Dissect System Restore snapshots

Posted by Unsigned on Super User See other posts from Super User or by Unsigned
Published on 2011-11-09T16:18:11Z Indexed on 2011/11/19 17:57 UTC
Read the original article Hit count: 255

Filed under:

system-restore

Is there any way to map the A000????.??? filenames in the System Volume Information to their original names, without restoring them?

The reason I ask is that several files in one user's System Volume Information RP1 were infected by a rootkit. Although they've been removed, I'd like to be able to figure out what they were originally. A0001253.sys and A0001211.sys are not very helpful names. :)

It happened on two systems, one XP SP2, the other XP SP3.

Related posts about system-restore

Resolving System Restore error - Error 0x800423F3 - The writer experienced a transient error

as seen on Super User - Search for 'Super User'
System restore just stopped working, when I needed it most. (tried diff restore points... same error). Now everytime I run system-restore, it fails with the above error message. I cleared the event logs and retried to isolate the relevant events. I see 5 warnings and 1 info event from VSS and 1… >>> More
Resolving System Restore error - Error 0x800423F3 - The writer experienced a transient error

as seen on Super User - Search for 'Super User'
System restore just stopped working, when I needed it most. (tried diff restore points... same error). Now everytime I run system-restore, it fails with the above error message. I cleared the event logs and retried to isolate the relevant events. I see 5 warnings and 1 info event from VSS and 1… >>> More
Windows system restore deletes various executables and *.js files. How does it decide which files to delete?

as seen on Super User - Search for 'Super User'
I restored my system from a Windows System Restore point. It solved some issues I was having, but introduced other strange problems (like my optical drive disappeared). One thing that surprised me was several files from my Web2Py installation were deleted: the executables and *.js files; possibly… >>> More
Is it recommend to use Windows XP System Restore?

as seen on Super User - Search for 'Super User'
I usually only enable system restore on OS drive. But even so, I rarely use it. Usually when got infected, system restore can't help resolving the issue. Besides got infected, I can't think of any case that requires system restore. So, is it recommend to enable it? Thanks. >>> More
Files Corrupted on System Restore

as seen on Server Fault - Search for 'Server Fault'
I restored my OSX today by copying the system over from a backup. Most things seem to be working, but every single GIT repo gives pretty much the same error fatal: object 03b45161eb27228914e690e032ca8009358e9588 is corrupted I have tried chowning, doing everything as sudo or root... I have no idea… >>> More

Developer IT

Dissect System Restore snapshots - Developer IT

Dissect System Restore snapshots

system-restore

Related posts about system-restore

Resolving System Restore error - Error 0x800423F3 - The writer experienced a transient error

Resolving System Restore error - Error 0x800423F3 - The writer experienced a transient error

Windows system restore deletes various executables and *.js files. How does it decide which files to delete?

Is it recommend to use Windows XP System Restore?

Files Corrupted on System Restore

Categories cloud