_RESTORE\TEMP accum 168 MB of A00?????.CPY after cleanout when perm uninstall Symantec AV

Think this is an Avira problem? And maybe a common difficulty/challenge/pitfall of AV programs with WinME?

These CPY have been accumulating since replaced NAV 03 with AntiVir PersonalEdition Classic (date of Avira install assumed
same as Avira program folder date: 27 Jun 2006)

C:\_RESTORE\TEMP 168 MB 2,266 files, 0 folders
daterange 10 Apr 1997 - 18 Sep 2006 (today)
Range of dates include 'false' dates as old as 1997.

TEMP00 is another folder alongside (same folder level) TEMP, but empty. IIRC, NAV never created any extra folders.

dir list of _RESTORE\TEMP (actually, of dragged shortcuts because it seems some operations are restricted when directly
within _RESTORE folders) I've snipped most of the A00?????.CPY from the middle of list:
_____________________________________
(Too many files, directory not sorted)
A0076363.CPY
A0076411.CPY
A0076409.CPY
A0076374.CPY
A0076373.CPY


A0075477.CPY
SYS_RW32.0
A0075143.CPY


A0073689.CPY
WLDAP32.0
SHDOCLC.0
MSXML3A.0
MSXML3.0
MSLS31.0
MSIDNTLD.0
MSHTMLED.0
MLANG.0
IMGUTIL.0
IMAGEHLP.2
CORPOL.0
COMCTL32.0
BROWSELC.0
ATL.0
_____________________________________

tia, naturally

Dan
Mon Sep 18 07:17:43 CDT 2006

MsOsWin@anon.com wrote:
> Think this is an Avira problem? And maybe a common difficulty/challenge/pitfall of AV programs with WinME?
>
> These CPY have been accumulating since replaced NAV 03 with AntiVir PersonalEdition Classic (date of Avira install assumed
> same as Avira program folder date: 27 Jun 2006)
>
> C:\_RESTORE\TEMP 168 MB 2,266 files, 0 folders
> daterange 10 Apr 1997 - 18 Sep 2006 (today)
> Range of dates include 'false' dates as old as 1997.
>
> TEMP00 is another folder alongside (same folder level) TEMP, but empty. IIRC, NAV never created any extra folders.
>
> dir list of _RESTORE\TEMP (actually, of dragged shortcuts because it seems some operations are restricted when directly
> within _RESTORE folders) I've snipped most of the A00?????.CPY from the middle of list:
> _____________________________________
> (Too many files, directory not sorted)
> A0076363.CPY
> A0076411.CPY
> A0076409.CPY
> A0076374.CPY
> A0076373.CPY
>
>
> A0075477.CPY
> SYS_RW32.0
> A0075143.CPY
>
>
> A0073689.CPY
> WLDAP32.0
> SHDOCLC.0
> MSXML3A.0
> MSXML3.0
> MSLS31.0
> MSIDNTLD.0
> MSHTMLED.0
> MLANG.0
> IMGUTIL.0
> IMAGEHLP.2
> CORPOL.0
> COMCTL32.0
> BROWSELC.0
> ATL.0
> _____________________________________
>
> tia, naturally

I used to use AntiVir but then it started acting weird in my 98SE
configuration and I switched both the 98SE side and XP Pro. side to AVG
antivirus which I prefer.

Mike
Mon Sep 18 07:42:59 CDT 2006

The problem you are seeing may well originate with the installation of
Avira and is an indication that system restore is possibly broken,
Basically system restore seems to have stopped cabbing the files
temporarily archived in the _RESTORE\TEMP folder. Open System Restore and
check when the last checkpoint was created. If not recently try making a
manual checkpoint and see if any errors are reported.

If you haven't used system restore recently the problem could well have
originated with NAV03 and LiveUpdate neither of which are compatible with
Win Me and well known for trashing system restore.
--
Mike Maltby
MS-MVP Windows
mike.maltby@gmail.com


MsOsWin@anon.com <MsOsWin@anon.com> wrote:

> Think this is an Avira problem? And maybe a common
> difficulty/challenge/pitfall of AV programs with WinME?
>
> These CPY have been accumulating since replaced NAV 03 with AntiVir
> PersonalEdition Classic (date of Avira install assumed same as Avira
> program folder date: 27 Jun 2006)
>
> C:\_RESTORE\TEMP 168 MB 2,266 files, 0 folders
> daterange 10 Apr 1997 - 18 Sep 2006 (today)
> Range of dates include 'false' dates as old as 1997.
>
> TEMP00 is another folder alongside (same folder level) TEMP, but
> empty. IIRC, NAV never created any extra folders.
>
> dir list of _RESTORE\TEMP (actually, of dragged shortcuts because it
> seems some operations are restricted when directly within _RESTORE
> folders) I've snipped most of the A00?????.CPY from the middle of
> list: _____________________________________ (Too many files,
> directory not sorted)
> A0076363.CPY
> A0076411.CPY
> A0076409.CPY
> A0076374.CPY
> A0076373.CPY
>
>
> A0075477.CPY
> SYS_RW32.0
> A0075143.CPY
>
>
> A0073689.CPY
> WLDAP32.0
> SHDOCLC.0
> MSXML3A.0
> MSXML3.0
> MSLS31.0
> MSIDNTLD.0
> MSHTMLED.0
> MLANG.0
> IMGUTIL.0
> IMAGEHLP.2
> CORPOL.0
> COMCTL32.0
> BROWSELC.0
> ATL.0
> _____________________________________
>
> tia, naturally

MsOsWin
Wed Sep 20 09:14:20 CDT 2006

"Mike M" <No_Spam@Corned_Beef.Only> in
news:ufPwMAy2GHA.4108@TK2MSFTNGP04.phx.gbl:

> The problem you are seeing may well originate with the installation of
> Avira and is an indication that system restore is possibly broken,
> Basically system restore seems to have stopped cabbing the files
> temporarily archived in the _RESTORE\TEMP folder. Open System Restore
> and check when the last checkpoint was created. If not recently try
> making a manual checkpoint and see if any errors are reported.
>
> If you haven't used system restore recently the problem could well
> have originated with NAV03 and LiveUpdate neither of which are
> compatible with Win Me and well known for trashing system restore.

the curse lingers? :-)

yes, i've noticed sys restore hangs, the few times i've (tried) checki(ing) it.
when i uninstalled nav03, i don't recall doing moer than resetting restore size to zero, or maybe also i shut it off temporarily, then
reenabled it. (whatever that entails... restarts or reopen the disk properties, i forget the usual procedure).

in other words, i think i did the usual. i didn't use any "repair windows from the cd" type of procedure.

anyway. i've als had oe hang, (for much shorter period of time). and i've tried a few things, inl reinstall from ie6setup. but i think i
saw mention of imagehlp involved with oe6 rtrouble. and i noticed some renamed versions in _restore\tmp
imagehlp.0 143kB
imagehlp.1 106kB
imagehlp.2 106kB
IMGUTIL.0 31kB

(the two 106 kB are not exactly same byte size)

so maybe "refreshing" (above mentioned procedure) restore will fix the oe6 trouble too (i've got a few of fingers crossed, which
gives you an idea of the cuase of all my typos)


thanks for both of responders responses.

Mike
Wed Sep 20 13:48:13 CDT 2006

I'm unclear as to why you are now changing the direction of this thread.
I thought you wanted to fix any problems you might have with system
restore (the subject of this thread) but if you want to move on to other
matters such as problems with Outlook Express then it might be a good idea
to start a new thread. .

If you wish to continue with the system restore then it would help if you
were to let me know:
a) What is the date of the last checkpoint
b) Can you make a manual checkpoint?
I don't need to know the names of any files in the _RESTORE\TEMP folder
most of which are irrelevant

If however you have system restore disabled then say so and I will tell
you what you need to do to clear the _RESTORE\TEMP folder as well as any
other folders that are currently populated in the _RESTORE hierarchy.
--
Mike Maltby
MS-MVP Windows
mike.maltby@gmail.com



MsOsWin@anon.com <MsOsWin@anon.com> wrote:

> the curse lingers? :-)
>
> yes, i've noticed sys restore hangs, the few times i've (tried)
> checki(ing) it.
> when i uninstalled nav03, i don't recall doing moer than resetting
> restore size to zero, or maybe also i shut it off temporarily, then
> reenabled it. (whatever that entails... restarts or reopen the disk
> properties, i forget the usual procedure).
>
> in other words, i think i did the usual. i didn't use any "repair
> windows from the cd" type of procedure.
>
> anyway. i've als had oe hang, (for much shorter period of time). and
> i've tried a few things, inl reinstall from ie6setup. but i think i
> saw mention of imagehlp involved with oe6 rtrouble. and i noticed
> some renamed versions in _restore\tmp
> imagehlp.0 143kB
> imagehlp.1 106kB
> imagehlp.2 106kB
> IMGUTIL.0 31kB
>
> (the two 106 kB are not exactly same byte size)
>
> so maybe "refreshing" (above mentioned procedure) restore will fix
> the oe6 trouble too (i've got a few of fingers crossed, which
> gives you an idea of the cuase of all my typos)
>
>
> thanks for both of responders responses.

cquirke
Sun Sep 24 01:54:32 CDT 2006

On Mon, 18 Sep 2006 13:42:59 +0100, "Mike M"

>The problem you are seeing may well originate with the installation of
>Avira and is an indication that system restore is possibly broken,
>Basically system restore seems to have stopped cabbing the files
>temporarily archived in the _RESTORE\TEMP folder. Open System Restore and
>check when the last checkpoint was created. If not recently try making a
>manual checkpoint and see if any errors are reported.

That may even be by design, if one or more of those temporary files is
found to be malicious. Perhaps the av is blocking the access to them
that the cabbing process requires?

These days, a lot of malware spreads out as a single generation from a
source that can be updated in real time - so it's common for av to
miss something when it arrives today, and then only start to detect it
once a newer update creates an awareness of the missed malware.

This is also why the need to formal malware cleanup (as opposed to
resident av blocking of incoming malware) has not gone away, even if
our ability to do so (in a world of NTFS and > 137G) has been eroded.



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

Dan
Sun Sep 24 07:36:31 CDT 2006

cquirke (MVP Windows shell/user) wrote:
> On Mon, 18 Sep 2006 13:42:59 +0100, "Mike M"
>
>> The problem you are seeing may well originate with the installation of
>> Avira and is an indication that system restore is possibly broken,
>> Basically system restore seems to have stopped cabbing the files
>> temporarily archived in the _RESTORE\TEMP folder. Open System Restore and
>> check when the last checkpoint was created. If not recently try making a
>> manual checkpoint and see if any errors are reported.
>
> That may even be by design, if one or more of those temporary files is
> found to be malicious. Perhaps the av is blocking the access to them
> that the cabbing process requires?
>
> These days, a lot of malware spreads out as a single generation from a
> source that can be updated in real time - so it's common for av to
> miss something when it arrives today, and then only start to detect it
> once a newer update creates an awareness of the missed malware.
>
> This is also why the need to formal malware cleanup (as opposed to
> resident av blocking of incoming malware) has not gone away, even if
> our ability to do so (in a world of NTFS and > 137G) has been eroded.
>
>
>
>> ------------ ----- --- -- - - - -
> Drugs are usually safe. Inject? (Y/n)
>> ------------ ----- --- -- - - - -

Chris, a Microsoft employee liked my idea of a Classics series since
98SE is still so popular. This idea may become reality if my vision
about this comes true. I will keep you informed if you wish.
Basically, it has another 9x operating system come out that is the true
successor to 98SE and fixes all the issues in ME and will not be an XP
or Vista replacement but will be targeted at users with older computers
such as fast 486's or weak Pentium 1 machines that do not want all the
added services of XP and Vista and just want their old programs to
continue to run and to be able to have support from Microsoft with their
operating system.

Mike
Sun Sep 24 08:09:50 CDT 2006

Very much wishful thinking. Microsoft will never waste their time or
effort on such a project since the market for such an operating system
wouldn't cover the cost of producing the CDs let alone development.

The only way such a project might come to fruition is if MS were to make
the Win9x code open source and some third party developers were to donate
their time.
--
Mike Maltby
mike.maltby@gmail.com


Dan <spamyou@user.nec> wrote:

> Chris, a Microsoft employee liked my idea of a Classics series since
> 98SE is still so popular. This idea may become reality if my vision
> about this comes true. I will keep you informed if you wish.
> Basically, it has another 9x operating system come out that is the
> true successor to 98SE and fixes all the issues in ME and will not be
> an XP or Vista replacement but will be targeted at users with older
> computers such as fast 486's or weak Pentium 1 machines that do not
> want all the added services of XP and Vista and just want their old
> programs to continue to run and to be able to have support from
> Microsoft with their operating system.

Dan
Mon Sep 25 09:16:24 CDT 2006

Mike M wrote:
> Very much wishful thinking. Microsoft will never waste their time or
> effort on such a project since the market for such an operating system
> wouldn't cover the cost of producing the CDs let alone development.
>
> The only way such a project might come to fruition is if MS were to make
> the Win9x code open source and some third party developers were to
> donate their time.

Thanks for your reply, Mike. Hopefully, the solution you provided will
happen then but I would prefer my solution even if it is just wishful
thinking on my part. <grin>

Mike
Mon Sep 25 09:52:56 CDT 2006

I cannot for the earth of me think why you would want to see the extremely
limiting 9x operating system developed in anyway. The OS is dead, long
since. One major deficiency being the in-built back compatibility with
Win 95 and the 64Kb stacks used for 16 bit modules. Such an OS model was
near end of life when Win Me was released in 2000 and I cannot for the
life of me believe that anyone, even the most die-hard geek, would want to
waste their time today on working with the Win9x kernel.

Of course if you want to run a 486 processor or early Pentium, you are
free to do so but run a similar vintage operating system that was designed
for such cpus. If you want to use a modern dual core processor then
similarly use an operating system that was designed to run on such systems
not one that has so many built-in limitations that cannot utilise the
features of the cpu.
--
Mike Maltby
mike.maltby@gmail.com


Dan <spamyou@user.nec> wrote:

> Thanks for your reply, Mike. Hopefully, the solution you provided
> will happen then but I would prefer my solution even if it is just
> wishful thinking on my part. <grin>

Dan
Mon Sep 25 21:33:11 CDT 2006

Mike M wrote:
> I cannot for the earth of me think why you would want to see the
> extremely limiting 9x operating system developed in anyway. The OS is
> dead, long since. One major deficiency being the in-built back
> compatibility with Win 95 and the 64Kb stacks used for 16 bit modules.
> Such an OS model was near end of life when Win Me was released in 2000
> and I cannot for the life of me believe that anyone, even the most
> die-hard geek, would want to waste their time today on working with the
> Win9x kernel.
>
> Of course if you want to run a 486 processor or early Pentium, you are
> free to do so but run a similar vintage operating system that was
> designed for such cpus. If you want to use a modern dual core processor
> then similarly use an operating system that was designed to run on such
> systems not one that has so many built-in limitations that cannot
> utilise the features of the cpu.

I am running a fairly modern computer -- Intel P4 2.4 Ghz. PC

2. 512 megs ddr ram

3. DVD burner and cd burner

4. 3.5 inch floppy drive of course for backwards compatibility and who
cries if a floppy is lost <grin>

5. Microsoft Keyboard

6. Two Microsoft Mice -- one old-school one with trackball and installed
Dos driver for backwards compatibility -- Wheel mouse 3.0 and the other
a fairly modern optical mouse -- Intellimouse Explorer 3.0 -- connected
via USB and the other mouse is via PS/2 port

7. 4.1 Cambridge Soundworks speaker system

8. Ati Radeon 9800XT -- video card with 8x AGP in my system and has 256
megs. of video memory -- its own fan -- a really sweet card and uses
Windows Millennium driver in 98SE -- grin and the best Ati graphics card
that money can buy that is supported in 98SE and ME <BTW, Ati Radeon
9500 and above are still supported and support the new Aero Glass
interface in Vista Ultimate 32 bit which I am currently testing for
Microsoft>

9. Sound Blaster Audigy 1 --- will be supported in Windows Vista --
Thankfully and is a great sound card that is an older Audigy 1 model
that is backwards compatible to 98SE -- <smile>

10. Epson Stylus C64 -- nothing special -- just a printer

11. Microsoft Sidewinder Precision 2 Joystick -- had lots of fun with
this in Wing Commander Prophecy

12. This system was originally a Falcon-Northwest gaming rig which now
has everything upgraded but the Teac 3.5 inch floppy, the old cathode
ray tube -- Optiquest V773-2 monitor and the nice metal case with a
plastic front

13. Sweet ASUS deluxe motherboard

14. 430 watt Antec Power Supply and lots of fans for cooling this system

15. As you can see it is not the newest rig but is nice for my needs --
I have two WD hard drives -- 98SE resides on the 40 gigabyte hard drive
in Fat32 while XP Pro. and Windows Vista rely on two separate partitions
on the other drive in NTFS

16. I plan to upgrade to 2 gigabytes of crucial memory --- from ddr 2700
to ddr 3200 <I think will have to check if you are interested> and I
will make the adjustments to 98SE so it will not choke on the extra
memory. <grin> (will reuse the older 2700 ddr memory -- 512 mb chip in
one of the other computers I maintain)

17. Remember the needs of computers are to serve the user and if XP
Pro. and Vista cannot run older software then 98SE is a great solution
but since it is no longer supported by Microsoft -- a classic series
solution is needed

MsOsWin
Sun Oct 01 18:57:57 CDT 2006

"Mike M" <No_Spam@Corned_Beef.Only> in
news:ONpaVVO3GHA.836@TK2MSFTNGP02.phx.gbl:

> I'm unclear as to why you are now changing the direction of this
> thread.

because "(ie is oe) and (ie is integrated with win)". or so we've read. and since oe has had
trouble in the same year, there might be an association i've never come across.

an example that ties back to this thread: who would have expected av ware to conflict or
mess with system restore?


>I thought you wanted to fix any problems you might have with
> system restore (the subject of this thread) but if you want to move on
> to other matters such as problems with Outlook Express then it might
> be a good idea to start a new thread. .

actually.. since i've spent some time pursuing the usual advice for oe, with no
improvement, and deleting *.cpy via a floppy boot works ok... i expect i'll have to limp
along for a few more months, then and do sequential hardware an os replacements.

> If you wish to continue with the system restore then it would help if
> you were to let me know:
> a) What is the date of the last checkpoint
> b) Can you make a manual checkpoint?
> I don't need to know the names of any files in the _RESTORE\TEMP
> folder most of which are irrelevant
>
> If however you have system restore disabled then say so and I will
> tell you what you need to do to clear the _RESTORE\TEMP folder as well
> as any other folders that are currently populated in the _RESTORE
> hierarchy.

disabled now. i'll try to get back to this after deleting any suspect remains in the restore
folder(s). too bad restore can't be "zeroed" as recycled can be.

Mike
Mon Oct 02 04:28:41 CDT 2006

> too bad restore can't be "zeroed"

It can, and very simply too.
--
Mike Maltby
mike.maltby@gmail.com


MsOsWin@anon.com <MsOsWin@anon.com> wrote:

> "Mike M" <No_Spam@Corned_Beef.Only> in
> news:ONpaVVO3GHA.836@TK2MSFTNGP02.phx.gbl:
>
>> I'm unclear as to why you are now changing the direction of this
>> thread.
>
> because "(ie is oe) and (ie is integrated with win)". or so we've
> read. and since oe has had trouble in the same year, there might be
> an association i've never come across.
>
> an example that ties back to this thread: who would have expected av
> ware to conflict or mess with system restore?
>
>
>> I thought you wanted to fix any problems you might have with
>> system restore (the subject of this thread) but if you want to move
>> on to other matters such as problems with Outlook Express then it
>> might be a good idea to start a new thread. .
>
> actually.. since i've spent some time pursuing the usual advice for
> oe, with no improvement, and deleting *.cpy via a floppy boot works
> ok... i expect i'll have to limp along for a few more months, then
> and do sequential hardware an os replacements.
>
>> If you wish to continue with the system restore then it would help if
>> you were to let me know:
>> a) What is the date of the last checkpoint
>> b) Can you make a manual checkpoint?
>> I don't need to know the names of any files in the _RESTORE\TEMP
>> folder most of which are irrelevant
>>
>> If however you have system restore disabled then say so and I will
>> tell you what you need to do to clear the _RESTORE\TEMP folder as
>> well as any other folders that are currently populated in the
>> _RESTORE hierarchy.
>
> disabled now. i'll try to get back to this after deleting any suspect
> remains in the restore folder(s). too bad restore can't be "zeroed"
> as recycled can be.

MsOsWin
Mon Oct 02 16:16:02 CDT 2006

Dan <spamyou@user.nec> in news:OF9yeQR4GHA.512@TK2MSFTNGP06.phx.gbl:

> Mike M wrote:
>> I cannot for the earth of me think why you would want to see the
>> extremely limiting 9x operating system developed in anyway. The OS
>> is dead, long since. One major deficiency being the in-built back
>> compatibility with Win 95 and the 64Kb stacks used for 16 bit
>> modules. Such an OS model was near end of life when Win Me was
>> released in 2000 and I cannot for the life of me believe that anyone,
>> even the most die-hard geek, would want to waste their time today on
>> working with the Win9x kernel.

hardly anyone writes anything new for 9x. and 9x gets left out at major (?) revisions.

[snip modern hardware list, except the tube.. or are you referring to the crt display? :-) ]

> 17. Remember the needs of computers are to serve the user and if XP
> Pro. and Vista cannot run older software then 98SE is a great solution
> but since it is no longer supported by Microsoft -- a classic series
> solution is needed

reminds me of those DOS clone/revivalists. (google to find those)

but, to run golden oldieware, i'd keep the older 9x computer offline. use usb 'thumbdrive' to xfer data/doc files when necessary.

scan for mals using the modern computer.
don't need to fill the 9x computer's ram with active scanners (anti virus etc) so the computer should run fast. no need to install
all of the security patches when you "periodically" wipe/reinstall the 9x os.

that's my plan for near future. just not yet :-)

MsOsWin
Mon Oct 02 16:42:21 CDT 2006

"Mike M" <No_Spam@Corned_Beef.Only> in news:u1bT2Ug5GHA.5072@TK2MSFTNGP05.phx.gbl:

me:
>> too bad restore can't be "zeroed"
>
> It can, and very simply too.

yesterday, this seemed quickest way to "zero" restore: i disabled, restart, enabled, restart.

but i forgot to check for any junk until revisiting this thread now. and now, already 3.46 MB have accumulated in tmp folder.

as mentioned, i can delete the junk occasionally. i chose avira because vague web research sugested that avira is best free av.
(free seems associated with lite(liter) ware). I've hardly ever had attempts by virus or any malware, so i'm not going to pay
whatever nod32, as example, costs (assuming nod32 may be liteware).


_______________
hmmm, i tried starting restore, instead it popped up msg, saying restore needs restart.

there had been avira update when i powered up an hour earlier. at reboot i see window's text lines "setup ... is updating ... files"

after fully running, i looked in restore/tmp, where i see some junk *.cpy have dates only one minute old.
i think that's suggestive ...


also, trying restore, the main window hangs as just a transparent window frame.


i guess i'll try avast or avg (choose after reviewing my effectiveness and resource use notes).

i intend to post update, fwtw, but got other things to do now..
thanks.



--
btw, yeah, no one likes spam, but are pastrami or veggie burger ok?
amy's pizza?
:-)

Mike
Mon Oct 02 17:01:23 CDT 2006

> yesterday, this seemed quickest way to "zero" restore: i disabled,
> restart, enabled, restart.

Yes, that is a quick and easy way to do reset system restore and should
have flushed the archive and generated a new set of control files - about
2.1MB or so in total.

> but i forgot to check for any junk until revisiting this thread now.
> and now, already 3.46 MB have accumulated in tmp folder.

And how are you determining that this is "junk"? 3.6MB in a day is
nothing and if junk should be automatically discarded by the state manager
when it next cabs the files that accumulate in the _RESTORE\TEMP folder.
Files the state manager considers necessary for use when restoring are
cabbed to FS*.cab files in the ARCHIVE folder where you will also find an
RG cab file containing a copy of the registry for each checkpoint, one of
which should automatically have been generated when you restarted system
restore..
--
Mike Maltby
mike.maltby@gmail.com



MsOsWin@anon.com <MsOsWin@anon.com> wrote:

> "Mike M" <No_Spam@Corned_Beef.Only> in
> news:u1bT2Ug5GHA.5072@TK2MSFTNGP05.phx.gbl:
>
> me:
>>> too bad restore can't be "zeroed"
>>
>> It can, and very simply too.
>
> yesterday, this seemed quickest way to "zero" restore: i disabled,
> restart, enabled, restart.
>
> but i forgot to check for any junk until revisiting this thread now.
> and now, already 3.46 MB have accumulated in tmp folder.
>
> as mentioned, i can delete the junk occasionally. i chose avira
> because vague web research sugested that avira is best free av. (free
> seems associated with lite(liter) ware). I've hardly ever had
> attempts by virus or any malware, so i'm not going to pay whatever
> nod32, as example, costs (assuming nod32 may be liteware).
>
>
> _______________
> hmmm, i tried starting restore, instead it popped up msg, saying
> restore needs restart.
>
> there had been avira update when i powered up an hour earlier. at
> reboot i see window's text lines "setup ... is updating ... files"
>
> after fully running, i looked in restore/tmp, where i see some junk
> *.cpy have dates only one minute old.
> i think that's suggestive ...
>
>
> also, trying restore, the main window hangs as just a transparent
> window frame.
>
>
> i guess i'll try avast or avg (choose after reviewing my
> effectiveness and resource use notes).
>
> i intend to post update, fwtw, but got other things to do now..
> thanks.

Dan
Mon Oct 02 23:24:09 CDT 2006

MsOsWin@anon.com wrote:
> Dan <spamyou@user.nec> in news:OF9yeQR4GHA.512@TK2MSFTNGP06.phx.gbl:
>
>> Mike M wrote:
>>> I cannot for the earth of me think why you would want to see the
>>> extremely limiting 9x operating system developed in anyway. The OS
>>> is dead, long since. One major deficiency being the in-built back
>>> compatibility with Win 95 and the 64Kb stacks used for 16 bit
>>> modules. Such an OS model was near end of life when Win Me was
>>> released in 2000 and I cannot for the life of me believe that anyone,
>>> even the most die-hard geek, would want to waste their time today on
>>> working with the Win9x kernel.
>
> hardly anyone writes anything new for 9x. and 9x gets left out at major (?) revisions.
>
> [snip modern hardware list, except the tube.. or are you referring to the crt display? :-) ]
>
>> 17. Remember the needs of computers are to serve the user and if XP
>> Pro. and Vista cannot run older software then 98SE is a great solution
>> but since it is no longer supported by Microsoft -- a classic series
>> solution is needed
>
> reminds me of those DOS clone/revivalists. (google to find those)
>
> but, to run golden oldieware, i'd keep the older 9x computer offline. use usb 'thumbdrive' to xfer data/doc files when necessary.
>
> scan for mals using the modern computer.
> don't need to fill the 9x computer's ram with active scanners (anti virus etc) so the computer should run fast. no need to install
> all of the security patches when you "periodically" wipe/reinstall the 9x os.
>
> that's my plan for near future. just not yet :-)
>

Keeping Windows 98 Second Edition on-line is my plan -- I have
multi-layered security already in place and a custom agreement with
Microsoft to provide support for my system which includes the 98 Second
Edition side as well.

cquirke
Sat Oct 07 03:56:21 CDT 2006

On Sun, 01 Oct 2006 16:57:57 -0700, "MsOsWin@anon.com"

>an example that ties back to this thread: who would have expected
>av ware to conflict or mess with system restore?

I think that can be predicted fairly easily...
- WinME lacked Resource Kit documentation
- MS encouraged devs to skimp on WinME efforts
- devs thus expect what works for Win98 to work for WinME
- SR is a brand new subsystem unique to WinME
- SR manages everything "from the outside"
- SR monitors all file types unless these are excluded
- many applications use arbitrary file types for internal use
- log files often follow multiple open, change, close cycles

This is why apps with private data (Sony "media players" with DRM, av
utilities, etc.) fall foul of SR - the private data file types they
use are included in SR monitoring, so every change to these creates
new SR material, and any SR restore will revert that private data.

Diagnostic and combat (e.g.) software expect to be killed at any time,
so they use the open, change, close operation cycle for every logged
event. That's slower than the usual open, change-change-change,
close cycle that most apps would use, but it's the only way to
effectively log right up to an event that kills the process...
- "I'm opening the hatch..."
- ' Roger, Astro0125... '
- "...there's a mass of green material at the edge of the crater..."
- ' Roger, Astro0125; can you investigate? '
- "Roger, Mission Control - I'm on my way..."
- ' See if you can get us a sample... '
- "I'm boring into the mass to get a samp"
- ' Astro0125? Do you read? Over...'
- "..."
- ' Hello, Astro0125? Do you read me?...'
- "..."
- ' Astro0126; you're up next. Don't sample the green stuff.'

In this case, I suspect the av is maintaining a fine-grained log file
as above, but because it's a file type not excluded from SR, SR is
strobing every log change as a new file in the SR backup store.



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

cquirke
Sat Oct 07 04:07:41 CDT 2006

On Mon, 2 Oct 2006 23:01:23 +0100, "Mike M" <No_Spam@Corned_Beef.Only>

>> yesterday, this seemed quickest way to "zero" restore: i disabled,
>> restart, enabled, restart.

>Yes, that is a quick and easy way to do reset system restore and should
>have flushed the archive and generated a new set of control files - about
>2.1MB or so in total.

It's not the best way, though - because every time you disable and
re-enable SR, all SR settings are lost. In the case of WinME, that
means it will revert to hogging the maximum amount of disk space. In
XP, it means that, plus SR is re-enabled on all HD volumes
irrespective of whether it was originally disabled there or not.

The same applies to anything that causes SR to poo itself. That is
not a problem in XP< but it's a huge problem in WinME, because any
change in HD volume enumeration will have that effect.

A cleaner way to kill SR in WinME is to DelTree the C:\_RESTORE
subtree from outside WIndows (i.e. pure DOS mode, either via diskette
boot or one of the 3+ DOS mode retrofits). SR will rebuild the
subtree on the fly, hopefully without redefaulting all the settings.

In XP, the best method is to create a new SR point, and then delete
all previous SR points via the Disk Cleanup tool.


In WinME, even if you disable SR, you will see some growth in the
C:\_RESTORE contents, beyond the expected slightly over 2M.

This is due to Wininit.exe activity, which takes place before SR
starts, and thus has to have its own parallel SR functionality (else
SR would miss installation changes made via Wininit.exe, thus
seriously breaking the purpose of SR).

Unfortunately, Wininit.exe's in-built SR functionality disregards SR
status, and thus operates even when SR is disabled.



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

Dan
Sat Oct 07 08:32:26 CDT 2006

cquirke (MVP Windows shell/user) wrote:
> On Mon, 2 Oct 2006 23:01:23 +0100, "Mike M" <No_Spam@Corned_Beef.Only>
>
>>> yesterday, this seemed quickest way to "zero" restore: i disabled,
>>> restart, enabled, restart.
>
>> Yes, that is a quick and easy way to do reset system restore and should
>> have flushed the archive and generated a new set of control files - about
>> 2.1MB or so in total.
>
> It's not the best way, though - because every time you disable and
> re-enable SR, all SR settings are lost. In the case of WinME, that
> means it will revert to hogging the maximum amount of disk space. In
> XP, it means that, plus SR is re-enabled on all HD volumes
> irrespective of whether it was originally disabled there or not.
>
> The same applies to anything that causes SR to poo itself. That is
> not a problem in XP< but it's a huge problem in WinME, because any
> change in HD volume enumeration will have that effect.
>
> A cleaner way to kill SR in WinME is to DelTree the C:\_RESTORE
> subtree from outside WIndows (i.e. pure DOS mode, either via diskette
> boot or one of the 3+ DOS mode retrofits). SR will rebuild the
> subtree on the fly, hopefully without redefaulting all the settings.
>
> In XP, the best method is to create a new SR point, and then delete
> all previous SR points via the Disk Cleanup tool.
>
>
> In WinME, even if you disable SR, you will see some growth in the
> C:\_RESTORE contents, beyond the expected slightly over 2M.
>
> This is due to Wininit.exe activity, which takes place before SR
> starts, and thus has to have its own parallel SR functionality (else
> SR would miss installation changes made via Wininit.exe, thus
> seriously breaking the purpose of SR).
>
> Unfortunately, Wininit.exe's in-built SR functionality disregards SR
> status, and thus operates even when SR is disabled.
>
>
>
>> ------------ ----- --- -- - - - -
> Drugs are usually safe. Inject? (Y/n)
>> ------------ ----- --- -- - - - -

Why is this file given so much power over the system in Windows ME:

Wininit.exe to the detriment of System Restore (SR -- I think)

--
Dan W.

Computer User

Mike
Sat Oct 07 08:50:44 CDT 2006

Deleting the C:\_RESTORE folder from DOS resets system restore and in most
cases also resets the space allocated to the maximum when the user next
boots into Win Me.

However we digress, the user was talking about a quick way of resetting
system restore and this can be done quite effectively in most cases by
cycling SR off and then back on, rebooting their PC in the process.
--
Mike Maltby
mike.maltby@gmail.com


cquirke (MVP Windows shell/user) <cquirkenews@nospam.mvps.org> wrote:

> It's not the best way, though - because every time you disable and
> re-enable SR, all SR settings are lost. In the case of WinME, that
> means it will revert to hogging the maximum amount of disk space. In
> XP, it means that, plus SR is re-enabled on all HD volumes
> irrespective of whether it was originally disabled there or not.
>
> The same applies to anything that causes SR to poo itself. That is
> not a problem in XP< but it's a huge problem in WinME, because any
> change in HD volume enumeration will have that effect.
>
> A cleaner way to kill SR in WinME is to DelTree the C:\_RESTORE
> subtree from outside WIndows (i.e. pure DOS mode, either via diskette
> boot or one of the 3+ DOS mode retrofits). SR will rebuild the
> subtree on the fly, hopefully without redefaulting all the settings.
>
> In XP, the best method is to create a new SR point, and then delete
> all previous SR points via the Disk Cleanup tool.
>
>
> In WinME, even if you disable SR, you will see some growth in the
> C:\_RESTORE contents, beyond the expected slightly over 2M.
>
> This is due to Wininit.exe activity, which takes place before SR
> starts, and thus has to have its own parallel SR functionality (else
> SR would miss installation changes made via Wininit.exe, thus
> seriously breaking the purpose of SR).
>
> Unfortunately, Wininit.exe's in-built SR functionality disregards SR
> status, and thus operates even when SR is disabled.
>
>
>
>> ------------ ----- --- -- - - - -
> Drugs are usually safe. Inject? (Y/n)
>> ------------ ----- --- -- - - - -

Dan
Sat Oct 07 08:50:19 CDT 2006

cquirke (MVP Windows shell/user) wrote:
> On Sun, 01 Oct 2006 16:57:57 -0700, "MsOsWin@anon.com"
>
>> an example that ties back to this thread: who would have expected
>> av ware to conflict or mess with system restore?
>
> I think that can be predicted fairly easily...
> - WinME lacked Resource Kit documentation
> - MS encouraged devs to skimp on WinME efforts
> - devs thus expect what works for Win98 to work for WinME
> - SR is a brand new subsystem unique to WinME
> - SR manages everything "from the outside"
> - SR monitors all file types unless these are excluded
> - many applications use arbitrary file types for internal use
> - log files often follow multiple open, change, close cycles
>
> This is why apps with private data (Sony "media players" with DRM, av
> utilities, etc.) fall foul of SR - the private data file types they
> use are included in SR monitoring, so every change to these creates
> new SR material, and any SR restore will revert that private data.
>
> Diagnostic and combat (e.g.) software expect to be killed at any time,
> so they use the open, change, close operation cycle for every logged
> event. That's slower than the usual open, change-change-change,
> close cycle that most apps would use, but it's the only way to
> effectively log right up to an event that kills the process...
> - "I'm opening the hatch..."
> - ' Roger, Astro0125... '
> - "...there's a mass of green material at the edge of the crater..."
> - ' Roger, Astro0125; can you investigate? '
> - "Roger, Mission Control - I'm on my way..."
> - ' See if you can get us a sample... '
> - "I'm boring into the mass to get a samp"
> - ' Astro0125? Do you read? Over...'
> - "..."
> - ' Hello, Astro0125? Do you read me?...'
> - "..."
> - ' Astro0126; you're up next. Don't sample the green stuff.'
>
> In this case, I suspect the av is maintaining a fine-grained log file
> as above, but because it's a file type not excluded from SR, SR is
> strobing every log change as a new file in the SR backup store.
>
>
>
>> ------------ ----- --- -- - - - -
> Drugs are usually safe. Inject? (Y/n)
>> ------------ ----- --- -- - - - -

Sony "media players" with DRM is one reason why I feel Sony is
headed down the slippery slope towards destruction and why I feel that I
cannot trust Sony products any longer. I was going to buy the
Playstation 3 but no longer and now it is Nintendo Wii (Revolution -- do
not like the new name) all the way for me.
This trust was also broken with Dell and the XPS gaming systems and
not providing what was promised to the consumer according to Wall Street
Journal report about a week ago --- time frame unsure but it was
recently. Remember, the saying that the "consumer is always right" ---
well that is usually true but does not apply if a crazy consumer starts
yelling at you and chewing you out since they hate life and want to vent
on a stranger. This is totally disrespectful and does not see life from
how hard the salesperson is usually trying -- of course -- some
salespeople don't give a care so I just avoid them. I have started to
become more a user of Ebay and other services for items that I cannot
buy in the store but it is great to first research at the store level
before making the final purchase and so bricks and mortar are still very
important and I don't see them disappearing anytime soon.
The business industry has to stop the privacy intrusions ASAP and I
will stand up for the little guy at the expense of the business when
they are wrong --- I will support the business when they do well and
are caring and respectful towards the individual and make it easy to
connect to an actual caring person that can solve the problem rather
than dealing with a clueless machine and getting the run around. I
worked 7+ years at Target Corporation from the ground up as a cart
attendant then a cashier and then other duties -- a jack of all trades
to say so --- so I don't mind getting my hands dirty, scrubbing toilets,
mopping crap-filled stalls, using a great product called X-Sorb -- only
available for industry that removes smell from vomit and makes it easy
to sweep up. It was even sometimes nice to be alone and just work. The
one issue with cashiers is back problems. The industry needs to let
cashiers work for maybe a maximum of three hours and then give them
other duties such as gathering carts or something so they can get their
blood flowing and stay less stiff. Target Corporation was and I feel
still is a great company. I highly doubt they are intentionally selling
illegal "Coach" products but if they are then it is someone on the
inside or something malicious that needs to be worked out and the entire
company is not at fault -- I feel and if they are indeed at fault then I
would be highly disappointed and ashamed of Target for making that
marketing decision.
Whoops, off-topic again, sorry everyone and please focus on what is
relevant and I will try harder in the future.

--
Dan W.

Computer User

Mike
Sat Oct 07 08:55:33 CDT 2006

The lack of a Win Me resource kit is hardly relevant. It would take a
developer but five minutes to determine the extent of system restore
including a list of all the file types monitored and those very same file
types are those that are monitored in XP. That some software falls foul
of SR is due solely IMO to the carelessness and lack of attention to
detail by the developers concerned. Where I do have some sympathy is for
the developers of those products, fortunately few in number, whose
pre-existing use of certain file types led to their products falling foul
of SR. Sony and the AV vendors are not in that number.
--
Mike Maltby
mike.maltby@gmail.com


cquirke (MVP Windows shell/user) <cquirkenews@nospam.mvps.org> wrote:

> On Sun, 01 Oct 2006 16:57:57 -0700, "MsOsWin@anon.com"
>
>> an example that ties back to this thread: who would have expected
>> av ware to conflict or mess with system restore?
>
> I think that can be predicted fairly easily...
> - WinME lacked Resource Kit documentation
> - MS encouraged devs to skimp on WinME efforts
> - devs thus expect what works for Win98 to work for WinME
> - SR is a brand new subsystem unique to WinME
> - SR manages everything "from the outside"
> - SR monitors all file types unless these are excluded
> - many applications use arbitrary file types for internal use
> - log files often follow multiple open, change, close cycles
>
> This is why apps with private data (Sony "media players" with DRM, av
> utilities, etc.) fall foul of SR - the private data file types they
> use are included in SR monitoring, so every change to these creates
> new SR material, and any SR restore will revert that private data.
>
> Diagnostic and combat (e.g.) software expect to be killed at any time,
> so they use the open, change, close operation cycle for every logged
> event. That's slower than the usual open, change-change-change,
> close cycle that most apps would use, but it's the only way to
> effectively log right up to an event that kills the process...
> - "I'm opening the hatch..."
> - ' Roger, Astro0125... '
> - "...there's a mass of green material at the edge of the crater..."
> - ' Roger, Astro0125; can you investigate? '
> - "Roger, Mission Control - I'm on my way..."
> - ' See if you can get us a sample... '
> - "I'm boring into the mass to get a samp"
> - ' Astro0125? Do you read? Over...'
> - "..."
> - ' Hello, Astro0125? Do you read me?...'
> - "..."
> - ' Astro0126; you're up next. Don't sample the green stuff.'
>
> In this case, I suspect the av is maintaining a fine-grained log file
> as above, but because it's a file type not excluded from SR, SR is
> strobing every log change as a new file in the SR backup store.
>
>
>
>> ------------ ----- --- -- - - - -
> Drugs are usually safe. Inject? (Y/n)
>> ------------ ----- --- -- - - - -

cquirke
Sat Oct 07 13:45:51 CDT 2006

On Sat, 07 Oct 2006 07:32:26 -0600, "Dan W." <spamyou@user.nec> wrote:

>Why is this file given so much power over the system in Windows ME:

>Wininit.exe to the detriment of System Restore (SR -- I think)

The problem is that software installation often needs to replace files
that are in use once Windows runs.

So the installer enqueues the new files in Temp, sets up the startup
axis to copy these into place, then prompts you to restart Windows.

The trouble is, much of the Windows startup axis is not serialized, so
that boot time to desktop and non-hourglass pointer can be as short as
possible. It's like opening a box of pigeons; the one that flies the
highest may not be the one first out of the box.

Software installers need to run as early as possible, before anything
else starts to run. There are various points in the startup axis
geared to this, e.g. RunOnce and the Wininit.ini that is processed by
Wininit.exe; both "run once", i.e. clear themselves after use.


Now, consider what SR has to do; monitor all changes within the system
(i.e. registry settings and non-data files) so that these changes can
be undone. You have a collision of needs:
- Wininit.exe must run before anything else, so it can make changes
- SR needs to start before anything else, so it can monitor changes

In particular, the changes Wininit.exe is likely to make are exactly
the sort of changes SR needs to track. Missing the effect of
Wininit.exe would be like saying "this is a really safe car; you'll be
quite safe as long as you don't start the motor".

From what I can determine by observed behaviour in WinME, MS addressed
this problem by building SR functionality into Wininit.exe itself.
That way, Wininit.exe can work before the SR service starts up, while
SR still has record of what Wininit.exe did.

The problem is that once you have two code paths that do "the same
thing", you can have variance, if these code paths diverge. Often,
the difference in behavior may be exploitable.

In the case of Wininit.exe and SR, one divergance goes about user
settings that disable SR. The "real" SR engine checks these and
respects them, at least to some extent (the settings are lost if SR
flushes itself due to changed drive letter enumeration). The SR-like
functionality built into Wininit.exe disregards the setting, and
operates even if you had disabled SR.



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

cquirke
Sat Oct 07 13:48:17 CDT 2006

On Sat, 7 Oct 2006 14:50:44 +0100, "Mike M" <No_Spam@Corned_Beef.Only>
wrote:

>Deleting the C:\_RESTORE folder from DOS resets system restore and in most
>cases also resets the space allocated to the maximum when the user next
>boots into Win Me.
>
>However we digress, the user was talking about a quick way of resetting
>system restore and this can be done quite effectively in most cases by
>cycling SR off and then back on, rebooting their PC in the process.

That will also re-default SR to using the maximum amount of space on
C:, so it may be "easy" but it is not clean.

IS there a clean way to clear out SR contents in WinME, without losing
your one and only SR setting (i.e. space to use on C:)?



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

cquirke
Sat Oct 07 13:56:46 CDT 2006

On Sat, 7 Oct 2006 14:55:33 +0100, "Mike M" <No_Spam@Corned_Beef.Only>

>The lack of a Win Me resource kit is hardly relevant.

I think it contributed to WinME's bad reputation.

WinME was set up to fail, as MS pretty much discouraged developers
from devoting resources to it. The mantra was "this is the last gasp
of a dying product line, concentrate on NT instead"... MS hoped that
Win2000 would take off as XP Home finally did a couple of years later.

The irony is that WinME had a longer tenure as "current version of
Win9x" than any other Win9x sub-version (i.e. if you consider Win95,
95SP1, 95SR2, 98 and 98SE each as separate versions).

>It would take a developer but five minutes to determine the extent
>of system restore including a list of all the file types monitored and
>those very same file types are those that are monitored in XP.

If they knew SR was there, that is. You'd expect the big players to
know that, but they didn't seem to have joined the dots :-/



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

Mike
Sat Oct 07 14:33:19 CDT 2006

cquirke (MVP Windows shell/user) <cquirkenews@nospam.mvps.org> wrote:

> On Sat, 7 Oct 2006 14:55:33 +0100, "Mike M" <No_Spam@Corned_Beef.Only>
>
>> The lack of a Win Me resource kit is hardly relevant.
>
> I think it contributed to WinME's bad reputation.

No disagreement there. I also think Microsoft's reasoning in not
providing a resource kit was faulty. They considered a resource kit
unnecessary as Win Me was never intended for use in a corporate
environment.

> WinME was set up to fail, as MS pretty much discouraged developers
> from devoting resources to it. The mantra was "this is the last gasp
> of a dying product line, concentrate on NT instead"... MS hoped that
> Win2000 would take off as XP Home finally did a couple of years later.
>
> The irony is that WinME had a longer tenure as "current version of
> Win9x" than any other Win9x sub-version (i.e. if you consider Win95,
> 95SP1, 95SR2, 98 and 98SE each as separate versions).
>
>> It would take a developer but five minutes to determine the extent
>> of system restore including a list of all the file types monitored
>> and those very same file types are those that are monitored in XP.
>
> If they knew SR was there, that is. You'd expect the big players to
> know that, but they didn't seem to have joined the dots :-/

Again no argument here. The failure though I feel is more with the
developers than Microsoft however Microsoft didn't want to listen during
the development of system restore, both for Win Me and later XP, and
refused to remove certain file extension types that were at that time in
use by third parties. My memory fails me of the details but I seem to
recall that a couple of the file types involved were in the db* group of
monitored files, possibly db1 and db2. I know I worked with some of the
software developers concerned explaining and showing how to remove their
products from SR's embrace due to Microsoft ignoring their requests for
help.

Many of the improvements in SR that were introduced in XP had been
requested throughout testing of SR in Win Me and for each request the all
too familiar reply was "it will be in the next version".
--
Mike Maltby
mike.maltby@gmail.com

Mike
Sat Oct 07 14:23:20 CDT 2006

cquirke (MVP Windows shell/user) <cquirkenews@nospam.mvps.org> wrote:

> That will also re-default SR to using the maximum amount of space on
> C:, so it may be "easy" but it is not clean.
>
> IS there a clean way to clear out SR contents in WinME, without losing
> your one and only SR setting (i.e. space to use on C:)?

Not that I have ever discovered.
--
Mike Maltby
mike.maltby@gmail.com

Mike
Sat Oct 07 14:37:22 CDT 2006

Chris,

One small point, SR in Win Me does not monitor the registry. All it does
is archive a current copy of the registry each time a checkpoint is
created.

The problem of wininit.exe not respecting the user's SR settings (such as
SR being disabled) was also brought up during testing. One reason given
for this was that such settings are stored in the registry and the
registry has yet to load when wininit.exe runs.
--
Mike Maltby
mike.maltby@gmail.com


cquirke (MVP Windows shell/user) <cquirkenews@nospam.mvps.org> wrote:

> On Sat, 07 Oct 2006 07:32:26 -0600, "Dan W." <spamyou@user.nec> wrote:
>
>> Why is this file given so much power over the system in Windows ME:
>
>> Wininit.exe to the detriment of System Restore (SR -- I think)
>
> The problem is that software installation often needs to replace files
> that are in use once Windows runs.
>
> So the installer enqueues the new files in Temp, sets up the startup
> axis to copy these into place, then prompts you to restart Windows.
>
> The trouble is, much of the Windows startup axis is not serialized, so
> that boot time to desktop and non-hourglass pointer can be as short as
> possible. It's like opening a box of pigeons; the one that flies the
> highest may not be the one first out of the box.
>
> Software installers need to run as early as possible, before anything
> else starts to run. There are various points in the startup axis
> geared to this, e.g. RunOnce and the Wininit.ini that is processed by
> Wininit.exe; both "run once", i.e. clear themselves after use.
>
>
> Now, consider what SR has to do; monitor all changes within the system
> (i.e. registry settings and non-data files) so that these changes can
> be undone. You have a collision of needs:
> - Wininit.exe must run before anything else, so it can make changes
> - SR needs to start before anything else, so it can monitor changes
>
> In particular, the changes Wininit.exe is likely to make are exactly
> the sort of changes SR needs to track. Missing the effect of
> Wininit.exe would be like saying "this is a really safe car; you'll be
> quite safe as long as you don't start the motor".
>
> From what I can determine by observed behaviour in WinME, MS addressed
> this problem by building SR functionality into Wininit.exe itself.
> That way, Wininit.exe can work before the SR service starts up, while
> SR still has record of what Wininit.exe did.
>
> The problem is that once you have two code paths that do "the same
> thing", you can have variance, if these code paths diverge. Often,
> the difference in behavior may be exploitable.
>
> In the case of Wininit.exe and SR, one divergance goes about user
> settings that disable SR. The "real" SR engine checks these and
> respects them, at least to some extent (the settings are lost if SR
> flushes itself due to changed drive letter enumeration). The SR-like
> functionality built into Wininit.exe disregards the setting, and
> operates even if you had disabled SR.

cquirke
Sun Oct 08 16:09:07 CDT 2006

On Sat, 7 Oct 2006 20:37:22 +0100, "Mike M" <No_Spam@Corned_Beef.Only>

>Chris,

Hi!

>One small point, SR in Win Me does not monitor the registry. All it does
>is archive a current copy of the registry each time a checkpoint is
>created.

OK...

>The problem of wininit.exe not respecting the user's SR settings (such as
>SR being disabled) was also brought up during testing. One reason given
>for this was that such settings are stored in the registry and the
>registry has yet to load when wininit.exe runs.

That's interesting, as I seem to recall Win95/98 accessing the
registry as far back as IO.SYS - seems unbelievable, but Alex's
testing suggested this might be how that phase of boot is aware it is
booting a "Specify a new..." DOS mode session.

I have a hunch the transient .app startup files may be a cue, if it's
not done through registry.

The question all this is trying to answer is: When you Exit a "Specify
a new..." DOS mode session, the system reboots and builds the
erstwhile startup files back into the .PIF from whence they came. How
does the new boot "know" which .PIF to update?



>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)