Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backup/transfer files on potentially "unclean"/infected PC


  • Please log in to reply
5 replies to this topic

#1 creighs

creighs

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:04:36 AM

Posted 06 May 2009 - 06:53 PM

Hello!

I want to preface this post with: this is not about malware per se. Rather, I have provided some background info to put the question into its proper context. Also, this may sound like a bit of a stupid question but I'm going to ask anyway.

Background on the issue: I've had my desktop PC for about eight years and I've never backed it up or formatted it (yes, it's stupid). Recently I've been concerned that I may have the notorious Conficker virus (and I will post about this later when I have more time). If I do have it, the infection on my desktop computer would have been via usb from my laptop computer, which in turn was most likely infected by usb (and I may have another infected usb from using it on an infected computer). (My desktop and laptop also share a secured wireless network connection, which may be an additional problem I have to deal with later).

I have heard that Conficker disables system restore, and since I never backup my computer, I would like to try doing (or at least transferring my files) that before attempting any malware troubleshooting. So here are the questions:

1. If I attempt to transfer files/backup to an external hard drive that connects via usb, the drive will become infected and then connecting it again after cleaning any malware from my machine will simply re-infect my computer(s), correct? In the event that I do not have Conficker but have some other non-usb-transmitted malware would transferring files (.mp3, .doc, etc) to an external HD have the same result - infect that HD and re-infect when re-connected to my now-clean computer(s)?

2. Also, is a printer that connects by usb able to be infected and capable of re-infecting a machine (for a conficker infection)?

3. Finally, how do you clean the actual removable media that has been infected (i.e. is there a way I can make sure I don't re-infect myself)? One more, sorry - what about preventative measures such as disabling "autorun" (or any of those auto- affiliates)?

4. Does my personal network need to be cleaned somehow as well? Currently I am connected with my desktop by wired LAN instead of wireless


INFORMATION:

- Windows XP SP3 (both Desktop and laptop PCs)
- Linksys WRT54G Router
- Removable storage (a) usbs: 256MB San Disk Mini cruzer + some crappy 4GB Mobile Disk GXT (used in both desktop and laptop)
(:thumbsup: external HD 160GB Maxator OneTouch - software and driver installed several years ago, but no data has ever been transferred (only installed on desktop PC)
- Printer (if it matters) HP DeskJet F4120 All-in-one


Thank you for any help you can give me!!
S.

P.S. - I didn't include any hjt or other analyses because I didn't deem it to be appropriate at this point. I hope that's okay. Let me know any other information that is needed.

BC AdBot (Login to Remove)

 


#2 commart

commart

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:36 AM

Posted 07 May 2009 - 01:22 PM

I'm no expert, but as I've been helped here, I thought I'd try to produce two cents worth of wisdom on the matter.

This is from Symantec's description of "Conficker": "The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network." http://www.symantec.com/norton/theme.jsp?t...=conficker_worm

I've skirted a rebuild of my own machine recently--Microsoft released appropriate program updates just ahead of my reformatting my program drive--but produced two kinds of backups in preparation: one was copying a data drive to an external unit; the other was extracting the most critical of critical data from the disk, and that material was copied to DVD. Prior to copying, virus scanning was done, and I familiarized myself with all .exe and .inf files in the backup collection.

My current end configuration is a 1-TB external drive supported by Norton Ghost, but for this episode, I produced a straight copy of data (I'm not confident about either encryption or compression involving image files).

Advice: work through the virus detection issue; identify backup your most critical data dicrectories and files--e.g., financial, saleables, contracts, etc.--to DVD's. I don't know how Conficker works, but, in general, data files should not have executable properties, so I think (gosh, here's the newbie) if you know your data files, you'll be okay with an optical media solution. It sounds like the USB elements -- drives and sticks -- involve drivers that couple or host the malware of interest.

#3 creighs

creighs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:04:36 AM

Posted 07 May 2009 - 05:18 PM

Hi commart,

Thanks for your reply! Whew, I'm glad I can at least toss some of my files onto DVD. Mp3s however, don't look like they'll make it that way. Do you (or anyone else out there) know if I can somehow compress mp3s? I'm not very familiar with archiving/compression stuff either...Regarding Confisker: I've read a ton of stuff on Conficker the past few days/weeks, and for the most part I seem to be okay, but my spidey senses still tell me something's not quite right. I'm going to ask for help about malware in another post. When I do I'll post the link here - just in case anyone is interested/wants to help me out! :thumbsup:

Thanks again!

#4 commart

commart

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:36 AM

Posted 08 May 2009 - 01:52 PM

Hi, creighs--

I've just returned from weeks of witch hunting across my drives, and while I may have done a few things to stop that, the break came with Microsofts distribution of updated Office 2007 software.

I'm adding back peripherals, reinstalling original drivers and updating them, and carefully, carefully rebuilding a peripheral or program at a time.

DVD's are good for about 4.5GB here, which is fine for documents and just not adequate for collections of photography (my onboard music collection is rather modest).

My Rx in light of my computing level: devise a strategy for combing your computer for viruses using trustworthy software; if all looks clean, purchase an external HD or similar solution as a container for data files. For fee, there are also web-based FTP sites and backup services. Either way, redundancy amounts to insurance.

The malware gurus here have a lot to offer. My track is to become a better basic XP box administrator while making mental note of routine computer behaviors and watching for oddball events. Also, these days, I've got a lot of log information for looking over, but one needs a way of interpreting messages, especially error messages, and just learning about that takes on into the machinery as an administrator rather than end-user might experience it.

In that this has helped me, I'm passing it on: http://www.tweakguides.com/TGTC.html

The "turnkey" experience in consumer computing works, more or less, up to the first update. Then it's a changed box, and it may be fine, but I suspect over time, even with caught and neutralized hacks, the complement of software and software errors add up and our machines take on "personality"--i.e., quirks.

#5 creighs

creighs
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:ON
  • Local time:04:36 AM

Posted 09 May 2009 - 10:46 AM

Weeks eh? Damn it, sounds like I'm going to be at this a long time as well. How big/full was your internal HD? Scans are taking me F-O-R-E-V-E-R :thumbsup: . Thank you for all of your advice, I really appreciate it! What do you mean when you say "the break came with the update of 2007 Office"? Is that where the problem originated?

I'm nervous to format my computer because I've had it such a long time that I'm worried tech support for stuff (umm...I don't know what) is expired - or if certain companies no longer offer driver/software updates for the stuff I have. Thankfully, I've been very good with keeping the cds and most of the documentation for everything. But since I've had the comp for so long I'm wondering if it's even worth it??

Here's my plan of action for the time-being - if you could let me know what you think that would be great. I have a pack of about 25-30 DVDs, so I plan to grab all my files/mp3s, burn them, and then delete the files from my HD so it would speed up the scanning/malware removal process. Or do you feel it would be best to get things as clean as possible before doing that? Ugh, just thinking about all the files I need to find/go through, while making sure I get ONLY the files and not anything evil, makes my head hurt. I definitely have at least two evil things on my comp - I did some digging around yesterday and it looks to me (with my limited knowledge base) like some funky stuff is going on.

This is going to take me a while...and I have my stupid laptop to deal with next...blah.

Thanks again!

#6 commart

commart

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:36 AM

Posted 09 May 2009 - 08:53 PM

I like that old bumper sticker: "Don't follow me -- I'm lost."

:thumbsup:

My old geek music friend from whom I have gotten some help and advice of the years is a chief engineer (senior, in any case) at Lockheed Martin. Back in the day, he chowed down on the latest operating systems for breakfast. These days, I think he's running a Linux box with open source software. The problem is, when he suggests a "clean install" of an OS, that's just fun (and he's got tape backup and numerous other computers on his home system). For us mere mortals, a "clean install" may not be so much fun, and, yes, a Dell or other might turn out the more cost efficient solution after all (just remember to deauthorize the box with an iTunes account before laying its drives to near permanent rest).

My problem: I had an edition of MS Outlook (from the Office 2007 Professional suite) that "hung" primary by chewing up computing resources (I'd watch task manager on this and note the time when it jumped from a background one or two percent of CPU use to between 50 and 100 percent of use)--then I could check that time against log warnings and errors. It was a frustrating experience because one either commits to understanding error codes--and understanding the computer--or one reads these messages as gobbledygook. While working that issue . . . paranoia comes into play. If something's not working right, maybe . . . it's a software conflict . . . or malware.

I could turn out to be a hardware issue--bad sectors on a drive, lost RAM, etc.--but we don't think that way. When something goes wrong, suspicion of others (malware, ineptitude) becomes part of the fix-it complex.

In may case, I started to "build back"--eliminate programs, unplug peripherals, look over .exe files, etc.--in an effort o simplify the issue.

The friend I've mentioned told me several weeks ago that not only did Outlook have issues but that Microsoft was about to issue a new version of the program (Service Pack 2 Office 2007). That didn't keep me from looking for other problems, but it slowed me down, and down near the wire, I chose to update Microsoft software even though my intentions were to rebuild the computer.

It turns out the update appears to have worked.

My next bump: I'm feeding off my wireless route and wondering what will happen when I plug in the cable directly--will my computer and firewall continue to behave as a "stand-alone" unit or will think itself a server? I don't know how to know that in advance or in general today.

Regarding your DVD backup solution: I've had a couple of failures with DVD's, but by and large my collection has held up for up to seven years, so I think you'll be happier with a music collection backed up in that way, but be prepared for occassional failure.

As regards scanning and malware removal, my programs, starting with AVG, allow me to specify drives, folders, and files for scanning, so, for example, I can cut out scores of NEF files. I really don't think the size of the job matters nearly as much as the integrity of the software installed and applied for the work. A good "hack" may neutralize security software, alter the file names of files involved in the attack, and generally plant code that masks its presence. I think this is where Hijack This and other applications come in; this is also the point where my friend would say "start over"--clean OS, clean software, new firewall, etc.: high confidence in the unit.

When you say " . . . at least two evil things on my comp," I'd query about updated software or new software installs that may have aged your unit in generational terms.

I built my own computer and hoped when I did that I would be able to "freeze" its software complement as well as swap out parts as needed over the course of years. It hasn't been all awful, not by any means, but we all field operating system and other software updates over time, and they're only loosely coordinated across firms, so I would think the opportunities for conflicts and code errors would simply increase over time given the industry's culture and user-located personal and social computing behaviors.

I'm operating on about 50 percent of a 950 GB system, but my program drive is just 150GB's and about 70 percent in use. Some areas, e.g., most of Adobe, I trust. I don't feel I need software checking out every file associated with, say, Dreamweaver or Photoshop.

You may want to make sure that you can see all of the files--no hidden files--on your computer as its administrator. As regards true data files--no hidden extensions--they shouldn't be a worry. Probably, it's just good computer-keeping to have that valuable material backed up.

Having both lurked here a while and more recently asked for help, I feel I could do with improved administrator methods--less guesswork, less suspicion, and a more step-by-step approach to logs, tools, and use of the Microsoft "knowledge base". The good news is that it's possible; the bad news is people major in computer science and obtain administrator certificates and other credentials over the span of years. I'm not afraid of stepping into the swamp--I just want to avoid the deep spots, and I don't want to be in it for, say, 30 percent of my working hours.

Hope some of the rambling helps.

--Jim




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users