[Lex Computer & Tech Group/LCTG] an issue
Drew King
dking65 at kingconsulting.us
Tue Nov 14 12:19:54 PST 2023
Agree,
I have a 1 TB drive, so giving system restore the ability to go back 2
weeks is golden.
I create a new restore point before doing anything with my computer.
Drew.
On 11/14/2023 3:17 PM, Robert Primak wrote:
> I like to have as many Restore Points as I can put into Windows. The
> reason is, I might have to restore to a point up to a month ago, which
> was my last Macrium Reflect System Full Backup time. Between full
> image snapshots
> I do not trust anything in Windows to remain stable and "unimproved".
>
> Given the amount of software my system typical carries, and the fact
> that some data also live onboard for everyday use, I allow several
> gigabytes on my system drive for Restore Points in Windows 11. This is
> probably vast overkill, but it's only a few percent of a 1TB SSD, and
> it doesn't slow the system or hamper the speed of making a full system
> backup (5 to 10 mins typically in my system, and about as much time
> for the Verify step). You should probably also have at least one extra
> copy of your system backups, on a separate external drive.
>
> I definitely back up my system before the Patch Tuesday monthly
> Windows Updates. This is not just a Restore Point.
>
> A backup without Verification may surprise you in a very bad way.
> Always verify system backups. And back up data separately and more
> frequently than the system.
>
> But circling back to Restore points, do you really want only between
> one and three? Are you THAT confident in Windows and software updates?
>
> More than three Restore Points might be overkill. And the default
> value once System Restore is turned on may exceed that capacity. So
> feel free to reset the maximum amount of disk space allowed for
> Restore Points with the slider. You'll know if you undershoot. Better
> yet, have a system drive on an SSD with plenty of capacity.
> "Overprovisioning" in this way can improve the longevity of an SSD.
>
>
> On Tuesday, November 14, 2023 at 02:45:03 PM EST,
> <jjrudy1 at comcast.net> wrote:
>
>
> I have 11 and the restore points are set, but a huge amount of space
> is devoted to it so when I went to the Geek Squad to solve my malware
> issue they reduced the space.
>
> John
>
> *From:* Drew King (dking65 at kingconsulting.us) <dking65 at kingconsulting.us>
> *Sent:* Saturday, November 11, 2023 1:47 AM
> *To:* Robert Primak <bobprimak at yahoo.com>; Robert Primak via LCTG
> <lctg at lists.toku.us>; 'Smita Desai' <smitausa at gmail.com>; 'Adam Broun'
> <abroun at gmail.com>; jjrudy1 at comcast.net
> *Cc:* 'Lex Computer Group' <lctg at lists.toku.us>
> *Subject:* Re: [Lex Computer & Tech Group/LCTG] an issue
>
> This reminds me about System restore points.
>
> Your computer should if it is enabled periodically create restore
> points that will allow you to revert your computer back to that state
> pre-virus or malware or adware or whatever it is.
>
> It's worth checking your system restore settings and look for a recent
> system restore point that you can go back to. That will clear up the
> problem absolutely.
>
> I haven't checked for myself but somebody told me that Windows 11 has
> system restore disabled by default if that is the case then you would
> want it enabled and make sure you make a periodic restore point.
>
> I make one before installing anything on my computer and it has gotten
> me out of a jam more than once by allowing me to revert my system Back
> to Before the time when the software was installed.
>
>
> --
> Drew King
>
> On November 11, 2023 12:34:48 AM EST, Robert Primak via LCTG
> <lctg at lists.toku.us> wrote:
>
> I think this is adware, not a true virus infection. Which makes it
> easier to remove and keep it from coming back. But you will need
> to run anything you choose to try in Windows Safe Mode. This is
> necessary to stop any services which prevent the entire unwanted
> package from being totally removed. Registry cleanup is a must as
> well, because it's through Registry corruption that adware often
> reinstalls itself.
>
> If you can handle a little Command-Line action, restoring any
> corrupted system files would be a good idea after the adware is
> actually gone and does not come back.
>
> The Command Line tools would be sfc/scannow and dism/restorehealth.
>
> But let's try to remove the adware first.
>
> Two options:
>
> ADWCleaner from Malwarebytes: You can run this one from Windows
> Safe Mode, and that would be better than running it in Windows
> Normal Mode. This program specifically targets adware and browser
> corruptions.
>
> If anyone knows of a portable antivirus app, which can run
> independently of a booted Windows OS, this would be the next step.
>
> Windows Defender lets you run Windows Defender offline (WDO). It's
> an advanced option under the Defender Scan Options. It should be
> the bottom option. But this scan won't work on every computer, and
> I never see it make a proper log which Defender can display.
>
> Portable antivirus scanners can be put onto a USB flash drive, if
> you have a way to make the flash drive bootable. RUFUS is one way,
> and I think they allow you to create a boot drive with an AV
> scanner and other tools included.
>
> It's a little tricky getting into USB Boot under Windows 11 due to
> new security keys required for USB boot devices. I have used
> Ventoy to create flash drives with multiple CDs (ISOs) which will
> boot and run their programs from USB. If one of these disk images
> contains a good antivirus scanner, you can do the tool's database
> update, ID the adware, remove it and clean up from outside of
> Windows. Make any USB flash drive on a different computer from the
> infected one.
>
> If this does not clean up the infection, it's time to bite the
> bullet and reinstall Windows. That may not work in extreme cases,
> but a clean erase of the drive followed by reinstalling Windows
> will in most cases produce a virus-free result. If you download
> Windows 11 from Microsoft for a reinstall, be aware that you are
> upgrading to the newest Fall Feature Update (23H2). RUFUS may
> allow you to stick with 22H2 or whichever version you are on now.
> Windows 10 does not have this issue.
>
> I think ADWCleaner will root out this infection. It looks like
> adware, and the browser is the most likely source of the trouble.
> That makes this more of an adware infection than a true virus
> situation. But you should try to get into Windows Safe Mode and
> then run one of the group's recommendations, or some other
> portable adware-targeting anti-malware tool.
>
> -- Bob Primak
>
> On Friday, November 10, 2023 at 05:03:43 PM EST, John Rudy via
> LCTG <lctg at lists.toku.us> wrote:
>
> I have rebooted twice
>
> *From:*LCTG <lctg-bounces+jjrudy1=comcast.net at lists.toku.us> *On
> Behalf Of *Smita Desai via LCTG
> *Sent:* Friday, November 10, 2023 4:58 PM
> *To:* Adam Broun <abroun at gmail.com>
> *Cc:* Lex Computer Group <lctg at lists.toku.us>
> *Subject:* Re: [Lex Computer & Tech Group/LCTG] an issue
>
> I would also reboot and keep disconnected from the internet.
>
> Smita Desai
>
> Sent from my iPhone
>
> On Nov 10, 2023, at 4:08 PM, Adam Broun via LCTG
> <lctg at lists.toku.us> wrote:
>
> When do these messages appear? Upon boot up? After opening
> a browser window? Other? That might narrow down where to look
> (e.g in startup folder or registry, browser settings, etc.
>
> On Nov 10, 2023, at 15:59, palbin24 at yahoo.com wrote:
>
> I’m reluctant to suggest major surgery and I hope someone
> has a good idea
>
> A middle ground might be reinstalling the OS. There are
> tools from Microsoft and perhaps your computer vendor to
> help. Wait to see if there are any other options before
> going down this road.
>
> Peter
>
> On Nov 10, 2023, at 3:47 PM, John Rudy via LCTG
> <lctg at lists.toku.us> wrote:
>
>
>
> They are back, so Malware Bytes didn’t do it.
>
> *From:*Adam Broun <abroun at gmail.com>
> *Sent:*Friday, November 10, 2023 3:39 PM
> *To:*jjrudy1 at comcast.net
> *Cc:*Lex Computer Group <lctg at lists.toku.us>
> *Subject:*Re: [Lex Computer & Tech Group/LCTG] an issue
>
> Check the home page settings in your browser. My
> guess is a script got triggered that put something
> funky in there. And try running the inbuilt Windows
> virus scan.
>
>
>
> On Nov 10, 2023, at 15:27, John Rudy via LCTG
> <lctg at lists.toku.us> wrote:
>
> Starting this morning I began to receive these
> messages. I assumed that they were a scam and I
> do not believe I have McAfee on my system. I have
> not clicked on either t
>
> the Yes or No Thanks. But they are covering things
> up and I seem unable to get rid of them.
>
> I did close down mail and rebooted, but they are
> back. Any thoughts?
>
> <image002.png>
>
> John Rudy
>
> 781-861-0402
>
> 781-718-8334 cell
>
> 13 Hawthorne Lane
>
> Bedford MA
>
> jjrudy1 at comcast.net
>
> <image001.png>
>
> ===============================================
> ::The Lexington Computer and Technology Group
> Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list:LCTG at lists.toku.us
> <mailto:LCTG at lists.toku.us> Message
> archives:http://lists.toku.us/pipermail/lctg-toku.us/
> <http://lists.toku.us/pipermail/lctg-toku.us/>
> To subscribe: emaillctg-subscribe at toku.us
> <mailto:lctg-subscribe at toku.us> To unsubscribe:
> emaillctg-unsubscribe at toku.us
> <mailto:lctg-unsubscribe at toku.us>
> Future and Past meeting
> information:http://LCTG.toku.us <http://lctg.toku.us/>
> List
> information:http://lists.toku.us/listinfo.cgi/lctg-toku.us
> <http://lists.toku.us/listinfo.cgi/lctg-toku.us>
> This message was sent toabroun at gmail.com
> <mailto:abroun at gmail.com>.
> Set your list
> options:http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com
> <http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com>
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing
> List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list:LCTG at lists.toku.us Message
> archives:http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: emaillctg-subscribe at toku.us To
> unsubscribe: emaillctg-unsubscribe at toku.us
> Future and Past meeting
> information:http://LCTG.toku.us <http://lctg.toku.us/>
> List
> information:http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent topalbin24 at yahoo.com.
> Set your list
> options:http://lists.toku.us/options.cgi/lctg-toku.us/palbin24@yahoo.com
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us Message archives:
> http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us To unsubscribe:
> email lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> <http://LCTG.toku.us>
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to smitausa at gmail.com.
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/smitausa@gmail.com
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us Message archives:
> http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us To unsubscribe: email
> lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> <http://LCTG.toku.us>
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to bobprimak at yahoo.com.
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com
>
--
Drew King
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20231114/64fb212e/attachment.htm>
More information about the LCTG
mailing list