What to do about viruses inside an Acronis image?

[11fingers]

I take an Acronis image of my client's HDD before I begin a virus removal process, or a migration, etc. But lets say I need to restore that image back to the HDD or another HDD: what about the viruses inside? Should they be cleaned out of the image itself before restoring it? Is this as thorough/reliable as doing a regular virus scan while windows is running?

[Crgky127]

If you restore the image, the OS will be just as infected as it was before you took the image. You can then do a regular virus removal, or backup and reload.

If you can mount the image on your own machine so that it appears as a readable and writable slave drive, you can use scanners that work with slave drives, and remote registry tools. If Acronis can do this, let me know.

I know you can use Acronis to view the contents of an image and extract files/folders, but if you can also delete them, you might be able to tell what to delete by name and date. You can't get registry entries easily this way, and it isn't so reliable with the tricky infections, but it's the fastest way with easy infections.

I'd stick with option 1, and avoid modifying images.

[numnutz]

u make an image before you do you virus removal work just in case duing the removal process the system crashes even more or worse you can always put the system back they way it was before you touched it. after you sure you cleaned the system do another clean image??

[11fingers]

Quote:

Originally Posted by Crgky127

If you restore the image, the OS will be just as infected as it was before you took the image. You can then do a regular virus removal, or backup and reload.

If you can mount the image on your own machine so that it appears as a readable and writable slave drive, you can use scanners that work with slave drives, and remote registry tools. If Acronis can do this, let me know.

I know you can use Acronis to view the contents of an image and extract files/folders, but if you can also delete them, you might be able to tell what to delete by name and date. You can't get registry entries easily this way, and it isn't so reliable with the tricky infections, but it's the fastest way with easy infections.

I'd stick with option 1, and avoid modifying images.

Yeah I have Acronis True Image Home 2010 and it does allow me to mount an Acronis backup as another drive in Windows. From there I can run the antivirus routine. However: mounting a drive known to be infected with god-knows-what is kinda like asking to have infections jump out into the rest of the system isn't it? I hope this isn't the case because the method you suggested would be just what I'm looking for!

[iptech]

Quote:

Originally Posted by numnutz

u make an image before you do you virus removal work just in case duing the removal process the system crashes even more or worse you can always put the system back they way it was before you touched it. after you sure you cleaned the system do another clean image??

Yup, just do the virus removal on the live system. In any case, you should be able to remove viruses without the need to make an image, it justs wastes time.

[Xander]

Quote:

Originally Posted by 11fingers

However: mounting a drive known to be infected with god-knows-what is kinda like asking to have infections jump out into the rest of the system isn't it?

No more than mounting a physical disc as a secondary drive in a clean system. So long as you're not running any files off of it and are only analyzing them, there's no risk.