Re: Accessing "sys vol info" on NTFS

From: FromTheRafters (!0000_at_nomad.fake)
Date: 04/07/04


Date: Wed, 7 Apr 2004 14:20:01 -0400


"Peter Rossiter" <not_me@mail.com> wrote in message news:94C4B67E4F8D8471AE@130.133.1.4...

> I probably got the virus from downloading binaries from the
> newgroups.

That is one good way to collect malware. ;o)

> Would that virus program have been installed or executed (if you
> see what I mean) for it to get picked up by XP's restore point in
> the way you describe?

Not necessarily. When your AV program first encountered it, it
probably tried to delete it. Before it got deleted, the OS kindly
decided that you might want to have it backed up in a restore
point just in case to had momentarily lost your mind.

> I am wondering if I was somehow so careless as to run the virus
> program.

If that was the only affected file your AV alerted to, then it is very
likely that it never ran on your machine.



Relevant Pages

  • Re: msftedit.dll is not a valid Windows image
    ... Please reply to the Newgroups ... The message "The application or DLL c:\windows\system32\msftedit.dll is ... my Word saving ability. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Accessing "sys vol info" on NTFS
    ... > newgroups. ... That is one good way to collect malware. ... decided that you might want to have it backed up in a restore ... If that was the only affected file your AV alerted to, ...
    (microsoft.public.windowsxp.general)
  • Re: no defrag or restore
    ... MS-MVP Shell/User ... Please reply to the Newsgroup ... Please reply to the Newgroups ... restore in my accessories. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Cannot restore computer...Why?
    ... MS-MVP Shell/User ... Please reply to the Newsgroup ... Please reply to the Newgroups ... I can't restore it to an earlier date. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: about: blank
    ... Spybot and Adaware were finding malware and possible ... Turned off RESTORE. ... >Download, UPDATE before running, and run: ...
    (microsoft.public.security.virus)