rid viruses through backup restore

Pants · Jul 12, 2014

Does restoring a full backup get rid of viruses on the system, assuming the backup is clean ?

I want to say 'yes', but I'm not sure if existing files are deleted when backup is restored.

red12049 · Jul 12, 2014

Pants said:
Does restoring a full backup get rid of viruses on the system, assuming the backup is clean ?

I want to say 'yes', but I'm not sure if existing files are deleted when backup is restored.

Define "full backup"?

What about the MBR?

Rick

Pants · Jul 12, 2014

red12049 said:
Define "full backup"?

What about the MBR?

Rick

Ok, I guess "full" back up is vague. How about "all files in all folders" Including the MBR

CLC · Jul 13, 2014

Pants said:
Ok, I guess "full" back up is vague. How about "all files in all folders" Including the MBR

I would say you are only safe if you have a complete hdd/partition image, otherwise I would not trust it at all.

cooltech · Jul 13, 2014

You could just mount the backup image and scan it before re-imaging it on to another drive. If you are afraid it may have virus or whatnot.

red12049 · Jul 13, 2014

Pants said:
Ok, I guess "full" back up is vague. How about "all files in all folders" Including the MBR

"ALL file in all folders" would indicate that you are using some sort of boot disk and alternate OS to do the restore, and that you are wiping out the partition, including the MBR. In that case, you should be safe, assuming the backup is clean.

If you are doing the restore from within Windows, you are NOT replacing everything, and therefore, not safe.

Rick

Pants · Jul 13, 2014

Insightful. thx

AlaDes · Jul 13, 2014

I've had three machines that I know of that the only way I was able to rid the system of a rootkit was to use imagex and apply the factory image manually. At the time, none of the tools I was using would detect it and every time I tried performing a factory restore, all three machines would blue screen during the last phase of the restore.

nlinecomputers · Jul 13, 2014

On systems that you suspect are infected with a root kit but you are certain you have a good clean backup I would use Darik Boot and Nuke to completely erase the disk. Writing zeros to every sector guarantees that no code is hiding anywhere. Then you can restore the image on a clean drive.

Though that is probably overkill. Imaging software should create a new MRB on the restore.

rid viruses through backup restore

Pants

Active Member

red12049

Well-Known Member

Pants

Active Member

CLC

Well-Known Member

cooltech

New Member

red12049

Well-Known Member

Pants

Active Member

AlaDes

Active Member

nlinecomputers

Well-Known Member

Similar threads