Deleted files return after system restore

ben1234510

New Member
I searched around the internet for ways in which to permanently delete files, and decided the best ways were to use eraser, i mananged to delete all the files successfully, but i decided to perform a system restore just to make sure, and the files were back in the same place where the were orignally, i had them saved in a folder called fg in the vista C: drive, used eraser to delete them, used system restore and they were back in the fg folder. I then moved all of the files from the fg folder into my own documents and repeated the process of deleting the files and using system restore, and the files had returned to the fg folder. Can anybody help me? I want to have these files permanently deleted, even after I have double checked using a system restore. Please help me.
Many Thanks
 

DavidHB

Active Member
You have come across one of the more important privacy issues in Windows. Perhaps the biggest irony of the situation is that everything worked as intended. Eraser did erase the files, but System Restore replaced them, from the copies held in the restore point. Unfortunately, Windows does not make it altogether straightforward to fix this problem; the Restore folder on each drive is completely inaccessible to Eraser or any other file management application.

Views on the usefulness of System Restore vary; my own view is that it is of limited value, except as a means of recovering immediately from a system change that has gone wrong. Accordingly, I switch off System Restore for all non-system drives. I also use the utility in CCleaner (which is free) to delete all but the most recent restore point, and I make sure that, in the properties for each drive, shadow copies are disabled. Finally, I erase free space from time to time to ensure that the deleted files (including System Restore files) cannot cannot be recovered.

In your case, I would use CCleaner to remove all restore points (except the current one, which cannot be deleted), and disable System Restore on all drives. This should delete the remaining restore point. I would then erase the offending files from the fg directory, and also erase free space on the drive(s). At that point, I would use the CCleaner utility to check that it cannot find any restore points. I would then re-enable System Restore, but not shadow copies, on the C: drive only. That will create a restore point, which should certainly not include the erased files. If any earlier restore points remain, use CCleaner to delete them.

All this, it has to be said, is pretty long winded; erasing free space takes hours. Once it is done, the best means of ensuring that problems do not recur is
  • to ensure that, if at all possible, sensitive files are not stored on a drive that has system restore and (particularly) shadow copies enabled;
  • where files are stored on such drives, make a new restore point after erasing such files, and delete the old restore points;
  • when sensitive files need to be removed, erase them as soon as possible

I hope this helps.

David
 

DaveDone2

New Member
Another option is to disable the restore process and the reinstate it. That will clear all restore points.

From the M$ website
http://support.microsoft.com/kb/263455

WARNING: Using the following steps will completely remove all restore points from the data store. Do not use this method if this will cause problems. When you enable the System Restore feature again, the System Restore feature will create a new restore point and then resume monitoring your computer.

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click System, and then click the Performance tab.
3. Click File System, and then click the Troubleshooting tab.
4. Click to select the Disable System Restore check box, click Apply, click to clear the Disable System Restore check box, click Apply, and then click OK.
5. Restart the computer when you are prompted to do so. When the computer restarts, the data store is purged and the System Restore feature begins monitoring the system again.

Dave2
 

DavidHB

Active Member
Essentially, I was proposing an elaborated version of the method suggested by Davedone2 (thanks to him for the link and the instructions). The reasons for the elaboration are
  • in my experience, not all restore point data is always deleted when System Restore is turned off; it should be, but it doesn't always happen, whereas CCleaner does clear the restore points it removes;
  • both Windows, and, as far as I can determine, CCleaner delete rather than erase the restore points they remove, so the data is potentially recoverable unless free space is also wiped;
  • once the process is complete, steps need to be taken to prevent System Restore from saving 'hidden' copies of private data; disabling shadow copies does, I think (Joel will know better), help in this regard, but it is not necessarily the complete answer.

David
 

Joel

Active Member
Once System Restore is disabled, short of a manual invocation of vssadmin, shadow copies should not be made so you shouldn't have copies lying around attributed to Shadow Copies. This of course doesn't mean that other applications will not leave dummy files (which may be sensitive) on your disk.
 
Top