_RESTORE Folder

Archived from groups: microsoft.public.windowsme.general (More info?)

Hi, I hope you are doing well.

I have a HP Pavillion with WMe on it. There is a _RESTORE folder under the c
drive that according to my antivirus checker contains all kinds of viruses,
etc. in files located within a TEMP directory and named Axxxxx.cpy. The
_RESTORE folder is a hidden folder but when I show it, I do not see the TEMP
directory or the A*.cpy files. I can't remove the A*.cpy files because I
can't get access to them.

Does anyone know the significance of the _RESTORE folder? Can I delete it?
If so, do you have any suggestions on how to do that? I can't access the
files in the SAFE MODE.

Any help on this _RESTORE issue will be greatly appreciated.
4 answers Last reply
More about _restore folder
  1. Archived from groups: microsoft.public.windowsme.general (More info?)

    The _Restore folder contains the information and backups required by System
    Restore.
    Viruses, etc. stored in that location cannot harm your PC UNLESS you restore
    to a time during which you were infected.

    I would recommend (assuming that your pc is now otherwise clear of viruses,
    and is functioning properly) resetting System Restore to clear the old
    restore points, and give you a clean starting-point.

    To Reset System Restore -
    System | Performance | File System | Troubleshooting and check
    "Disable System Restore",
    Apply and IMMEDIATELY reboot.
    This will flush you restore folder and erase all checkpoints, then,
    System | Performance | File System | Troubleshooting and uncheck
    "Disable System Restore",
    Apply and again IMMEDIATELY reboot.
    This should now automatically create a new checkpoint immediately following
    the restart.
    Finally adjust the space allocated to the restore folder,
    System | Performance | File System | Hard Disk and adjust the restore slider
    to your preferred setting.

    Most people find that a setting of 200-300MB is sufficient to hold 10-15
    days worth of restore points, unless you are doing a lot of
    installs/uninstalls, or installing large applications (such as Office).


    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm

    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

    "KenP" <KenP@discussions.microsoft.com> wrote in message
    news:CE3BB70F-C035-48E0-BB56-F9E26B7944C6@microsoft.com...
    > Hi, I hope you are doing well.
    >
    > I have a HP Pavillion with WMe on it. There is a _RESTORE folder under the
    > c
    > drive that according to my antivirus checker contains all kinds of
    > viruses,
    > etc. in files located within a TEMP directory and named Axxxxx.cpy. The
    > _RESTORE folder is a hidden folder but when I show it, I do not see the
    > TEMP
    > directory or the A*.cpy files. I can't remove the A*.cpy files because I
    > can't get access to them.
    >
    > Does anyone know the significance of the _RESTORE folder? Can I delete it?
    > If so, do you have any suggestions on how to do that? I can't access the
    > files in the SAFE MODE.
    >
    > Any help on this _RESTORE issue will be greatly appreciated.
  2. Archived from groups: microsoft.public.windowsme.general (More info?)

    _Restore is for the System Restore function....

    "KenP" <KenP@discussions.microsoft.com> wrote in message
    news:CE3BB70F-C035-48E0-BB56-F9E26B7944C6@microsoft.com...
    > Hi, I hope you are doing well.
    >
    > I have a HP Pavillion with WMe on it. There is a _RESTORE folder under the
    > c
    > drive that according to my antivirus checker contains all kinds of
    > viruses,
    > etc. in files located within a TEMP directory and named Axxxxx.cpy. The
    > _RESTORE folder is a hidden folder but when I show it, I do not see the
    > TEMP
    > directory or the A*.cpy files. I can't remove the A*.cpy files because I
    > can't get access to them.
    >
    > Does anyone know the significance of the _RESTORE folder? Can I delete it?
    > If so, do you have any suggestions on how to do that? I can't access the
    > files in the SAFE MODE.
    >
    > Any help on this _RESTORE issue will be greatly appreciated.
  3. Archived from groups: microsoft.public.windowsme.general (More info?)

    The virus indications in the Restore folder are of little consequence,
    unless you perform a restoral to an infected point. The following verbose
    info should cover all your questions. I believe author credit may go to Mr.
    Mike Maltby, MS-MVP...
    someone correct me if I'm wrong.
    ===================================

    SYMPTOMS

    When you run an antivirus program, you may receive a report that indicates
    that one or more files in the
    _Restore\Temp or the _Restore\Archive folders contain a virus or are
    infected with a virus. Also, your antivirus
    program may indicate an inability to remove the virus from the file or
    files.


    CAUSE

    This behavior occurs because the System Restore feature in Windows
    Millennium Edition (Me) protects all folders
    and files in the _Restore folder on the Windows Me system partition. This
    folder and all of its subfolders are the
    data store that the System Restore feature uses to restore your computer's
    operating system to a previous
    state from a previous point in time.

    Although some antivirus programs may have the ability to work with files
    that have been compressed or stored in
    .zip or .cab file format, the System Restore feature does not permit these
    utilities to manipulate these files
    within the data store. The data store is protected for data integrity
    purposes, and the System Restore feature is
    the only method you can use to obtain access to the data store. Because of
    this, the antivirus program is
    unable to remove the virus from the file or files in the data store. The
    files in the data store are inactive and can
    be used only by the System Restore feature.


    RESOLUTION

    To work around this behavior, use the appropriate method.

    Use the First In First Out (FIFO) Feature

    The FIFO routine purges the oldest restore points so that newer, more
    current restore points can be added to
    the data store. FIFO starts automatically when the files in the data store
    reach 90 percent of the maximum size
    of the data store. System Restore purges the oldest files first until the
    files in the data store occupy no more
    than 50 percent of the maximum size of the data store.

    For example, if the maximum size of the data store is 400 megabytes (MB),
    90 percent of this is 360 MB and 50
    percent is 200 MB. If the data store is 200 MB when you view the
    properties of the _Restore folder, it is 50
    percent of the maximum size. If you adjust the size of the data store to
    the minimum size of 200 MB, FIFO
    occurs when you click Apply .

    NOTE : If the data store is less than 90 percent (180 MB) of the minimum
    (200 MB) value, adjusting the size
    does not have any effect in purging restore points. In this scenario, you
    must carefully consider the use of the
    methods that are described in this article.

    Over a period of time, the data store purges restore points on a FIFO
    basis as the maximum size of the data
    store is reached. There are a few scenarios in which FIFO can be used to
    purge older restore points to retain
    more recent restore points on the computer.

    FIFO Method 1

    No action is required if the system has been cleaned and only the data
    store is reported by the antivirus tool to
    have suspicious files. Until all infected files are processed out on a
    FIFO basis, the antivirus tool may still report
    that there are infected files that it cannot obtain access to within the
    data store.

    FIFO Method 2

    You can trigger the FIFO feature to remove older restore points from the
    data store by resizing the data store.
    To use the System Restore feature to adjust the size of the data store:

    1.View the properties of the _Restore folder to determine how much data
    is actually in the data store. You
    do this to determine if this step will have any effect on the data
    store. If the data store uses less than 90
    percent (less than 180 MB) of the minimum value (200 MB), this method
    may have no effect on purging the
    restore points. If less than 90 percent of the data store is used,
    even at the minimum settings you should
    consider using FIFO method 1 or using the "Manually Purge the Data
    Store" method that is listed later in
    this article.

    2.Click Start , point to Settings , and then click Control Panel .

    3.Double-click System , and then click the Performance tab.

    4.Click File System .

    5.Adjust the System Restore disk space use slider to the approximate
    lower amount, and then click Apply
    .

    Note that you can use the System Restore disk space use slider to
    select the minimum amount of space
    to allocate for the data store, the maximum amount, or a size in
    between. Adjusting the slider to a lower
    value changes the the values that trigger FIFO. You may need to
    restart your computer for any changes
    to take effect.

    6.Click OK , and then click OK to close System properties.

    7.Use the antivirus tool to scan the computer to verify that the
    virus-infected files have been purged from
    the data store. If there are still infected files in the data store,
    repeat the previous steps and lower the
    data store size until the data store is clear of infected files.

    Note that you can also use the calendar page in the System Restore
    tool to view how far back the restore
    points were purged.

    8.After the infected files have been cleared from the data store by
    using this method, return the slider to
    the original or appropriate size, click OK to close any open windows,
    and then restart your computer.

    If there still is an infected file in the data store after you resize the
    data store to the minimum size, you can
    either wait for it to be processed out on a FIFO basis (FIFO method 1), or
    you may want to consider using the
    "Manually Purge the Data Store" method that is described later in this
    article to remove all restore points on your
    computer.

    Manually Purge the Data Store

    To completely and immediately remove the infected file or files in the
    data store, disable and re-enable the
    System Restore feature.

    WARNING : Using the following steps will completely remove all restore
    points from the data store. Do not use
    this method if this will cause problems. When you enable the System
    Restore feature again, the System Restore
    feature will create a new restore point and then resume monitoring your
    computer.

    1.Click Start , point to Settings , and then click Control Panel .

    2.Double-click System , and then click the Performance tab.

    3.Click File System , and then click the Troubleshooting tab.

    4.Click to select the Disable System Restore check box, click Apply ,
    click to clear the Disable System
    Restore check box, click Apply , and then click OK .

    5.Restart the computer when you are prompted to do so. When the
    computer restarts, the data store is
    purged and the System Restore feature begins monitoring the system
    again.


    STATUS

    This behavior is by design.


    MORE INFORMATION

    The _Restore folder is protected by default and prevents programs from
    using or manipulating the files that are
    within this folder. These files are inactive while in the data store and
    are not used by any utility other than
    System Restore.

    The System Restore feature is not designed to detect or scan for virus
    infections or virus activity. Most
    computer virus infections seek or attack files with extensions such as
    ..exe or .com. These are file types that the
    System Restore feature is designed to monitor.

    NOTE : If you restore your computer to a previous state when you did not
    have an installed antivirus tool, you
    must install an antivirus tool and clean any files that were restored and
    are infected.
    =====================================
    Heirloom, old and brevity is a good thing

    "Andrew Murray" <admurray@iinet.net.au> wrote in message
    news:%23HUBudbRFHA.2348@tk2msftngp13.phx.gbl...
    > _Restore is for the System Restore function....
    >
    > "KenP" <KenP@discussions.microsoft.com> wrote in message
    > news:CE3BB70F-C035-48E0-BB56-F9E26B7944C6@microsoft.com...
    > > Hi, I hope you are doing well.
    > >
    > > I have a HP Pavillion with WMe on it. There is a _RESTORE folder under
    the
    > > c
    > > drive that according to my antivirus checker contains all kinds of
    > > viruses,
    > > etc. in files located within a TEMP directory and named Axxxxx.cpy. The
    > > _RESTORE folder is a hidden folder but when I show it, I do not see the
    > > TEMP
    > > directory or the A*.cpy files. I can't remove the A*.cpy files because I
    > > can't get access to them.
    > >
    > > Does anyone know the significance of the _RESTORE folder? Can I delete
    it?
    > > If so, do you have any suggestions on how to do that? I can't access the
    > > files in the SAFE MODE.
    > >
    > > Any help on this _RESTORE issue will be greatly appreciated.
    >
    >
  4. Archived from groups: microsoft.public.windowsme.general (More info?)

    "The virus indications in the Restore folder are of little consequence,
    unless you perform a restoral to an infected point. The following verbose
    info should cover all your questions.
    I believe author credit may go to Mr. Mike Maltby, MS-MVP...
    someone correct me if I'm wrong."


    Here is the actual source/reference, heirloom ...

    "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;263455

    --
    Jack E Martinelli 2002-05 MS MVP Shell/User /DTS
    Help us help you: http://www.dts-L.org/goodpost.htm
    In Memorium: Alex Nichol
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
    Your cooperation is very appreciated.
    ----------
    "heirloom" <heirloom@nospamatall.invalid> wrote in message
    news:%23uq1RIdRFHA.2228@TK2MSFTNGP12.phx.gbl...
    > The virus indications in the Restore folder are of little consequence,
    > unless you perform a restoral to an infected point. The following verbose
    > info should cover all your questions. I believe author credit may go to
    Mr.
    > Mike Maltby, MS-MVP...
    > someone correct me if I'm wrong.


    > ===================================
    >
    > SYMPTOMS
    >
    > When you run an antivirus program, you may receive a report that
    indicates
    > that one or more files in the
    > _Restore\Temp or the _Restore\Archive folders contain a virus or are
    > infected with a virus. Also, your antivirus
    > program may indicate an inability to remove the virus from the file or
    > files.
    >
    >
    > CAUSE
    >
    > This behavior occurs because the System Restore feature in Windows
    > Millennium Edition (Me) protects all folders
    > and files in the _Restore folder on the Windows Me system partition.
    This
    > folder and all of its subfolders are the
    > data store that the System Restore feature uses to restore your
    computer's
    > operating system to a previous
    > state from a previous point in time.
    >
    <SNIP>
Ask a new question

Read More

Hewlett Packard Windows