the virus has been in your computer for a long time, then you can't use system restore.

Hope to hear from you!

spider

So you're saying you trust them more than our Resident Staff ? ?
Good Luck.

[spiderlucci]

no i didn't say that but there was a lot of opinion and this was a test question for the 70-620 exam so i figure i double check my research so i don't fail!  I believe you should still scan the PC for a virus anyway... system restore or not.
 The chat line is free.
I didn't mean to offen anyone. 
spider

[BC_Programmer]

how would it remove a virus when a lot of viruses embed themself right into system restore?

[m_260]

So you're saying you trust them more than our Resident Staff ? ?
Good Luck.
[/quote]

Well Microsoft made windows, they should know how to fix problems on it. But that doesn't mean if somebody here is  a computer guru with 20+ years of virus removal experience and is currently working for Norton orr Sophos, we wouldn't trust them ....

how would it remove a virus when a lot of viruses embed themself right into system restore?

See this link here, what would he do? http://www.computing.net/answers/security/system-restore-virus-attack/24320.html

[Broni]

how would it remove a virus when a lot of viruses embed themself right into system restore?

Simple. Call M$

[computeruler]

I would not trust someone working for Norton.  IMO Microsoft is just saying that to make it easy on them

[spiderlucci]

I wanted to know this to be a fact on the test and was really hoping someone here is "MCTS microsoft" so if i took the test and that question ever came up... duh, what do I do... play with myself and guess the answer
If it's on the exam... then it must be right and if you don't trust Microsoft.... Switch to Linux, don't trust Norton, switch to Linux and stop crying.
There's to much ego going on and to much of a click and the instigator knows who they are. I'm sorry i offen once again.

I was really hoping to help out even more once i pass.... i guess you guys won't trust me.

don't worry, i'm going to delete my account for you.


Thanks for the help anyway!

[BC_Programmer]

I wanted to know this to be a fact on the test and was really hoping someone here is "MCTS microsoft" so if i took the test and that question ever came up... duh, what do I do... play with myself and guess the answer
If it's on the exam... then it must be right and if you don't trust Microsoft.... Switch to Linux, don't trust Norton, switch to Linux and stop crying.
There's to much ego going on and to much of a click and the instigator knows who they are. I'm sorry i offen once again.

I was really hoping to help out even more once i pass.... i guess you guys won't trust me.

don't worry, i'm going to delete my account for you.


Thanks for the help anyway!

*censored*?

it wasn't Microsoft that told you any of that anyway, it was a representative. It won't work with any virus, and I doubt there are any viruses out there that don't embed themselves into system restore.


If that is on the test, and you have previously been given the answer for that question, then by all means answer it that way, but be aware that such a situation never arises in real life.

Honestly- I trust Microsoft a lot more then I trust google. and if somebody doesn't trust Norton I would suggest simply not using Norton products, but on my part not using Norton products is not an issue of trust but rather that they are to a PC what a Lichen is to a rock.

If it's on the exam... then it must be right

It is. but the question is wrong, that's what we're trying to say.

and was really hoping someone here is "MCTS microsoft"

I suppose a Microsoft MVP certificate means nothing, then?

[spiderlucci]

OK... I had to take a seat back and think this out what your telling me and it makes sense.
what piss me off was, everybody or some people... assumes that i don't trust you guys and that wasn't the point or true.

it wasn't like i was having a computer issue... more of a test question and it was driving me nuts!
I would love to help even more in the future too but, i don't want to be one of those Microsoft reps either... I want facts to back things up and know what I'm talking about... sorry, i get that way!

I realize what that question really was saying and your right... he was just a" microsoft Rep" and he didn't explain himself right... just to brush me off, he said it was Right and that was all he said but doesn't know why.

, I suspect that what they are suggesting is that if a computer is hit with a virus that is localized to a program that you installed a week ago you can use system restore to restore the computer to its state prior to the installation and then delete the program. The key is the statement "return the computer to the state it was in prior to the install. so the question was correct. was it not?


System Restore actually restores the registry settings  it will not remove any infrected files
 it may however remove a link within the registry to an infected file\
what system restore can do is to restore the operating system back to its configuration (how it was before the new app was installed) then you can delete the app and reinstall it


When you install an app  the installer typically puts what are known as "hooks" in the registry they are pathnames and parameters that the program can use along with the OS to access special libraries of code that allow the program to interface with your OS etc. The program itself is actually written to your hard drive When you do a system restore it overwrites the registry containing the new "hooks" but the actual program is still present on the hard drive.

Does that make more sense and yes i can Say PC Programmer, you are right and the virus will still be there.


Thanks for getting back and talking to me. sorry for being a little harsh, i just felt like i was getting mob in here

Please let me know what you think about what i said and if I'm wrong... just let me know with the big high light messages!

spider

[patio]

I can give you contact info for 3 of my MS MVP friends for clarification of your dilemna if need be...
If you doubt that test writer's can not only pose an innaccurate question but also the wrong response.

The assumption is that the User would know approximately "when" they were infected...chances of this are slim to none.
The 2nd assumption is that the restore points themselves are valid and uninfected...again a dangerous broad assumption.
The 3rd and most dangerous assumption is that by restoring the registry the "hooks" as called have been found and disabled...there are many insidious infections out there including rootkits that may never make a registry entry.

[BC_Programmer]

the "hooks" are actually CLSID entries referencing COM components and component categories (which are used for BHO's)


as said- the answer was right, but the information provided by the question could never be known in a real-life situation.

[spiderlucci]

Thanks for the learning Curve patio and  BC_Programmer... for bringing me back to the real way of thinking.

I was going crazy with this subject and it didn't make sense.

I was thinking to my self at the time "why would Microsoft put that kind of question in the book

and BC_Programmer, your right about when you mention.. "I suppose a Microsoft MVP certificate means nothing, then? "  it means nothing but the Microsoft reps need to be re-tested.

I hope I'm forgiving.... for Microsoft driving me crazy

Thanks again! 
spider