RE: Windows ME file restoration

["CJ Oakwood" <cj_oakwood () yahoo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This doesn't sound like a bug, but rather the System File Protection.
Windows 2000, XP, .NET (and I think NT4) has what MS calls System
File Protection which makes it hard to overwrite system files.

To temporary disable System File protection, and update system files,
you will need to edit the Registry, and upload your DLL or system
file in the system32 directory, and in the DLL Cache directory. 
Reboot, and your files will be updated.  

This can't be disabled, this is a feature of Windows.

This sounds like the issue you are having in Windows ME.

CJ

- -----Original Message-----
From: Spirit Of 1 [mailto:spiritof1 () home com] 
Sent: Saturday, July 28, 2001 21:16
To: bugtraq () securityfocus com
Subject: Windows ME file restoration


An advisory for all windows ME users:

Windows ME restores critical system files from backups when they are
renamed or deleted.  This includes system utilities in the command
folder, and some DLLs.  If your machine is compromised, and you
attempt to clean yourself of impurities by cleaning up system files,
windows ME may even restore infected copies of your system.  I just
got windows ME and was completely taken aback by this lack of caring
from microsoft.  I don't even know if there is a fix for this.  If
you know how to disable this recovery method that seems hard-coded
into windows ME, I'd appreciate a reply.  Thanks.

- -spirit of one.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Go to http://4.60.71.222/public/ for public key 

iQA/AwUBO2N/yq+nyPk9PHN7EQKOrQCgnUhv9Z8H6V1V+1rT0uqOofrLWgMAniYi
5dJF6vKM7G6Wmokc+Bl/wNlS
=tMNX
-----END PGP SIGNATURE-----


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com