Can a virus reinfect your PC even if you do an Acronis restore from aclean image while inside Window

  • Thread starter Thread starter RayLopez99
  • Start date Start date
R

RayLopez99

Can a virus reinfect your PC even if you do an Acronis restore?

I suppose there are two answers: a theoretical and practical, the
latter being something you've actually seen or heard about. Please
feel free to share both.

I am more concerned with practical answers. Assuming somehow a virus
can jump (or stay) on your HD even after you do an Acronis or Symantec
Ghost image restore onto your HD, from a clean, virus free image,
while under Windows 7 (that is, you do the restore while running
Acronis from inside of Windows 7), how do you prevent this? Boot from
the CD before doing the restore?

RL
 
Can a virus reinfect your PC even if you do an Acronis restore?

I suppose there are two answers: a theoretical and practical, the
latter being something you've actually seen or heard about. Please
feel free to share both.

I am more concerned with practical answers. Assuming somehow a virus
can jump (or stay) on your HD even after you do an Acronis or Symantec
Ghost image restore onto your HD, from a clean, virus free image,
while under Windows 7 (that is, you do the restore while running
Acronis from inside of Windows 7), how do you prevent this? Boot from
the CD before doing the restore?

RL
Click to expand...

Malware that resides in the MBR (as in a bunch of the new rootkits) is
one that could sneak past the process.

If I suspect any malware like that, I delete at least the active
partitions on the target drive before restoring the image.

This obviously means booting from the image application's boot disk.

I do this anyway, as I've been bit in the ass before by trying to
restore an image while running from the same Windows installation that
I'm trying to restore.

Considering the crap that some of the newer scareware does to subvert
doing *anything* to get around it in Windows, I think I'd not even
bother trying to restore an image via a Windows app.


--
"Shit this is it, all the pieces do fit.
We're like that crazy old man jumping
out of the alleyway with a baseball bat,
saying, "Remember me motherfucker?"
Jim “Dandy” Mangrum
 
Macrim's good, but any decent backup/image app that also has a bootable
media option should do just fine in this situation.
Click to expand...

Thanks for your opinion Nobody.

One problem with your suggestion: the malware in question does not
allow (when it is active--it's weird malware that is either on or off,
and sometimes often off for days) you to view your hard discs when
booting from the Acronis Bootable Disc. That is--and it's possible
that my Acronis disc was improperly made (I'll double check)--when I
boot from Acronis bootable recovery disc no hard discs are seen and
nothing can be done (I've not plugged in an external USB hard drive,
I'll have to test that next time the malware is "on"). But fear not:
I have a solution (I'm still trying to catch this virus--if it's a
virus, and BTW I suspect it's a rogue program that I downloaded and
not a virus) if I was to do a reboot: that solution is exactly the
same as yours ("If I suspect any malware like that, I delete at least
the active partitions on the target drive before restoring the
image") , but I thought of it independently that's why I say it's
mine! :-)

BTW, a great program to catch malware and rogue programs (and it
caught this problem, and since the removal of a rogue program
identified by the program the problem has not reoccurred--hence I'm
putting off restoring from an old, clean drive image until --if and
when- the problem reappears) is this one: Hitman Pro 3.5. This
program is so good, I might actually buy it.

RL
 
RayLopez99 said:
Can a virus reinfect your PC even if you do an Acronis restore?
Click to expand...

If you are talking about a clean image being written to disk, then no
*virus* will be able to be persistent.

Theoretical - it is possible now I believe. The one thing preventing it
in the past was that there wasn't enough room in firmware to put the
entire virus. Code from the firmware had to be displaced to somewhere on
the harddrive to make the virus work. Removing (overwriting) the
displaced code would make the virus not work, resulting in a case of
corruption rather than a viral infection.
I suppose there are two answers: a theoretical and practical, the
latter being something you've actually seen or heard about. Please
feel free to share both.
Click to expand...

Aside from the *virus*, it now seems possible (though unlikely) that
malware can reside in firmware and be persistent even when the harddrive
is outright replaced.

(if lojack for laptops can be persistent in this manner, so can malware)

There's no current malware doing this to the best of my knowledge.
I am more concerned with practical answers. Assuming somehow a virus
can jump (or stay) on your HD even after you do an Acronis or Symantec
Ghost image restore onto your HD, from a clean, virus free image,
while under Windows 7 (that is, you do the restore while running
Acronis from inside of Windows 7), how do you prevent this? Boot from
the CD before doing the restore?
Click to expand...

Yes, IMO you shouldn't restore an image from a possibly tainted
environment. I think you run the risk of having the fresh image tainted
if you do, though I haven't heard of this actually happening.
 
BTW, a great program to catch malware and rogue programs (and it
caught this problem, and since the removal of a rogue program
identified by the program the problem has not reoccurred--hence I'm
putting off restoring from an old, clean drive image until --if and
when- the problem reappears) is this one: Hitman Pro 3.5.  This
program is so good, I might actually buy it.
Click to expand...

I spoke too soon. While I like Hitman Pro 3.5--it's very aggressive
in labeling stuff malware which I like since it forces you to think
whether you really use the program and wish to keep it--the program
that Hitman identified as malware and which I removed from my system
did not stop the 'virus' (if it's a virus; i might be some hardware
acting up or some software driver acting badly).

RL
 
Can a virus reinfect your PC even if you do an Acronis restore?
Click to expand...

if i take your question literally then the answer is obviously yes.
there is nothing that would stop a virus from *reinfecting* the system
after it's removed, regardless of how it's removed. if you are exposed
to the infection vector a second time then you can expect to become
infected a second time. it would be absurd to think that just because
you removed it once your system became magically immune to it upon
subsequent exposures.

but i don't think that's what you really meant to ask.
I suppose there are two answers:  a theoretical and practical, the
latter being something you've actually seen or heard about. Please
feel free to share both.

I am more concerned with practical answers.  Assuming somehow a virus
can jump (or stay) on your HD even after you do an Acronis or Symantec
Ghost image restore onto your HD, from a clean, virus free image,
while under Windows 7 (that is, you do the restore while running
Acronis from inside of Windows 7), how do you prevent this?  Boot from
the CD before doing the restore?
Click to expand...

if you're concerned about malware persisting then make sure you're
restoring the entire disk, not just the drives, or you'll miss
sections of the disk that are outside the scope of C: drive, D: drive,
E: drive, etc.

if you're concerned about the malware coming back then make sure you
don't come into contact with it again - make sure you eliminate it
from all removable media in your possession, make sure you remove it
from all removable media that comes into your possession, make sure
drive-by downloads can't happen anymore, etc. as you can imagine this
is verging on the realm of impossible. there really isn't any way to
guarantee with 100% assurance that some arbitrary piece of malware
won't be encountered a second time after you cleaned it off the first
time. there may well be steps you can take for specific cases, mind
you, but those involve knowing how the malware infested your system in
the first place and taking steps to prevent that particular entry
point from being usable in the future.
 
Can a virus reinfect your PC even if you do an Acronis restore?

I suppose there are two answers: a theoretical and practical, the
latter being something you've actually seen or heard about. Please
feel free to share both.

I am more concerned with practical answers. Assuming somehow a virus
can jump (or stay) on your HD even after you do an Acronis or Symantec
Ghost image restore onto your HD, from a clean, virus free image,
while under Windows 7 (that is, you do the restore while running
Acronis from inside of Windows 7), how do you prevent this? Boot from
the CD before doing the restore?
Click to expand...

Theoretically and practically, noway, Jose -- because I want to Ghost
entirely outside Winderz. Yes, booting from a DOS boot CD is feasible
- for running Ghost -only- under DOS. Sending out the image off for a
rewrite between disparate HDs, however is the fastest -- 50KBS if the
MB natively supports the transfers (takes me two minutes to restore a
Winderz C: 800Meg image). Well almost. I'm not into Root Kit virus
attacks, or whether and whatever it's going to take to stop a virus
from begriming beneath a HD format (FDISK /MBR - HD's manufacturer LLF
format routine?). Of course if Windows isn't "hardened" and someone
is able to 'get through' . . . there's plenty of software engineers
and system analysts with only the highest marks and advanced training
from the best schools nationally;-- A sizeable portion being
unemployed in this economy with nothing better to do than sit home and
wait for you to let them in.
 
Back
Top