Help !!! System Restore
Chip
these programs, I wanted to do a new System Restore. I clicked on
Accessories, System Tools, System Restore and nothing happened. I did it
several times and it doesn't seem like it's there.
BTW I also changed some settings in msconfig, but didn't change any
Microsoft settings.
Any help? Thanks !!!
DL
Probably says it all
Run the system file checker - see win help
"Chip" <Ch...@discussions.microsoft.com> wrote in message
news:0EADCF74-E4C3-49F7...@microsoft.com...
Don Phillipson
news:0EADCF74-E4C3-49F7...@microsoft.com...
> I have been running malware, virus, register cleans, etc and after I ran
all
> these programs, I wanted to do a new System Restore. I clicked on
> Accessories, System Tools, System Restore and nothing happened. I did it
> several times and it doesn't seem like it's there.
Some 3d-party malware shields disable MS System Restore
(see archives of this newsgroup.) There are workarounds
for some such software but not all.
--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada).
Jim
Norton will also knock system restore out .
Jose
Start here to figure out what it isn't:
Download, install, update and do a full scan with these free malware
detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
They can be uninstalled later if desired.
Then, you can determine if the shortcut or the program is broken and
react accordingly.
When you click the SR shortcut it runs: %SystemRoot%\system32\restore
\rstrui.exe
So, click Start, Run and paste that command in the box, click OK and
see what happens.
"Nothing happens" as a description won't get you too far (unless
nothing really happens). Please try to do better if possible.
A fairly common and generally easy to fix SR issue after a malware
attack is an empty white box where SR should be.
Tim Meddick
Check that the 'System Restore Service' is active (started) and that it's 'start-up
type' is set to 'Automatic'
Check this by starting "Local Services" on your 'Administrative Tools' menu on the
'Start Menu' or type the following into the "Run" box on the 'Start menu' :
mmc.exe c:\windows\system32\services.msc
Down the list to the 'System Restore Service', and double-click on it to bring up
it's properties.
Also, it may be worth checking that both the executable (.exe) file is present, and
that the shortcut to it you tried to use is correctly pointing to it.
The 'System Restore' program is location is : c:\windows\system32\restore\rstrui.exe
==
Cheers, Tim Meddick, Peckham, London. :-)
"Chip" <Ch...@discussions.microsoft.com> wrote in message
news:0EADCF74-E4C3-49F7...@microsoft.com...
Chip
Here is a better description of the problem: I go to Start, Accessories,
System Tools, and System Restore. The name 'System Restore' is there, but I
double-click on it and it does nothing.
I checked to see if the path was there and I followed it through. The icon
you suggested is still there, but I click on the .exe program and nothing
happens. Just seems like nothing is there except the icon.
Thanks.
Ken Blake, MVP
<Ch...@discussions.microsoft.com> wrote:
> I have been running malware, virus,
Running malware and viruses is a very bad thing to do. What you should
run is *anti*-malware and *anti*-virus programs. <g>
Assuming that you meant *anti*-malware and *anti*-virus programs,
please tell exactly which ones you ran.
Did those programs find any malware on your system?
> register cleans, etc
Leaving aside any attempt at humor, as in the first paragraph above,
this *is* a very bad thing to do. Registry cleaning programs are *all*
snake oil. Cleaning of the registry isn't needed and is dangerous.
Leave the registry alone and don't use any registry cleaner. Despite
what many people think, and what vendors of registry cleaning software
try to convince you of, having unused registry entries doesn't really
hurt you.
The risk of a serious problem caused by a registry cleaner erroneously
removing an entry you need is far greater than any potential benefit
it may have.
Read http://www.edbott.com/weblog/archives/000643.html
> and after I ran all
> these programs, I wanted to do a new System Restore.
Why? Doing so doesn't seem to mesh with running the other programs.
Are you having a problem? System Restore should only be run when you
are having a problem that you expect to respond to going back a few
days with System Restore.
> I clicked on
> Accessories, System Tools, System Restore and nothing happened. I did it
> several times and it doesn't seem like it's there.
Do you run Norton Anti-virus. If so, that's likely the reason.
> BTW I also changed some settings in msconfig, but didn't change any
> Microsoft settings.
Exactly what did you change? Why?
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Steve Winograd [MS-MVP]
I don't know of any Norton product that prevents System Restore from
creating a restore point. If you do, please give us details.
Some Norton products have a feature called "Norton Product Tamper
Protection" that you have to disable before restoring your computer to
a previous time. Details here:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Desktop Experience)
Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Chip
I did not run Norton. I have ESET anti-virus. I ran Ad-aware and
Malwarebytes and they found nothing.
The reason I wanted to go to System Restore was to set a new restore point
as of now - after everything is working faster and CPU performance is great.
In msconfig I unchecked most of the Startup programs and a few of the
Services, but I did not touch any of the Windows services.
As I said, I have even taken the path to actual .exe program in System32
and nothing happens when I double-click it.
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
infection!
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com
PA Bear [MS MVP]
PS: If you think your Registry needs to be "cleaned" or "repaired," read
http://aumha.net/viewtopic.php?t=28099 and draw your own conclusions.
Jose
>
> > > and after I ran all
> > > these programs, I wanted to do a new System Restore.
>
> > Why? Doing so doesn't seem to mesh with running the other programs.
> > Are you having a problem? System Restore should only be run when you
> > are having a problem that you expect to respond to going back a few
> > days with System Restore.
>
> > > I clicked on
> > > Accessories, System Tools, System Restore and nothing happened. I did it
> > > several times and it doesn't seem like it's there.
>
> > Do you run Norton Anti-virus. If so, that's likely the reason.
>
> > > BTW I also changed some settings in msconfig, but didn't change any
> > > Microsoft settings.
>
> > Exactly what did you change? Why?
>
> > --
> > Ken Blake, Microsoft MVP - Windows Desktop Experience
> > Please Reply to the Newsgroup
If c:\windows\system32\restore\rstrui.exe will not run, COPY (not
rename) it to something else - chip09.exe or something like that and
then see if chip09.exe will launch when double clicked, a Start, Run,
or from a command window. This does not change the shortcut of
course.
If chip09.exe launches SR, you are still infected and rstrui.exe is
not being allowed to run.
If chip09.exe does not launch, the executable may be compromised so
search for another copy of rstrui.exe on your system and copy it into
c:\windows\system32\restore. Try again. Copy and try chip09.exe (it
must run in that folder).
Likely spots are:
c:\windows\servicepackfiles\i386
c:\windows\system32\dllcache
Chip
I have looked in all the locations you mentioned - didn't find any such
file. Can I get it from another PC? Should I repair Windows?
Tim Meddick
Jose,
I concur with your logic to test the file integrity of "rstrui.exe" by
copying and renaming.
However, it is not amongst the files covered by Windows Files Protection and so would
not appear in the folder :
c:\windows\system32\dllcache
...But, could be copied (expanded) from the i386 folder on the XP installation cd-rom
(no extra service packs installed) :
expand x:\i386\rstrui.ex_ c:\windows\system32\restore\rstrui.exe
(where [x:] is replaced for your cd/dvd drive letter)
...or copied (directly) from the i386 folder within c:\windows\ServicePackFiles
folder (if a service pack has been installed after the original installation) :
copy c:\windows\ServicePackFiles\i386\rstrui.exe c:\windows\system32\restore
...then rename it from there.
==
Cheers, Tim Meddick, Peckham, London. :-)
"Jose" <jose...@yahoo.com> wrote in message
news:072ee2d1-a22c-4e06...@j19g2000vbp.googlegroups.com...
On Aug 7, 2:55 pm,
>
Newsgroup Honesty
| I have been running malware, virus, register cleans, etc and after I
| ran all these programs, I wanted to do a new System Restore. I
| clicked on Accessories, System Tools, System Restore and nothing
| happened. I did it several times and it doesn't seem like it's there.
|
| BTW I also changed some settings in msconfig, but didn't change any
| Microsoft settings.
|
| Any help? Thanks !!!
Jim wrote:
| Norton will also knock system restore out.
Steve Winograd [MS-MVP] wrote:
| I don't know of any Norton product that prevents System Restore from
| creating a restore point. If you do, please give us details.
|
| Some Norton products have a feature called "Norton Product Tamper
| Protection" that you have to disable before restoring your computer to
| a previous time. Details here:
|
|
http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
Would the following web page,
http://bertk.mvps.org/html/symantecdoc1.html, be something worth looking
at in reference to Symantec and System Restore issues?
--
Newsgroup Honesty
newsgrou...@gmail.com
* People who are brutally honest get more
satisfaction out of the brutality than
out of the honesty. *
--
BillW50
Steve Winograd [MS-MVP] typed on Fri, 07 Aug 2009 12:41:36 -0600:
> I don't know of any Norton product that prevents System Restore from
> creating a restore point. If you do, please give us details.
Hahaha, you are a gas Steve! You just started to use computers I see.
Well here is a tip, point your browser to http://www.google.com and
enter 'Norton System Restore problems' and see over 900,000 hits.
--
Bill
Windows 2000 SP4 (5.00.2195)
Asus EEE PC 701G4 ~ 2GB RAM ~ 16GB-SDHC
Jose
> Jose,
> I concur with your logic to test the file integrity of "rstrui.exe" by
> copying and renaming.
>
> However, it is not amongst the files covered by Windows Files Protection and so would
> not appear in the folder :
>
> c:\windows\system32\dllcache
>
> ...But, could be copied (expanded) from the i386 folder on the XP installation cd-rom
> (no extra service packs installed) :
>
> expand x:\i386\rstrui.ex_ c:\windows\system32\restore\rstrui.exe
>
> (where [x:] is replaced for your cd/dvd drive letter)
>
> ...or copied (directly) from the i386 folder within c:\windows\ServicePackFiles
> folder (if a service pack has been installed after the original installation) :
>
> copy c:\windows\ServicePackFiles\i386\rstrui.exe c:\windows\system32\restore
>
> ...then rename it from there.
>
> ==
>
> Cheers, Tim Meddick, Peckham, London. :-)
>
>
> news:072ee2d1-a22c-4e06...@j19g2000vbp.googlegroups.com...
> On Aug 7, 2:55 pm,
>
>
>
>
>
> > If c:\windows\system32\restore\rstrui.exe will not run, COPY (not
> > rename) it to something else - chip09.exe or something like that and
> > then see if chip09.exe will launch when double clicked, a Start, Run,
> > or from a command window. This does not change the shortcut of
> > course.
>
> > If chip09.exe launches SR, you are still infected and rstrui.exe is
> > not being allowed to run.
>
> > If chip09.exe does not launch, the executable may be compromised so
> > search for another copy of rstrui.exe on your system and copy it into
> > c:\windows\system32\restore. Try again. Copy and try chip09.exe (it
> > must run in that folder).
>
> > Likely spots are:
>
> > c:\windows\servicepackfiles\i386
> > c:\windows\system32\dllcache
Acknowledged. Likely is the operative word!
It is here on my computer, but not on another - huh... It is for sure
in the servicepackfiles\i386 on all computers I checked.
Before embarking on more time consuming methods, you know my goal is
just to determine if the rstrui.exe is not allowed to run by name
alone or if the executable has been compromised. It must run from the
restore folder of course.
Troubleshooting time for this operation should be very quick and based
on the results, next steps taken.
If the OP has an XP CD, it can be expanded as you indicated. OPs
rarely seem to have this luxury, so I propose options that will not
require it. Expanding will result of course in rstrui.exe which still
may not run because of the name and then copying to a different name
will still need to be done.
Copying rstrui from another PC of the same type would achieve the same
results, but more efficient methods should be tried first.
Your:
copy c:\windows\ServicePackFiles\i386\rstrui.exe c:\windows
\system32\restore
...then rename it from there.
is indeed an efficient method. Shades of regedit not launching
(nothing happens!) but a copy works just fine, easy to fix.
The OP has also not reported any results from running chip09.exe
either.
The association to Norton is a different issue all together. In the
Norton scenario, SR at least launches, SR is executed but the says
restoration is incomplete... I have not read where Norton prevents SR
from launching or creating a new RP.
Here it sounds like SR doesn't even launch, so for the moment, I am
ruling out at least that particular Norton anomaly (which the OP also
says is not installed) - it is not the same symptom and it is not this
problem - provided the problem is being reported accurately...
Jose
> I concur with your logic to test the file integrity of "rstrui.exe" by
> copying and renaming.
>
> However, it is not amongst the files covered by Windows Files Protection and so would
> not appear in the folder :
>
> c:\windows\system32\dllcache
>
> ...But, could be copied (expanded) from the i386 folder on the XP installation cd-rom
> (no extra service packs installed) :
>
> expand x:\i386\rstrui.ex_ c:\windows\system32\restore\rstrui.exe
>
> (where [x:] is replaced for your cd/dvd drive letter)
>
> ...or copied (directly) from the i386 folder within c:\windows\ServicePackFiles
> folder (if a service pack has been installed after the original installation) :
>
> copy c:\windows\ServicePackFiles\i386\rstrui.exe c:\windows\system32\restore
>
> ...then rename it from there.
>
> ==
>
> Cheers, Tim Meddick, Peckham, London. :-)
Well, here is something...
I found rstrui.exe on my computer in c:\windows\system32\dllcache but
not on a fairly new one. WTH?
My computer has 400+ executables in c:\windows\system32\dllcache, the
other only had 28.
I have run sfc /scannow on my computer in the past (just to test it)
but never on the new one. I ran sfc /scannow on the new computer and
now the c:\windows\system32\dllcache folders match for executables -
including rstrui.exe - not there before.
According to a sort of old-by-date MS article http://www.microsoft.com/whdc/archive/wfp.mspx
covering 2000 and XP:
All SYS, DLL, EXE, and OCX files that ship on the Windows CD are
protected. True Type fonts--Micross.ttf, Tahoma.ttf, and Tahomabd.ttf--
are also protected.
What do you see on your system for executables in c:\windows
\system32\dllcache and have you ever run sfc /scannow on it?
Peter Foldes
Gas or no gas Steve's answer was correct. Norton does not stop system restore points
to be created . It only stops them from being accessed. Read and understand the
issue correctly before saying what you said along with the other answers in this
thread.
http://bertk.mvps.org/html/srfail.html
http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"BillW50" <Bil...@aol.kom> wrote in message
news:OewswaCG...@TK2MSFTNGP03.phx.gbl...
BillW50
Peter Foldes typed on Sat, 8 Aug 2009 12:38:28 -0400:
> BillW50
>
> Gas or no gas Steve's answer was correct. Norton does not stop system
> restore points to be created . It only stops them from being
> accessed. Read and understand the issue correctly before saying what
> you said along with the other answers in this thread.
>
> http://bertk.mvps.org/html/srfail.html
>
http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
What difference does it make to most users? As most drivers doesn't care
if it is the fuel filter, pump, computer, or whatever of why their car
won't run. All they care about is it is broken and it doesn't work.
Now whether restore points are being created or not doesn't make any
difference if they can't be accessed, now does it? So what good is
running Norton's software? It is supposed to help the average user, NOT
SCREW UP THEIR COMPUTER! And Norton has this long history of creating
more problems than it is trying to fix. So this should be no surprise to
anybody at all. Especially for the well seasoned user.
And if you have problems with other answers I stated, let's hear them!
Let us get it in the open and quit hiding them. As that is an old
coward's trick! How childish!
Steve Winograd [MS-MVP]
<Newsgrou...@gmail.com> wrote:
>
>Jim wrote:
>| Norton will also knock system restore out.
>
>Steve Winograd [MS-MVP] wrote:
>| I don't know of any Norton product that prevents System Restore from
>| creating a restore point. If you do, please give us details.
>|
>| Some Norton products have a feature called "Norton Product Tamper
>| Protection" that you have to disable before restoring your computer to
>| a previous time. Details here:
>|
>http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
>
>Would the following web page,
>http://bertk.mvps.org/html/symantecdoc1.html, be something worth looking
>at in reference to Symantec and System Restore issues?
Bert's web page is a copy of the Symantec page that I cited. He gives
the Symantec URL at the top.
Steve Winograd [MS-MVP]
>In news:euso759qkifj6ns31...@4ax.com,
>Steve Winograd [MS-MVP] typed on Fri, 07 Aug 2009 12:41:36 -0600:
>> I don't know of any Norton product that prevents System Restore from
>> creating a restore point. If you do, please give us details.
>
>Hahaha, you are a gas Steve! You just started to use computers I see.
>Well here is a tip, point your browser to http://www.google.com and
>enter 'Norton System Restore problems' and see over 900,000 hits.
If you can find a site that documents how Norton prevents System
Restore from creating a restore point, please post a link to it. I'll
be happy to look at it.
P.S. I started using computers in 1968.
Steve Winograd [MS-MVP]
wrote:
>BillW50
>
>Gas or no gas Steve's answer was correct. Norton does not stop system restore points
>to be created . It only stops them from being accessed. Read and understand the
>issue correctly before saying what you said along with the other answers in this
>thread.
>
>http://bertk.mvps.org/html/srfail.html
>http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013
Thanks, Peter.
BillW50
Steve Winograd [MS-MVP] typed on Sat, 08 Aug 2009 13:10:53 -0600:
You should ask Peter Foldes, that is his claim. By the way, I started
with computers during the Apollo project and worked as an electronic
engineer.
Steve Winograd [MS-MVP]
>>> Hahaha, you are a gas Steve! You just started to use computers I see.
>>> Well here is a tip, point your browser to http://www.google.com and
>>> enter 'Norton System Restore problems' and see over 900,000 hits.
>>
>> If you can find a site that documents how Norton prevents System
>> Restore from creating a restore point, please post a link to it. I'll
>> be happy to look at it.
>>
>> P.S. I started using computers in 1968.
>
>You should ask Peter Foldes, that is his claim. By the way, I started
>with computers during the Apollo project and worked as an electronic
>engineer.
What? You're the one who ridiculed me. Peter agreed with what I
said.
It's nice to meet another EE. My degrees are in EE and Computer
Science.