RE: Windows ME file restoration

From: CJ Oakwood (cj_oakwood@yahoo.com)
Date: 07/29/01 

From: "CJ Oakwood" <cj_oakwood@yahoo.com>
To: "'Spirit Of 1'" <spiritof1@home.com>
Subject: RE: Windows ME file restoration
Date: Sat, 28 Jul 2001 20:15:22 -0700
Message-ID: <000001c117dc$b4466200$0540a8c0@oakwood.com>

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This doesn't sound like a bug, but rather the System File Protection.
Windows 2000, XP, .NET (and I think NT4) has what MS calls System
File Protection which makes it hard to overwrite system files.

To temporary disable System File protection, and update system files,
you will need to edit the Registry, and upload your DLL or system
file in the system32 directory, and in the DLL Cache directory.
Reboot, and your files will be updated.

This can't be disabled, this is a feature of Windows.

This sounds like the issue you are having in Windows ME.

CJ

- -----Original Message-----
From: Spirit Of 1 [mailto:spiritof1@home.com]
Sent: Saturday, July 28, 2001 21:16
To: bugtraq@securityfocus.com
Subject: Windows ME file restoration

An advisory for all windows ME users:

Windows ME restores critical system files from backups when they are
renamed or deleted. This includes system utilities in the command
folder, and some DLLs. If your machine is compromised, and you
attempt to clean yourself of impurities by cleaning up system files,
windows ME may even restore infected copies of your system. I just
got windows ME and was completely taken aback by this lack of caring
from microsoft. I don't even know if there is a fix for this. If
you know how to disable this recovery method that seems hard-coded
into windows ME, I'd appreciate a reply. Thanks.

- -spirit of one.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Go to http://4.60.71.222/public/ for public key

iQA/AwUBO2N/yq+nyPk9PHN7EQKOrQCgnUhv9Z8H6V1V+1rT0uqOofrLWgMAniYi
5dJF6vKM7G6Wmokc+Bl/wNlS
=tMNX
-----END PGP SIGNATURE-----


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Relevant Pages

  • Re: scan for file corruption
    ... Windows XP has the ability to protect itself from system instability caused by ... Windows File Protection is always enabled and allows Windows ... see if there are any corrupt system files using scannow sfc. ... NB - The dllcache folder is extremely important so Windows XP hides it from ...
    (microsoft.public.windowsxp.newusers)
  • Re: Using ASR to recover system files and OS booting
    ... How to Use System Files to Create a Boot Disk to Guard ... The Windows XP installation CD is also a "startup disk" or ERD ... How to Perform a Windows XP Repair Install ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Windows File Protection
    ... Scans all protected system files and replaces incorrect versions with correct ... The Windows File Protection is constantly checking whether important files are ... Windows must restore the ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Any GIMP users (Linux)
    ... it's better than the Windows 95/98/SE/ME model. ... that has nothing whatsoever to do with the security model. ... deal to trash all the user files as it is to trash the system files. ... hour--install a rump XP, run restore, and then reboot. ...
    (rec.photo.digital)
  • Re: Booting in Safe Mode
    ... System File Checker replaces screwed up system files. ... You may be prompted to insert a Windows XP Professional CD when you run the ... and selected "safe mode with command prompt". ...
    (microsoft.public.windowsxp.general)