NO

Author Topic: Recovering your Hard Drive from Disaster. What I now Know.  (Read 5735 times)

Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Recovering your Hard Drive from Disaster. What I now Know.
« on: August 13, 2011, 12:05:53 am »
  Maybe everyone in the world knows this but me, but I will describe a great safety net (Acronis Home Image)
 
Recently I had got stuck with the malicious software download called XP Repair.
Ended up re-doing everything from formating the hard drive on up to re-installing everything.

  One thing I did learn was the beauty of an Acronis Backup Image. I had the software, I had never "recovered" an image.
(I had no recent image of my hard drive, so I could not even try it)

  However as I rebuilt things I did Acronis image backup at various stages. I had gotten 50 rungs up the 100 step ladder, and I had a major problem and was going to have to start over....
  I had nothing to loose, so I tried using the Acronis Recovery from the recent good image.
Wow.... in 35 minutes the hard drive files were erased and put back at the time point state of the image.
All system files, all application data.

  This is recovery of the active drive (C: for me). Acronis calls this a "My Computer" image on C:.

  Incredible.

  If I had a recent image of my system drive..... Someone could open my laptop and steal my hard drive or run over it with a Mac truck. I could slap a new drive in, and be back in business in 35 minutes. (Image is on an external drive, and a CD rescue disc was made and set aside (rescue disc boots computer and has copies of the acronis software on it.)
USB connect external drive to laptop, and you are off and running using your rescue disc to redo the hard drive. Your hard drive will have all the software and anything else you had on C: drive, exactly like it was before someone "stole your hard drive". The restoration is TOTAL, no re-registering ANYTHING !

  People also use this to migrate easily to a new and maybe larger hard drive.

  Eminently better than Restore points.....

  This "XP Repair", in the end, punished me for deleting its files by making it so ....that the computer would reboot one minute after it started to boot (endlessly), and I saw (before this) that all my Restore points had been erased (I make one every day automatically). Also it changed my Administator password, so I was not able to boot up on the original XP discs and use the Recovery Console.

  Anyway I just want to advocate for Acronis...(I am using Acronis Home 10, I bought a few years ago).
I saw it work, and I am making regular backups, and I really feel protected.
.....Ed

P.S. You can also by Acronis Disc Director (at a discount if you own Image, or you might be able to buy them together for a discount), ....... I love the ability to create a new virtual disc anytime w/ Disc Director.

A "My Computer Image" is a *Disc Image*, Acronis has a context menu addition which allows you to "mount" a disc image.
So you can view it as a temporary new virtual drive.  Really nice. Other types of images you can make with Acronis are not mountable.
« Last Edit: August 13, 2011, 12:40:45 am by EdPellesC99 »

Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 566
    • Homepage
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #1 on: August 13, 2011, 12:55:51 am »
This "XP Repair", in the end, punished me for deleting its files by making it so ....that the computer would reboot one minute after it started to boot (endlessly), and I saw (before this) that all my Restore points had been erased (I make one every day automatically). Also it changed my Administator password, so I was not able to boot up on the original XP discs and use the Recovery Console.

To change the passwords offline, you can use the Offline Windows Password & Registry Editor.

I do daily backups of my data, but no imaging, since if I reinstall my system the programs have already gone through various updates.
I don't think installing an image with outdated software is practical.

Due to the latest experience with Win7, I would only create an image of Windows with the latest service pack installed, since installing the service pack seems to be more tricky than it should and takes quite long.
---
Stefan

Proud member of the UltraDefrag Development Team

Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #2 on: August 13, 2011, 02:36:09 am »

This XP Repair (they wanted you to download their repair software) was unreal, I would guess that it had changed the attribute on over 200,000 files to read only (One entire virtual drive too).

The image is an absolute snapshot of your drive at that point in time, including every tweek, every update to ALL software you have ever made, every hotfix, NOTHING is left out.

Once you recover .... you are exactly where you were before your problem. There may be other companies that do as well as Acronis, I don't know... but the concept is fantastic protection, and it works perfectly, easily, and FAST, only a harware failure other than your hard drive could defeat you temporarily (until the hardware problem got fixed).

The only caveat is: the image has to go back on the same computer, you cannot recover the image to a hard drive on a different computer. I was told you might be able to ....if it was a twin computer you had bought at the same time you bought the first.
... Ed
(wish someone had proselytized this subject to me, I found Acronis on my own, and did not even understand how valuable it was, I just used it for backups I could mount and view.)


CommonTater

  • Guest
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #3 on: August 13, 2011, 05:13:37 am »
The image is an absolute snapshot of your drive at that point in time, including every tweek, every update to ALL software you have ever made, every hotfix, NOTHING is left out.

Including the virus itself...  Any worm or trogen that lays dormant for some time before activating itself is also going to end up in that image.  And if you are silly enough to make the image after your system is in trouble you've just backed up your virus.

It all sounds real good until you realize the pitfalls... dormant viruses, updates gone wrong, spyware, tracking cookies, and on and on can and do find their way into the backup images.  The only truly safe system restore is to start from a clean OS install and reinstall all your software from manufacturer's distributions and then add all the *known good* updates after that.

Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 566
    • Homepage
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #4 on: August 13, 2011, 09:33:26 am »
This XP Repair (they wanted you to download their repair software) was unreal, I would guess that it had changed the attribute on over 200,000 files to read only (One entire virtual drive too).

This is why I don't install anything advertised by an add or an e-mail, since you are likely to install a bot, which just locks you out from your own system until you by rubbish for big money.

All these repair, tweak and other doubtful performance increasing products are just a waste of time.
---
Stefan

Proud member of the UltraDefrag Development Team

Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #5 on: August 13, 2011, 02:56:57 pm »
  I think if your have a history of images over the last several months, you could guess a likely clean image to pick.
I don't have the time to re-build [Edit: NOT that you do], I was thinking I was about to chuck this whole hobby.....
THAT was why I was so excited to find out: there WAS the kind of help I needed (images).

I was hit also a couple years ago, then called "Antivirus 2009", same sort of thing.
In each case it happened while I was streaming a video. Or in the first case it said I needed to install a video player (this was at an official political party in the US). In that case I was able to Restore to a restore point from the day before.

I have read that often it is in a video codec or in the installation that the dwnld takes place, these malicious software downloads (which are much larger than the miniscule virus executables) are a horse of a different color.

This XP Repair also did that to my DeskTop, and StartUP, and my Quick Launch area of the taskbar.
I am really surprised they just don't plant a last program to go off if you don't link to their site and buy ..... and destroy all the files on your computer.

SideNote on recovering an image:

I recounted my recovery. I neglected to add these details:
I of course, putting my computer back together had re-installed Acronis, and just made an image. The image though I did not produce on an aux hard drive, but my primary partition of my primary drive (C:).

To recover, I just opened Acronis, and pointed to the image, Acronis then re-booted and then went into Acronis in the pre-windows state, it took 35 minutes and I guess the only thing that did not get erased and replaced was the Acronis software and the image(?) I really don't remember if the image was still present.... I moved on (deleted it if there) from then on making images to the aux drive.

Images on an external drive are the way to go though...... it amazed me that it could also work with an image on the computer hard drive.

My C: had only about 35 Gb on it at that point, and 35 minutes to recover was a bit fast as I was not slowed by the USB 2.0 connection to an aux drive.

Obviously the bigger the primary partition on your computer you imaged, the longer it would take.

For this reason Acronis advises ONLY software/and settings of course on you primary partition of your computer's hard drive...this in order to keep C:\ as small as possible, so images take up less storage space and are faster to recover from.
So I have Video/images on virtual drive F:, and software files All on  drive D:.

Of course I also have a "My Computer Backup" (=entire drive backup) image I keep updated for each of these virtual drives.

One last point is .....Once you make the initial image which on a 50 Gb of files C: could take 40 minutes, then next day you can do it again to the same image (called an incremental image) ..... so in my case the first image is called "C Drive Image.tib" (could be @ 30 Gb in size), the next day the new file will be "C Drive Image1.tib" it will take one minute to produce and will be small. The next day if I wanted to recover, I would choose the primary image, Acronis will ask if you want to restore to the snapshot taken initially, or to the snapshot taken the second day. If the second day, it will take all differences into account.

Edit:
I just did a fresh Initial Drive Image. Drive size = 16 Gb, size of image = @9.5 Gb, and it took under 10 min to an aux drive with a slow XP SP2 computer.
They say you should not go beyond Initial image and maybe 11 incrementals. So at that point you just redo making a new initial image.

Anyone that wants to play with this, just needs to get Acronis, make an image to an aux drive.
Then replace their primary drive with a brand new hard drive, and Recover your image.

This way you could prove it could be done without danger, and long before you have the panicked situation to deal with (without any experience).

OK I am off my soapbox !

Just know that the more time you invest customizing your computer, and installing all sorts of software with custom settings:
the more there is for a virus to destroy, and the more pain you will be in unless you prepare properly for the disaster.

I was running ZoneAlarm and MacAfee, both up to date, and using MalwareBytes now and then ..... and I was smacked down without a clue.

... Ed (I do suspect that XP is becoming more and more vulnerable, with the billions of new eager users in the last few yrs)

....Ed
« Last Edit: August 14, 2011, 04:50:20 pm by EdPellesC99 »

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 761
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #6 on: August 14, 2011, 05:03:24 am »
McAfee AV is carp, better try AVast! instead, saves you money too.
Getting stung twice by the same scam is tough, but with a little  bit of common sense it takes just a few minutes to get rid off that malware without all those imaging hassle. And it won't do you any good if you ever change any significant part of your hardware, for example a new video card with a different chipset. You will have more hassle to try an get your previous image running than by getting rid of the malware in situ...
But common sense is still the best way to go (I have myself not caught a virus in +20 years that that shyt is around) and when you got hit repeatedly, start using a sandbox (like www.sandboxie.com) when engaging in activities that you think got you the malware...

Ralf


Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #7 on: August 14, 2011, 04:42:57 pm »
Tx Ralf,

  I may look into Sandboxie....

  I am now using Kaspersky, but in the beginning it was driving me nuts calling programs I wrote Trojan infected and deleting them !  I had to disable many features.

  I may not convince anyone else to backup using Drive Images, but no one will convince me it is not worth doing !  :)
...  Ed

CommonTater

  • Guest
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #8 on: August 14, 2011, 05:23:33 pm »
Yes it is worth doing... But only on a fresh clean install... I wouldn't want to use an image made months after a system goes into regular use, for the simple fear (already stated) that some viruses do lay dormant and may get into an image.

For the problem of programs being tagged as trojans and viruses... Are  you including manefests in your program's resources.  Often that will get you around the windows 7 UAC and many virus scanners.  Simply add the example below (with appropriate edits for program name and version of course)....

Code: [Select]

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity type="win32"
                    name="AutoLogon"
                    version="1.0.0.0"
                    processorArchitecture="X86" />
  <description>
    Auto logon tool
  </description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32"
                        name="Microsoft.Windows.Common-Controls"
                        version="6.0.0.0"
                        processorArchitecture="X86"
                        publicKeyToken="6595b64144ccf1df"
                        language="*" />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel  level="asInvoker"
                                  uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

« Last Edit: August 14, 2011, 05:25:28 pm by CommonTater »

Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #9 on: August 14, 2011, 05:29:06 pm »
Thanks much Tater,

  I will have to explore this in a few days,

appreciate it .........Ed

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 761
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #10 on: August 17, 2011, 07:03:29 pm »
Tx Ralf,

  I may look into Sandboxie....

  I am now using Kaspersky, but in the beginning it was driving me nuts calling programs I wrote Trojan infected and deleting them !  I had to disable many features.

  I may not convince anyone else to backup using Drive Images, but no one will convince me it is not worth doing !  :)
...  Ed
Well, if it is worth doing, it's a typical "YMMV" kind of thing...

I am working in (outsourced) IT services for small businesses and I got used to remove these kind of things on a regular bases. And using the sandbox is one of the simplest things that people can do from preventing malware to set foot on a system, it's just a matter of discipline.

I personally had NEVER a virus infecting any of my own systems ever, for the whole +20 years that computer viruses are spreading. Not counting the very first time I encountered the "fall leaf" virus back in '88, which a colleague planted on my PC at work, but that was more a prank and easily removed backed then...

Ralf

megafiddle

  • Guest
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #11 on: August 23, 2011, 12:39:47 am »
Norton ghost works well also. I use the older version 2000-something.

My image file is less than 2 Gbytes, so it only takes a minute and a half to restore
XP, drivers, and other software. I don't even bother defragmenting. When things
get slow or questionable, I just restore the original installation. In addition to the
external drive, I keep a copy of the image on the D: partition just for that purpose.

The Acronis backup sounds similar to the newest version of Ghost. I like the old version
as it can create a "forensic" image file, an exact duplicate. I'll check the new version out
further when I build the new computer. It doesn't explicitly say the images are forensic,
so they may not be. It also runs from a stripped down version of windows. Older version
runs under DOS.

CommonTater

  • Guest
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #12 on: August 23, 2011, 01:05:24 am »
I am no fan of Symantec products.  I've had so much bad experience with them that I remove them wherever I find them.

Trust me Megafiddle... you can do much better for a lot less money...

Offline EdPellesC99

  • Member
  • *
  • Posts: 185
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #13 on: August 26, 2011, 05:30:25 pm »
Sandboxie.

Well I visited the site, and yikes it looks like it could add complexity to my life !

I don't need to be trying to constantly keep something functional !

Maybe a Super Concept,
... wish Microsoft would have it function within the OS.

I am beginning to think your development computer should not even have an internet connection, if you want assured, simple, perfect protection !

Now to ask a dumb question to get varied responses.

All my computer life I would hear references to a hardware firewall.
The only way I can see it is a separate computer for the Internet, and scanning All Files before placing them on your development computer.

What other kind of harware firewall would there be?

Tx, Ed




Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 761
Re: Recovering your Hard Drive from Disaster. What I now Know.
« Reply #14 on: August 26, 2011, 10:06:26 pm »
Sandboxie.

Well I visited the site, and yikes it looks like it could add complexity to my life !

I don't need to be trying to constantly keep something functional !
There is absolutely nothing complex about it!
I have set this up for both 12 year old kids and senior citizens in their 70s and it just works...
Quote
All my computer life I would hear references to a hardware firewall.
The only way I can see it is a separate computer for the Internet, and scanning All Files before placing them on your development computer.

What other kind of harware firewall would there be?
Well, you can get some pricey stuff from Cisco, Juniper, etc or go with a Linux based on like Smoothwall (www.smoothwall.org). I am using that one for pretty much the whole 11 years that this is available now, having installed probably a few hundred boxes by now. And I am one of the regulars/forum admins doing most of the support on their forum (community.smoothwall.org). There are some other, partially forked ones out there, like IPFire (IPCop is dead by now), MoNoWall, Untangle and a few others....
It prevents unsolicited access from the Internet and as it is based on a restricted kernel and shell, not prone to be bypassed like all those software firewalls that run themself on top of a exploitable OS. You can restrict outgoing connections and there are several add-ons to both restrict access to URLs as well as scan for contents and/or malware utilizing ClamAV. And you can even install spam filtering addons rivaling commercial software if you run your own email server behind it. In all, IMHO far more flexible and adjustable than those commercial blackboxes from "the big guys"...

Ralf