Batch file to backup registry with date embedded?

[X-Ecutioner]

Hello all...

Well last nite I was infected with some spyware and cant seem to clean the last file. It renames and re-opens itself when i close it. It even does this in safe mode. So I have a feeling it added a parameter to a key value somewhere in the registry.

This made me realise I should start backing up my registry on a daily basis (eg at startup). I want to create a batch file that will backup the registry and put it in a folder with the date it was backed up. Does anyone know how I would go about adding the date information to the folder name??

Thanks

[Gee]

Isn't that what System Restore does?

[gunsmokingman]

This is a vbs file that makes a folder based on date, if there is a folder there

name with the current date it then makes a folder based on hour minutes and seconds.

Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject")

Dim Act : Set Act = CreateObject("Wscript.Shell")

Dim DeskTop : DeskTop = Act.ExpandEnvironmentStrings("%UserProfile%\Desktop")

''''Makes The Folder Based On Date

Dim Fld1 : Fld1 = (DeskTop & "\" & Year(Date) & "-" & Month(Date) & "-" & Day(Date))

'''' If Above Folder Is Made then It makes this based hour minutes second

Dim Fld2 : Fld2 = (DeskTop & "\" & Hour(Time) & "-" & Minute(Time) & "-" & second(Time))

If not Fso.FolderExists(Fld1) Then Fso.CreateFolder(Fld1) Else Fso.CreateFolder(Fld2) End If

Edited September 16, 2005 by gunsmokingman

[Takeshi]

XP's ntbackup will backup the whole registry in the backup System State option, and in advanced mode allows you to schedule a daily/incremental/differential backup.

It can also be run as a command-line.

[Andromeda43]

Published info states that Windows will create a new Restore Point every time you turn on your PC on a new calendar day. NOT so. (but Win-98 DID!)

I have a little vb-script to force this action. I put it in my Startup folder for a forced Restore Point every time I reboot.

Here it is:

****************************************

Set SRP=GetObject("winmgmts:\\.\root\default:Systemrestore")

CSRP=SRP.CreateRestorePoint("Hacked the registry", 0, 100)

****************************************

Just copy the two lines into a notepad or wordpad document and save it with the name "Set Restore Point.vbs" and then put the file in your startup folder.

That will take care of it. Every restore point will have the name "Hacked The Registry" with the time and date that it was created. Works like a champ.

Cheers mate!

Andromeda43

[X-Ecutioner]

I am aware that system restore does daily backups and stuff. But the reason i was hesitant was I am not sure what the extent it backs up. Like does it do files and stuff? Simply because to toss spyware easily, i can restore the reg to the previous day and I was always concerned that system restore would mess with other things. This would save me the hours of removing the spyware.

So what exactly does system restore backup every day? - other than the registry

Thanks

-Matt

[Takeshi]

You're not tackling the problem in the right way.

Anti-virus publisher's websites usually advise getting rid of all previous SR points when there is infection as you can never be sure that they are still there somewhere.

Nowadays, malware don't just hide in the registry (if that's the case it's easy because the list of startup entries are limited and well known). Quite a few of them are dlls, for example.

And SR does not necessarily do daily SR points, as it depends on the period of the computer is running and how SR interval is configured.

Edited September 17, 2005 by Takeshi