Re: restore

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAZ Pete at <-
MJD Austin at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: fhdavenport
Date:  
To: plug-discuss
Subject: Re: restore
Hi,

I had a similar experience with the sasser worm and a friend's machine running Windows XP. I went to the Symantec site and pulled the sasser fix in an executable file. This costs nothing and is a fairly quick download 'cause the files are small. You just have to have the bad guy identified as the files are specific to the virus/worm. Then before you run the fix, turn off the Restore feature. That got it.

If the folks in trouble cannot access the web, I pull the fix and put it on a thumbdrive or a floppy, (if they have no USB).

Frank

----- Original Message -----
From: "Jeremy C. Reed" <>
To: <>
Sent: Monday, May 10, 2004 5:54 PM
Subject: Re: restore


> On Mon, 10 May 2004, Craig White wrote:
>
> > I don't recall seeing anything like that in the distro's that I've
> > worked with. This is mostly unnecessary since the the two reasons for
> > this feature are to overcome virus damage or installation damage where
> > an older dll overwrites a newer dll. Even Windows has implemented a
> > method to keep the overwrites from occurring now.
>
> I rarely touch Windows, but in-laws (who used NetBSD and then Linux for a
> year before buying a new computer) needed my help.
>
> They had the sasser worm. I followed the instructions (so I thought) at
> the Microsoft.org website. I did a Windows Update and chose yes to update.
> Then it suggested I needed to restart the system.
>
> So I did.
>
> The system failed to come back up and was missing a DLL. My mouse moved on
> a blank screen but nothing else was shown. Booting to safe mode didn't
> help. Then my Windows friend suggested that I boot using "last known
> configuration" and it worked.
>
> I still had the sasser. Many processes starting faster than I could stop
> them. Anyways, I manually removed the binaries, removed some registry
> startups with regedit, and turned on the Xp firewall. All is well now, I
> guess.
>
> For Linux, this couold probably be easily done a couple ways:
>
> - backup all configs in a tarball (that is dated)
>
> - backup all system commands and libraries
> or alternatively:
> - have a list of installed packages with exact version numbers and
> packages readily available
>
> Then to recover to last known configuration have a script that backups
> broken configuration and overwrites with new.
>
> > I suppose that if you had a corrupted 'package' on Linux, you could do
> > something like 'apt-get -f install package' to put the original binaries
> > back in place.
>
> dpkg can output a list of packages installed and can use same list to
> install. (But --get-selections doesn't seem to have package versions.)
>
>
> Jeremy C. Reed
> 
>     BSD News, BSD tutorials, BSD links
>   http://www.bsdnewsletter.com/

>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: hex keys for wep key not being acceptedRe: hex keys for wep key not being accepted->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)