Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After RootKit - How do I restore Data


  • Please log in to reply
3 replies to this topic

#1 Lt Kije

Lt Kije

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 May 2010 - 03:06 PM

I had a nasty rootkit infection on my computer. I saved very important data to a DVD disc. Then, I reformatted my C:\ drive and reinstalled everything. I now have the latest Zone Alarm antivirus, WINxp updates and a USB backup drive.

There are differing opinions about restoring data previously from a rootkit infected system. Some have indicated that any data on an infected system should be immediately saved and put in a secure location presumably to use after the new clean system is available. Others have said that once infected, nothing on the once infected computer should be reused. Which is right?

Now that I have a clean computer, what procedures can I use to safely restore the data on the above mentioned DVD disc? (There are no *.exe, *.sys or *.dll files on the DVD)

Thank you,
Lt Kije

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 PM

Posted 06 May 2010 - 07:51 AM

You can restore up all your backed up important documents, personal data files, and photos. The safest practice is not to restore any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid restoring compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.

Then make sure you scan the backed up data on your disk with your anti-virus prior to to copying it back to your hard drive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Lt Kije

Lt Kije
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 06 May 2010 - 05:12 PM

quietman7

Thanks for your help. I will follow your instructions.

Best Regards,

Lt. Kije

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 PM

Posted 07 May 2010 - 06:05 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users