Hi, I had a similar experience with the sasser worm and a friend's machine running Windows XP. I went to the Symantec site and pulled the sasser fix in an executable file. This costs nothing and is a fairly quick download 'cause the files are small. You just have to have the bad guy identified as the files are specific to the virus/worm. Then before you run the fix, turn off the Restore feature. That got it. If the folks in trouble cannot access the web, I pull the fix and put it on a thumbdrive or a floppy, (if they have no USB). Frank ----- Original Message ----- From: "Jeremy C. Reed" To: Sent: Monday, May 10, 2004 5:54 PM Subject: Re: restore > On Mon, 10 May 2004, Craig White wrote: > > > I don't recall seeing anything like that in the distro's that I've > > worked with. This is mostly unnecessary since the the two reasons for > > this feature are to overcome virus damage or installation damage where > > an older dll overwrites a newer dll. Even Windows has implemented a > > method to keep the overwrites from occurring now. > > I rarely touch Windows, but in-laws (who used NetBSD and then Linux for a > year before buying a new computer) needed my help. > > They had the sasser worm. I followed the instructions (so I thought) at > the Microsoft.org website. I did a Windows Update and chose yes to update. > Then it suggested I needed to restart the system. > > So I did. > > The system failed to come back up and was missing a DLL. My mouse moved on > a blank screen but nothing else was shown. Booting to safe mode didn't > help. Then my Windows friend suggested that I boot using "last known > configuration" and it worked. > > I still had the sasser. Many processes starting faster than I could stop > them. Anyways, I manually removed the binaries, removed some registry > startups with regedit, and turned on the Xp firewall. All is well now, I > guess. > > For Linux, this couold probably be easily done a couple ways: > > - backup all configs in a tarball (that is dated) > > - backup all system commands and libraries > or alternatively: > - have a list of installed packages with exact version numbers and > packages readily available > > Then to recover to last known configuration have a script that backups > broken configuration and overwrites with new. > > > I suppose that if you had a corrupted 'package' on Linux, you could do > > something like 'apt-get -f install package' to put the original binaries > > back in place. > > dpkg can output a list of packages installed and can use same list to > install. (But --get-selections doesn't seem to have package versions.) > > > Jeremy C. Reed > > BSD News, BSD tutorials, BSD links > http://www.bsdnewsletter.com/ > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss