[22000] in bugtraq
Re: Windows ME file restoration
daemon@ATHENA.MIT.EDU (Sata)
Mon Jul 30 02:32:25 2001
Message-ID: <001901c118ab$9e367d90$0100000a@unicraft.com>
From: "Sata" <sata@infierno.cl>
To: "Spirit Of 1" <spiritof1@home.com>, <bugtraq@securityfocus.com>
Date: Sun, 29 Jul 2001 23:56:30 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I dont know if you are aware of this issue, but this behavior is also
present in Win2k server and professional... the files are kept in the
dllcache directory.
If you try to delete Outlook express from any of this systems, youll see
that the application file is restored within a couple of seconds. Anyway,
there is a procedure to delete this this application and any EXE or DLL file
within the directory.
Sata
----- Original Message -----
From: "Spirit Of 1" <spiritof1@home.com>
To: <bugtraq@securityfocus.com>
Sent: Sunday, July 29, 2001 12:15 AM
Subject: Windows ME file restoration
> An advisory for all windows ME users:
>
> Windows ME restores critical system files from backups when they are
renamed
> or deleted. This includes system utilities in the command folder, and
some
> DLLs. If your machine is compromised, and you attempt to clean yourself
of
> impurities by cleaning up system files, windows ME may even restore
infected
> copies of your system. I just got windows ME and was completely taken
aback
> by this lack of caring from microsoft. I don't even know if there is a
fix
> for this. If you know how to disable this recovery method that seems
> hard-coded into windows ME, I'd appreciate a reply. Thanks.
>
> -spirit of one.
>
