Go Back   Technibble Forums > General Computers > Tech-to-Tech Computer Help

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 12-10-2010, 10:19 PM
11fingers 11fingers is offline
 
Join Date: Aug 2010
Posts: 44
11fingers is an unknown quantity at this point
Default What to do about viruses inside an Acronis image?

I take an Acronis image of my client's HDD before I begin a virus removal process, or a migration, etc. But lets say I need to restore that image back to the HDD or another HDD: what about the viruses inside? Should they be cleaned out of the image itself before restoring it? Is this as thorough/reliable as doing a regular virus scan while windows is running?
Reply With Quote
  #2  
Old 12-10-2010, 11:00 PM
Crgky127 Crgky127 is offline
 
Join Date: Feb 2008
Posts: 598
Crgky127 is an unknown quantity at this point
Default

If you restore the image, the OS will be just as infected as it was before you took the image. You can then do a regular virus removal, or backup and reload.

If you can mount the image on your own machine so that it appears as a readable and writable slave drive, you can use scanners that work with slave drives, and remote registry tools. If Acronis can do this, let me know.

I know you can use Acronis to view the contents of an image and extract files/folders, but if you can also delete them, you might be able to tell what to delete by name and date. You can't get registry entries easily this way, and it isn't so reliable with the tricky infections, but it's the fastest way with easy infections.

I'd stick with option 1, and avoid modifying images.
Reply With Quote
  #3  
Old 12-11-2010, 12:37 AM
numnutz numnutz is offline
 
Join Date: Nov 2009
Posts: 537
numnutz is an unknown quantity at this point
Default

u make an image before you do you virus removal work just in case duing the removal process the system crashes even more or worse you can always put the system back they way it was before you touched it. after you sure you cleaned the system do another clean image??
Reply With Quote
  #4  
Old 12-18-2010, 05:17 PM
11fingers 11fingers is offline
 
Join Date: Aug 2010
Posts: 44
11fingers is an unknown quantity at this point
Default

Quote:
Originally Posted by Crgky127 View Post
If you restore the image, the OS will be just as infected as it was before you took the image. You can then do a regular virus removal, or backup and reload.

If you can mount the image on your own machine so that it appears as a readable and writable slave drive, you can use scanners that work with slave drives, and remote registry tools. If Acronis can do this, let me know.

I know you can use Acronis to view the contents of an image and extract files/folders, but if you can also delete them, you might be able to tell what to delete by name and date. You can't get registry entries easily this way, and it isn't so reliable with the tricky infections, but it's the fastest way with easy infections.

I'd stick with option 1, and avoid modifying images.
Yeah I have Acronis True Image Home 2010 and it does allow me to mount an Acronis backup as another drive in Windows. From there I can run the antivirus routine. However: mounting a drive known to be infected with god-knows-what is kinda like asking to have infections jump out into the rest of the system isn't it? I hope this isn't the case because the method you suggested would be just what I'm looking for!
Reply With Quote
  #5  
Old 12-18-2010, 06:14 PM
iptech iptech is offline
Banned
 
Join Date: Sep 2008
Location: PC Biz
Posts: 2,069
iptech is on the way
Default

Quote:
Originally Posted by numnutz View Post
u make an image before you do you virus removal work just in case duing the removal process the system crashes even more or worse you can always put the system back they way it was before you touched it. after you sure you cleaned the system do another clean image??
Yup, just do the virus removal on the live system. In any case, you should be able to remove viruses without the need to make an image, it justs wastes time.
Reply With Quote
  #6  
Old 12-18-2010, 09:09 PM
Xander's Avatar
Xander Xander is online now
 
Join Date: Oct 2008
Location: Niagara region, Ontario
Posts: 6,750
Xander is a jewel in the roughXander is a jewel in the roughXander is a jewel in the roughXander is a jewel in the rough
Default

Quote:
Originally Posted by 11fingers View Post
However: mounting a drive known to be infected with god-knows-what is kinda like asking to have infections jump out into the rest of the system isn't it?
No more than mounting a physical disc as a secondary drive in a clean system. So long as you're not running any files off of it and are only analyzing them, there's no risk.
__________________
Xander St Catharines Computer Repairs

New here? Watch this and read this. Remember, it's not our problem, it's yours so ask your questions well.
e.g. Make/Model#, Win version/SP#, BSOD 0x#. Consider posting Event Viewer logs, Autoruns exports or Speccy reports.
More info means better answers and less snark.

Don't be parasitic and only pose your own questions. Help others.

D7 question/idea/etc? Bring it to the D7 Forums.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:53 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.