Groups | Search | Server Info | Login | Register

Groups > alt.comp.os.windows-10 > #122365

Re: Registry - this can't be good

From Arlen Holder <arlen_holder@newmachines.com>
Newsgroups alt.comp.os.windows-10, alt.comp.microsoft.windows
Subject Re: Registry - this can't be good
Date 2020-09-20 17:50 +0000
Organization Mixmin
Message-ID <rk84pi$5ih$1@news.mixmin.net> (permalink)
References <hspaumFe0faU1@mid.individual.net> <hspbmhFe51uU1@mid.individual.net> <hspeubFepteU1@mid.individual.net> <um3fmf58ptlke57v585o4rpd22slqbvgml@4ax.com>

Cross-posted to 2 groups.

Show all headers | View raw

On Sun, 20 Sep 2020 12:18:58 -0500, Char Jackson wrote:

>>>> What could this be? The most recent backup image (Macrium) is dated
>>>> 2018, but I'm inclined to use it to get rid of this crap... unless
>>>> anyone else has a better idea? 
>>> I've no idea what caused it, but over-writing the whole dick from a very
>>> old backup sounds a bit extreme.
>>I agree. I never overwrite my whole dick.
> Only because, due to its tremendous size, it would take too long.

This is for s-or-b, who has helped me in the past on the Android ng.
o So I hope this is partial payback for all his help prior. :)

I wouldn't suggest an overwrite unless you don't have a restore point.
o Of course, there's no guarrantee the restore point isn't similar.

I don't know if there is any way to check if a restore point has the same
problem, so I googled for restore point editors, so to speak.

Google as I may, I couldn't find anyone who asked the basic question of how
to see inside a system restore point BEFORE you restore it. Sigh.

Given there may be no tool to "look inside" a restore point before you
restore, I would suggest a procedure something like this:

1. Create a system restore point right now.
2. Then run av scans till you get bored (e.g., Malwarebytes or whatever).
3. Create another system restore point after those scans are done.
4. Then system restore to the earliest point you can find (if any).
5. Check the registry (let's presume it's clean of Chinese funk).
6. Then, progressively restore to successively newer restore point.
7. Stop when you see the registry is filled with the Chinese funk.
8. Back up to the registry restore point prior to the Chinese funk.

Since you'll be running "regedit" a lot, see this thread which enables you
to create a "regopen" command (Win+R > regopen) that bypasses UAC prompts:
o Expert help requested for removing UAC user account control task scheduler syntax 
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/7wpgdNscZNA>

Since you'll be creating restore points, see this thread on managing them:
o How to Create System Restore Points with Command Prompt or PowerShell
<https://www.top-password.com/blog/create-system-restore-points-with-cmd-or-powershell/>

Note: I wasn't able to get wmic to work from the command line to create a
restore point, so if you get it to work, send us the syntax by return mail.
o Win+R batch command to create a system restore point any time I want to create one 
<https://groups.google.com/forum/#!topic/alt.comp.microsoft.windows/Br5sAO9yoHU>

Note: This opens the SystemProperties form to the previous tab:
o Win+R > sysdm.cpl
And this opens up the SystemProperties form to the Hardware tab:
o Win+R > SystemPropertiesHardware
And this opens up the SystemProperties form to the System Protection tab:
o Win+R > SystemPropertiesProtection 
etc. (It's pretty consistent stuff.)

Note that if you have a command (as shown above), you an make a shortcut,
which means you can put it in the AppPaths key, which means you can create
any number of commands to put in your AppPaths to run those shortcuts, 
without the UAC prompt form coming up every time you run them.
-- 
Note: I use "Win+R" for almost everything nowadays; it's simply efficient.

Back to alt.comp.os.windows-10 | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-20 17:31 +0200
  Re: Registry - this can't be good Roger Mills <watt.tyler@gmail.com> - 2020-09-20 16:44 +0100
    Re: Registry - this can't be good Ken Blake <ken@invalidemail.com> - 2020-09-20 09:39 -0700
      Re: Registry - this can't be good Char Jackson <none@none.invalid> - 2020-09-20 12:18 -0500
        Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 17:50 +0000
          Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 18:02 +0000
          Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 18:30 +0000
        Re: Registry - this can't be good VanguardLH <V@nguard.LH> - 2020-09-20 13:30 -0500
          Re: Registry - this can't be good Ken Blake <ken@invalidemail.com> - 2020-09-20 12:21 -0700
    Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-20 21:41 +0200
      Re: Registry - this can't be good Mike Easter <MikeE@ster.invalid> - 2020-09-20 12:57 -0700
        Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 21:06 +0000
          Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 21:08 +0000
            Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 22:10 +0000
          Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-22 21:54 +0200
            Re: Registry - this can't be good Paul <nospam@needed.invalid> - 2020-09-22 18:06 -0400
              Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-24 17:24 +0200
        Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-21 22:06 +0200
          Re: Registry - this can't be good Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2020-09-23 01:14 +0100
            Re: Registry - this can't be good Char Jackson <none@none.invalid> - 2020-09-22 19:47 -0500
              Re: Registry - this can't be good Frank Slootweg <this@ddress.is.invalid> - 2020-09-23 15:27 +0000
            Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-24 17:26 +0200
  Re: Registry - this can't be good Neil <neil@myplaceofwork.com> - 2020-09-20 12:04 -0400
    Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 17:27 +0000
    Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-21 22:10 +0200
      Re: Registry - this can't be good Neil <neil@myplaceofwork.com> - 2020-09-22 07:13 -0400
        Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-22 21:57 +0200
          Re: Registry - this can't be good Neil <neil@myplaceofwork.com> - 2020-09-22 21:35 -0400
        Re: Registry - this can't be good Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2020-09-23 01:15 +0100
        Re: Registry - this can't be good "s|b" <me@privacy.invalid> - 2020-09-24 17:28 +0200
          Re: Registry - this can't be good Neil <neil@myplaceofwork.com> - 2020-09-24 15:16 -0400
            Re: Registry - this can't be good Paul <nospam@needed.invalid> - 2020-09-24 18:46 -0400
      Re: Registry - this can't be good Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2020-09-23 01:20 +0100
  Re: Registry - this can't be good VanguardLH <V@nguard.LH> - 2020-09-20 13:28 -0500
  Re: Registry - this can't be good Paul <nospam@needed.invalid> - 2020-09-20 16:48 -0400
    Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-20 22:10 +0000
      Re: Registry - this can't be good Paul <nospam@needed.invalid> - 2020-09-20 21:53 -0400
        Re: Registry - this can't be good  Arlen   Holder <arlen_holder@newmachines.com> - 2020-09-21 03:20 +0000
          Re: Registry - this can't be good Paul <nospam@needed.invalid> - 2020-09-21 01:13 -0400
  Re: Registry - this can't be good Shadow <Sh@dow.br> - 2020-09-20 18:50 -0300

csiph-web