FOlks, this is the 2nd time I have had to reformat and reinstall Windows XP due to ugly backdore trojans, malware and viruses that Spybot, Adware, Malwarebyte, SmitFraudFix, Kaspersky, ect just could not permantly delete. (It would remove then reinstall and respawn more infected files after the Safeboot reboots) So my question is....knowing that these malicious OS infecting viruses are out there and pretty much inevitable at times, what is the BEST way to take preventive measures rather than having to REACT after its too late. Is there a way that I can back up or take snapshots of my system incrementally right before Im about to download a questionable file or goto an unknown website? Or are there other tips or methods you can recommend that can simply allow me to quickly go back to a certain healthy state in my system immediately after i detect something malicious....and if I can, will it remove the malicious code I am just trying to ultimately avoid having to completely reformat, reinstall all my drivers and apps everytime I get one of these pesky malicious infections thanks...I'd love to your what methods you guys do to help
Stop downloading questionable files, but if you really must do this. use one of the disk utilities from the drive makers which allow you to transfer your hard drive to a newer hard drive. Back up your drive just before downloading/installing the file. Wipe then reinstall the whole drive again. Better yet, get a second hard drive, install windows on it, then download and test your suspected file, if it works, fine, if not, then just wipe and format your guinea pig drive.
Get another hdd as a slave preferably a really large one say 500GB or larger,it can be used as clone of the master by using ghost or acronis imaging software,next create a good size data partition on that drive so you can create backup images as well as keep any data like photo's music etc,it saves clogging up the primary hdd,you can also move the pagefile to it by creating another smaller partition,naturally it's not enough you need a backup of the backup & this time an external up to you how large,you can use this to transfer any scheduled backup archives too as well as backing up music etc,it's all about fail safes. Ok now down to the real issue,infection comes about by being careless,everyones done it the best advice i can give is educate yourself,use real time scanners not the crap that scans after the fact so the first 3 are real time scanners & will alert you & block any prog that attempts to install unless it's in the safe category spywareterminater-free-best set up HIPS after install & set updates to direct rather than peer to peer superantispyware-shareware comodo firewall-free avira anitvirus clamwin antivirus avast antivirus link below is for any help needed with cloning or drive images http://radified.com/cgi-bin/yabb2/YaBB.pl You mention incremental my advice is use the scheduler to create onetime backups of the C partition with normal compression,it's unnecessary to backup the whole hdd if you have more than one data partition on more than one drive including an external,the trick is to get in the habit at transferring on a regular basis,more so for hdd failure than infection. I start with a clean install of windows & only a minimal of apps then create an image which is then transfered to the 2ndry drive & external,this gives me what i term a clean slate where i can start from scratch,once done i go to ms update & don't leave to OS is fully updated then create another one time,i then add more apps usually security,burning & GUI software & create another one time,then it's a matter of choice at which point the next one is created,chances are there'll be more apps once your set up with everything you can pretty much set the scheduler to do how often you want backups to be made,since i already transfer data manually i just go once a month for a one time image,if there have been no major changes i may delete it,reason being is i have the main image ready & waiting If you look thru the windows forums where peeps want help with infection removal keep an eye out for 2oldGeek,ok just checked your in here now..lol..yeah anyway just butt into a thread he's in & link to this one he can provide more measures
Another vote for Acronis or Ghost and a second HDD, once you use one, you won't know how you got along without it. One feature I like is that once a BootCD is made, the program doesn't even need to be installed, least Acronis doesn't. And I'll go a bit farther on a new install image, I disconnect from the net, install driver's and then take an image before installing my AV, still offline. Once got infected before I could even get my AV installed. Another good program is SpywareBlaster and Returnil look's interesting (both free). Anyway, an image program is vital, take's me 5 minute's to restore, can disable System Restore too, take's up huge space and haven't used it in year's.
You can use Drive Snapshot http://www.drivesnapshot.de/en/ it has a free trial and is a lot cheaper then Ghost. Another solution would be to do all your surfing and downloading in a VM.
spywareblaster is too limited in it's functionality & if there's spyterm or superspy installed is then pretty much made redundant it's not just about surfing he need be concerned about returnil works ok so long as you remember to transfer any data you want to another partition or drive..lol..
Scorp...thanks for the fantastic advice. I have a few questions about your workflow; I have True Image 11 Home version....I just ran my first Backup & Restore from my newly WIn XP, fresh drivers, and basic apps install and saved the backup.tib to my external USB hard drive. So this is what I am going to consider my fall back point if I get in trouble My next step I did was create a Startup Recovery partition on my C: drive. I am guessing this was in the case that Windows became so corrupt that if it wouldnt boot, this is supposed to let you recover from that and boot in on this special created partition? So now I have a full normal compressed Backup *.tib file of my C: drive which contains my new XP install, all updated drivers, and basic apps like Firefox, IE8, winrar, par2, dvd decrypter, cloneCd, etc. And I have the Startup Recovery partition in my C:drive in case my OS gets hosed and wont boot. Am I now good to go?....if my system gets corrupted with malware, trojans and/or just hosed am I now safe to assume that I can simply launch the RESTORE option in True Image and restore my backup.tib file and my entire C: drive will return back to this state? Is there anything more I should be doing? Also you mentioned that you like to keep doing FULL backups/images....out of curiosity, why dont you simply do the incremental or differential backups and add onto your initial full backup?...Is there a reason for completely doing a full backup each time? thanks for the tips and Im eager to read your follow up
About all I can suggest myself is to verify that tib to make sure ATI see's it, it happen's ocassionally that Acronis will create an image it can't see therefore can't restore. Also, make sure that the BootCD function's correctly. True about Returnil, I'm sure I would forget. I do Full's instead of incremental's just because there are fewer file's around and I just delete the previous one after a few day's when I know thing's are fine. Same thing, less often to me. Thank's for the tip on SpywareTerminator, gonna look into it.
I have no need to backup data as i have quite a few externals as well as dual hdd's mirrored in all my computers, which only leaves drive C on any one of the comps, which pretty much is only a container for the OS & a few apps ,so size wise it's around 10-15gb in size ,only changes that get made is updates which aren't that big,basically there's nothing major going on, there's very few changes from my fully updated & app install recovery image,i can then just do monthly images & delete them when there's need to,i use to do incremental differential,ended up settling with a whole image instead as there's nothing there that i can't afford to loose & like misty says fewer files For more & better advice on protection cnet,tech republic & pc world all have free email subscriptions to all sorts of tips & articles including free software,the link below came from a pc world email,the beauty of imaging is you can install any software to try out & if you don't like it either delete it or revert back @ misty yeah i used to have spywareblaster & there's anonther one similar to it installed it most probably worked however spyterm & superanti work the same way comodo firewall does nothing can install without you knowing about it, you'll see what i mean by functionality once it's installed it does everything that the bought version of superspy does except it's free,updates are regular including versions,however the version 2.5 onwards has now added peer to peer update thingy,i assume to save their bandwidth it can be set to direct download which is what i prefer,set you user level to basic otherwise every action will require approval if installing or updating etc,very annoying,any app accidentally blocked can be unblocked & moved to the white list,oh yeah if you don't use IE then spyware won't be a problem http://www.pcworld.com/article/1680...security_downloads.html?tk=nl_wvx_h_cbstories
Ok please someone explain to me the basic concept of this, A few days ago, I just ran a FULL Backup of my C: drive with True Image 11 and it created a 6gb compressed .tib file of my C:\drive (which contains a fresh intsall of XP, updated drivers and some basic apps) So far Im good and understand this.....however, Now, I experimented with the Differential Backup option that, from what I understand, only creates another .tib file with anything NEW from your last backup. If this is the case, why did the differential backup .tib file create a file that is almost 13GBs?? I thought it only creates a backup of just new stuff since the last backup, this leaves me with the impression that it created my entire C:\drive again but with just everything that is most recent Am I confused here?
No idea (maybe defragged between image's?) because I've never used it but if you don't find it, your answer will be here or any other question's you may have: http://www.wilderssecurity.com/forumdisplay.php?f=65
even with no compression it shouldn't get that high whether or not it's fragmented or if pagefile & hybernation file are included,you should be able to browse that file to see what's in it,i have acronis 9.0 so it won't let me browse like ghost images can instead it has to be mounted as a hdd wich acronis does in the screen selection & is assigned a drive letter If no luck is forth comming from misty's link go here,bookmark it you too misty http://radified.com/cgi-bin/yabb2/YaBB.pl Edit: It's not just ghost they can help with
ok its not that important...I just deleted it a created a FULL, more recent, Backup. I think I will just save a few FULL Backup files at different stages so I can choose when needed My other question is, just for my own knowledge, What is the actual differences and benefits of Differential Backups and Incremental Backups? I went to True Images website and after reading it, it still didnt make sense in explaining how they are different. I think its just the confusing way they explained it that makes it unclear.
This seem's to explain it: http://www.wilderssecurity.com/showthread.php?t=212096&highlight=differential+versus+incremental Differential and Full seem the same to me.
Differential when doing a recovery only requires the main image & 1 differential image to be selected,where as incremental requires the main image & every subsequent image Edit: Another reason i couldn't be bothered with doing incremental or diff,which is why i made numerous one time images starting from an empty OS then creating more as i added more software,until they got over 4GB in size & could no longer be saved to DVD & basicly went hard out putting everything in then creating 1 final complete image as a recovery base which is stored hidden on hdd's
Nup it's not a full,you create the full on the first past as you would with an incremental,so you need at least 1 differential to bring the comp back up to it's fully updated state otherwise you end up months behind..hehehe..confused even more now i'd have to read up some more on them as i can't quite remember what the diff image contains,tho it is usually quite large,ok just remembered each subsequent diff image contains the changes of the last diff image created,think snow ball effect
Thank's, too confusing for me (not hard). I think I'll just stick to my Full's, all I know is that ATI has saved me a small fortune when I couldn't even boot Window's or deleted the wrong thing and only take's a few minute's to do its job.