 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Me / System Tools / July 2005System Restore
Mike Sorry I have been out of touch, but since I last posted I have been away for a week on business and then another week doing my company annual accounts. Notice some of my previous thread entries have been removed so have started again now. Picking up from your last suggestion, I rebooted from Me Boot Floppy and actioned:- 1. >ATTRIB -H -S -R C:\_RESTORE >then >REN C:\_RESTORE OLDREST >then deleted folder C;\OLDREST however this did not work and no restore points were made. 2. >C:\WINDOWS\SYSTEM\Restore\rstrui.exe /makefirstrestorepoint this set an automatic point, so I tried setting a manual point and this also worked. For the next two days an automatic point was made and the previous points were retained in the calendar, so looking good up to then. Today I switched on and an automatic point was set almost immediately, but all the previous points have gone. I have just tried the manual point setting and this is still working. So, both the automatic and manual point setting now appears to be working but the retention worked for a few days only. I also notice that at first the automatic restore points were created at 14.38 but now are at 9.21 so this seems strange also. Question:- am I right in thinking that automatic points are only created when the machine is switched on ? So have made some progress here but not yet fully fixed the problem. Your thoughts please Mike. rgds..........BarryA Barry, To the best of my knowledge none of your previous postings have been removed. They will remain on the Microsoft server for some months before expiring after which they can be accessed using "Google Groups". I honestly feel you and those reading this newsgroup would benefit from your attempting to establish why you are unable to respond to posts and instead need to create a new thread with each post you make. System Restore: My thoughts? None other than that you need to review your system and establish why you are losing system checkpoints. Since you are unlikely to have an infinitely large drive this could simply because older points are being discarded to make room for new or that you had deleted more (in terms of total file size) files with monitored extensions than you have space allocated to the archive. Alternatively you have a third party application or utility that is clearing down the archive as one of its actions. Why you should find the time of creation of checkpoints to be odd intrigues me since they are not created to any fixed schedule the time of their creation being influenced by how long your PC has been running, how it is being used, what other tasks are running, etc. It's not as if they are running to a schedule.  SignatureMike Maltby MS-MVP mike.maltby@gmail.com > Mike > Sorry I have been out of touch, but since I last posted I have been [quoted text clipped - 29 lines] > > rgds..........BarryA Am trying to send via Reply Group but still getting empty pop-up box. Have found other reports on Forum groups of same empty pop-up box problem but with no solution, but will keep looking for answer to this problem. rgds........BarryA Your reply to group seems to have worked Barry which means one problem solved and one to go. :-) SignatureMike Maltby MS-MVP mike.maltby@gmail.com > Am trying to send via Reply Group but still getting empty pop-up box. > Have found other reports on Forum groups of same empty pop-up box > problem but with no solution, but will keep looking for answer to > this problem. Mike Ok it looks like I have found the Reply Group solution on another Forum if this message goes correctly. In the mystery pop-up box you tick the small box which is believed to say <do not show this message again> and then just hit Enter, it then continues the sending procedure. I have just checked SR again and this mornings automatic point has been removed and a new one made tonight at 5.30pm. So automatic points are now certainly being made but are replacing previous ones. I have checked the archive space allocated and this is a whopping 2343 Mb so space is not the problem. Not sure how to review the system to establish why I am losing previous points. Have not used any other software today except IE, OE and Word . Ctrl + Alt + Dlt does not show anything else running so not sure what to look at. BarryA I did mention that as possibly being the box you were seeing a week or so ago. <g> Loss of SR Checkpoints: As I mentioned earlier you need to check out whatever 3rd party utilities you have installed and running on your system, especially those that run each time you boot your system. SignatureMike Maltby MS-MVP mike.maltby@gmail.com > Mike > Ok it looks like I have found the Reply Group solution on another [quoted text clipped - 14 lines] > > BarryA Ok Mike, I did disable them before but SR was not creating points then, so I will check them out again now it is working. rgds.........BarryA Mike Ok, I have discovered what is clearing out my SR points. Whenever my antivirus PC-cillin detects a virus in a file within SR, it removes the affected file but is also clearing out all of the checkpoints for some reason. I am sure this is not how it should be and so have asked Trend Micro for help. Otherwise SR is setting regular restore points including after these clearout. It appears that the antivirus is detecting a trojan virus called: TROJ_STARTPAG.IQ in different files and removing them. So the virus must be in a registry entry somewhere and re-installing itself at startup. I have been unable to find the registry entry so far. At this time I decided to check that SR is working using the restore points it is setting. It is not! I ran your test using a desktop link to a file, it would not restore to a manual checkpoint. I then tried it on an automatic checkpoint and it would not restore to that either. On restarting after the automatic trial, I got an Error message: File:VMM(01)+0000835D Error:OD :0028 :C000935D then Scandisk ran and completed but would not close as everything had frozen. It took several reboots to get restarted to Windows. So, 1 step forward and 1 step back ! BarryA Barry, It appears from your report that Trend's PC-cillin need to respect the system a little more since touching the _RESTORE folder for any reason breaks the archive and in so doing destroys any chance the user has of rolling their system back to a clean checkpoint created prior to infection. Removing malware from the system is fine and commendable but if in so doing it destroys that system and leaves the user without recourse to system restore to recover the situation that is very bad and potentially far more damaging than the removed malware. BTW well done in discovering the culprit. Not using Trend I haven't personally come across this side effect of using PC-cillin. This thread started so long ago that I cannot remember whether you have installed the 290700 hotfix which has been required since Sept 2001 to create usable checkpoints. Restoration Unsuccessful: A failure to restore to a previously created checkpoint is often a sign that the 290700 patch for system restore wasn't installed when the checkpoint to which you were trying to return was created. If that is the case the checkpoint is useless. What is the version of the file smgr.dll in the windows\system folder? You can check this by locating this file in Windows Explorer, selecting, right clicking and choosing Properties and then clicking the Version tab. If not 4.90.0.3003 then that could be the cause of the problem and you need to download and install the 290700 patch for system restore. The easiest way to do this is from the link in the associated KB article (KB290700 - "Checkpoints that you create after September 8, 2001 do not restore your computer" (http://support.microsoft.com?kbid=290700). It is also possible that at one stage you did install this patch but have subsequently reinstalled Win Me over itself using the Win Me CD. Doing this causes the original, broken, version of smgr.dll to be reinstalled. If this problem is a result of your having reinstalled Win Me over itself may I recommend you to download and use the Belarc Advisor (http://www.belarc.com/free_download.html) which will help you in identify which other patches also need to be reinstalled. SignatureMike Maltby mike.maltby@gmail.com > Mike > Ok, I have discovered what is clearing out my SR points. [quoted text clipped - 23 lines] > > BarryA Great, the patch was the answer.I have also run the test and it works perfectly. Yes I had re-installed Me but have regularly gone to the MS website and collected updates. However MS no longer support Me except for what they call "critical" updates. I can now see that this leaves a big hole as most other updates are no longer posted on their site. This also applies to the Belarc Advisor, which for Me states "No details available" under Patches Available for this Computer when I have run it. It only shows patches installed already, which is informative but not a lot of help. I believe there was a Service Pack1 at least which I will not now have, plus others. Is there anywhere these are listed readily and can perhaps be downloaded for Me? I now need to wait for a response from Trend on the deletion of checkpoints. BarryA Barry, Your problem was due to reinstalling Win Me over itself and had nothing to do with Microsoft no longer producing new operating system patches for Win Me although they will continue to do so for some time yet for IR5 SP2, IE6 SP1 and WMP9. Reinstalling Win Me over itself does not reset the registry, which is presumably why you did this as you didn't want to reinstall your applications, so the flags used by Windows Update to signify that a patch has been installed are not reset. All Win Me patches are all still available on the Windows Update site unless superseded by a later version and will continue to be so for some years to come. The Belcarc Advisor uses a different method of detection and reports details of those patches which are recorded in the registry as being installed but which in fact are not present - usually the result of reinstalling Win Me from a CD rather than by running the copy of setup.exe in the windows\options\install or ..\cabs folder. This latter method installs a number of the system patches such as 290700 and so prevents the problems you saw. There never has been nor will there be an Service Pack 1 for Win Me. There was however a SP1 and later SP2 for IE 5.5 and more recently SP 1 for IE6. Win Me should preferably running IE 6 SP1 but is also still supported when running IE5.5 SP2. That is critical updates are still published for these two browser versions such as happened yesterday. SignatureMike Maltby mike.maltby@gmail.com > Great, the patch was the answer.I have also run the test and it works > perfectly. [quoted text clipped - 15 lines] > > BarryA Sorry I was not so clear. I understand that the problem was caused by re-installing Me from the CD. I did then go to the MS site and allow it to check what updates were available for my system which it did and I downloaded them. I have also continued to do this from time to time or when Windows automatically tells me there is an update available. However it obviously did not detect that the patch 290700 was not actually there or perhaps what you are saying is that it was there but the flags to SR which indicate this were no longer present. So this begs the question I guess I was asking, are their other updates which may no longer be there, or may still be there but no longer are effective because of my re-installation of ME and if the MS site update check for my system does not identify this, how will I know ? More good news, since applying the patch, this has also fixed Scandisk and Defrag, which both now run. However they hang in normal mode, it seems due to some background running process, but work perfectly in Safe Mode, which is quite satisfactory. I have run Process Explorer which shows all background processes but it seems they are mostly the operating system ones and those which are not I have disabled and that makes no difference. Still I am happy to run these in Safe Mode. BarryA > So this begs the question I guess I was asking, are their other > updates which may no longer be there, or may still be there but no > longer are effective because of my re-installation of ME and if the > MS site update check for my system does not identify this, how will I > know ? Did you read my post explaining why having chosen to reinstall Win Me over itself this can cause Windows Update to believe a patch to have already been installed? If not may I suggest you do so. The reason being, as I thought I had explained, that having chosen to reinstall Win Me over itself rather than performing a clean install the registry is not cleared and therefore the flags set by the Windows Update site when a patch is installed are not cleared. If the Windows Up[date site detects that the flag has been set indicating that a specific patch has been installed it checks no further for whether the patch is required. > How will I know? Firstly by reading and trying to understand what I have written and by using Belarc which as I have already explained uses a different method to check whether an installed patch is still present or not. Belarc checks the flags placed in the registry by the Windows Update site and then checks that the associated files and file versions are still present and incorrect. If not it notifies the user that the patch needs to be reinstalled which can then be done by downloading and installing the patch from the Windows Update Catalogue (http://v4.windowsupdate.microsoft.com/catalog/en/default.asp). SignatureMike Maltby mike.maltby@gmail.com > Sorry I was not so clear. I understand that the problem was caused by > re-installing Me from the CD. I did then go to the MS site and allow [quoted text clipped - 21 lines] > > BarryA |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.