Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System images, risks from system imaging and malware removal


  • Please log in to reply
4 replies to this topic

#1 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:24 PM

Posted 28 November 2014 - 03:57 PM

OK, i'm thinking i might have to do some reimaging of my system, again. It's all starting to feel very suspicious. I want to check some things first though. This is regarding windows 8 64 bit on toshiba hardware, the system imaging tool used is "windows 7 file history" in control panel.


1.Security. Will a system image utterly eradicate ANY malware that is lurking on the current system? Log off the infected system, plug in the image USB stick and use advanced recovery options to restore the image, but can malware get into the USB containing the image and infect it?


2.Reliablility, system images have worked before as a method of restoration for me, but system recovery via "system restore" or with "refresh/reset" or "recovery discs" have all failed. If system image based restoration has worked well in the past for me but all other types have failed then will system image always work fine (providing i have good system images backed up on USB sticks) in future, or could it randomly decide one day that system image was not going to work either?


3.Long term use. Is there a limit to how many times a system can be safely restored from an image, will something deep in windows or deep in the hardware decide "right you've reimaged enough times, this time i won't let reimage run"? Or will repeated reimagings cause a large amount of aging and degradtion of the harddrive or of othr hardware components? Also is system reimaging(with the windows built in "windows 7 file recovery" system imaging method) safe and relibale enough to be done, say, every few months, if things go badly and returning to a previous state is needed?


4.Windows 8.1 . Do images from 8 still work on 8.1, or if i "upgraded" to 8.1 would all my 8.0 images suddenly become unusable for going back to 8.0?

Thanks

Edited by rp88, 28 November 2014 - 03:58 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:09:24 AM

Posted 28 November 2014 - 06:18 PM

!) If the image is malware free, it will produce a malware free OS. Imaging the HDD/SSD etc will include malware and all. It is a copy/clone of the source drive.

2) Never had a problem with re-imaging a drive as long as I did not modifymove it in any way.

3) One can reimage a drive until it ultimately fails physically: Unfettered and free from restrain(s)....

4) An image can be used to recover no matter current OS.


Edited by bludgard, 28 November 2014 - 06:20 PM.


#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:24 PM

Posted 28 November 2014 - 07:19 PM

Thanks.

Regarding 1, to clarify. If a computer is new and clean in January and an image is made in Februaury, then the computer gets infected in May, and then the usb stick(from February) with the image on is plugged into the computer in June and used to load the computer up with the February image then ,as the February image is clean, the May malware will be fully written over and one the image is put onto the computer the user will have a clean system again by the end of the day in June when they reload from the old image. the May malware cannot survive that at all, and it can't get onto the image on the USB when the image USB stick is plugged into the computer in June. No types of malware can hide deep in the disc in a way that would survive this.

Edited by rp88, 28 November 2014 - 07:19 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:09:24 AM

Posted 28 November 2014 - 09:36 PM

I will never say anything is immune from infection (foolhardy). However, booting to Windows Preinstall Environment lessens the chances of infection greatly by bypassing the installed OS and self running .exe, .bat, .cab etcs. Lots of other dependable (and free) programs available to handle imaging.

Images created by Windows have some type of inherent protection, I believe. I know one has to administrate permissions to access the files within the actual backup directory.

Anyway; all we can do is hope for the best when booting from a reimaged drive for the first time. Never know... might have all been for nothing. Don't take it too serious, back yer stuff up and grab a few viruses. Have some FUN, old boy!

Sorry, had to throw that out there.



#5 NullPointerException

NullPointerException

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 November 2014 - 05:53 AM


 

Thanks.

Regarding 1, to clarify. If a computer is new and clean in January and an image is made in Februaury, then the computer gets infected in May, and then the usb stick(from February) with the image on is plugged into the computer in June and used to load the computer up with the February image then ,as the February image is clean, the May malware will be fully written over and one the image is put onto the computer the user will have a clean system again by the end of the day in June when they reload from the old image. the May malware cannot survive that at all, and it can't get onto the image on the USB when the image USB stick is plugged into the computer in June. No types of malware can hide deep in the disc in a way that would survive this.

If a computer is clean in January, and then the image in made in February and we do not know if it is infected, then we do not know if the image is clean or not. You can try removing all malware (By posting at the Malware Removal section) and then restoring the image, to be sure that the most likely now-gone malware will not transfer itself to the USB and then restore your system to the February image.


Edited by NullPointerException, 29 November 2014 - 05:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users