Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can a backup/restore factory image get infected?


  • Please log in to reply
20 replies to this topic

#1 enimen2

enimen2

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 22 May 2015 - 12:12 AM

I was wanting to do a re-install of my mom's computer, Im pretty sure she doesnt have a disk and the computer came with windows already installed with a factory backup image. Have had some virus issues and was wondering if its likely that it infected the factory image as well. In my personal opinion having the backup/factory image on the computer is a bad idea, better to have it on a seperate backup/recover USB stick or external hard drive that is only connected for backups or restores. Is there a way to get a fresh download from microsoft of windows 7 64bit which is what she is currently running now?



BC AdBot (Login to Remove)

 


#2 Havachat

Havachat

  • Members
  • 1,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:08:01 AM

Posted 22 May 2015 - 04:15 AM

Wouldnt think a Factory Image would be infected when on a different partiton to start with , but not saying it couldnt happen.

Ive used a lot to repair laptops and never had an issue ...yet.

 

I would try doing a fresh install from the factory Image first , this way Drivers are done and Software also , and then just Win Updates req.

If all goes well then copy the Factory Image to an external Drive as a Backup.

 

If you prefer to reinstall Windows 7 from a Disc you will still need a Valid Product Key.{ Or Embedded within Bios }.

Here is a Download Link .

 

http://www.microsoft.com/en-us/software-recovery

 

I havent needed to use this process for Win 7 , but have done 2 for Win 8 Laptops and no problem { Both had Product Key within Bios so activated automatically }
 



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 22 May 2015 - 05:21 AM

The Microsoft Software Recovery will only accept product keys from retail copies of Windows, not OEM ones that were installed by manufacturers. You'll need to ask them to give you one. However, if you need a clean Windows 7 64-bits .iso, you can download one from the link below.

http://getintopc.com/softwares/operating-systems/windows-7-professional-free-download-iso-32-64-bit/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:01 PM

Posted 22 May 2015 - 06:04 AM

Most OEM's (Original Equipment Manufacturer) either provide recovery disks or a recovery partition with the computer when it was purchased. These can be used for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it.

Some types of malware can infect recovery partitions and even render them unusable. If the recovery partition has become infected, you can contact the computer manufacturer, explain what happened and ask them to send full recovery disks to use instead. In many cases they will send replacement recovery disks as part of their support or charge a small fee or charge a small fee.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 22 May 2015 - 06:04 AM

Well ill probably end up using the factory image and see how that goes. Thanks for the input guys. @Aura that link you posted thats just a trial version right?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 22 May 2015 - 06:45 AM

What I posted is a "clean" .iso of Windows 7, which can be activated with a legitimate product key. That .iso offers 30 days of trials before becoming "non-genuine" if you don't enter a product key.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 rp88

rp88

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:01 PM

Posted 22 May 2015 - 12:05 PM

It is conceivable for a factory image/recovery partition, or an image of your own which is on a partition in the machine, or on a permanently connected storage device to bceom infected. It should however be impossible for a system image (factory one or self made at a later date) on a disconnected extrnal drive (an external HDD locked in a safe for exmaple) or external recovery media to be infected, as long as the image or recovry media was made before any infection arrived.


In future make sure the first thing you do after removing junkware from a new computer (and after installing a decent browser and programs you regularly use and a decent antivirus and setting the computer's setings to those you like rather than the normal defaults) is make some system images, Windows can make them with an internal tool (on windows 8 this is in control panel-->windows 7 file recovery-->make a system image, on windows 8.1 it is in control panel-->file history-->system image backup on windows 7 it is somewhere else), they can also be made with third party tools like macrium reflect. A system image lets you return a damaged system to the configuration you like with all your programs and such within just a few hours. You need to make these images on external drives (external hard drives or USB sticks (usb sticks need to call themselves "local disk"s if they are to be used for windows' internal imaging tool)) and then put those drives somewhere safe. Sytem images should be used in preference to manufacturer's recovery media where possible, they get the system back to an ideal state for the user rather than just a default one, but manufacturer's media should also be made if the possibility is available.

Edited by rp88, 22 May 2015 - 12:09 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:01 PM

Posted 22 May 2015 - 01:17 PM

...Sytem images should be used in preference to manufacturer's recovery media where possible, they get the system back to an ideal state for the user rather than just a default one, but manufacturer's media should also be made if the possibility is available.

I concur...provided as you said, the image was made before an infection. That way, after the image is restored, there is far less work to do in getting things back to the way you want/had them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 22 May 2015 - 07:48 PM

@Aura would that iso work with a win version installed by the OEM if i could get the cd key from it. Well i guess its good that there arnt/ or  alot of cases of peoples factory images being infected.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 22 May 2015 - 07:51 PM

What edition of Windows 7 to you have? Most likely Windows 7 Home Premium, is that right? 32 or 64-bits? Also, this is an .iso used to install Windows 7 Professional, 32 or 64-bits (depending on the one you choose), it'll work with the product key you use, yes (even an OEM one).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 22 May 2015 - 07:57 PM

yea its the home premium 64 bit. I like the pro one better because it also includes additional security in encrypting all the files. Was just wondering if it had issues as far as say copy a file from it and trying to open it on another computer.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 PM

Posted 23 May 2015 - 10:55 AM

Well, if you have a product key for Windows 7 Home Premium, then it won't work on Windows 7 Professional. You'll have to buy a product key for Windows 7 Professional (unless you already have one, bought one).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 rp88

rp88

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:01 PM

Posted 23 May 2015 - 03:04 PM

Quietman post #8: "I concur...provided as you said, the image was made before an infection. That way, after the image is restored, there is far less work to do in getting things back to the way you want/had them. "


Sorry for not having made that fact (system images only beng good if made before problems or infections began) clearer.

Edited by rp88, 23 May 2015 - 03:04 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:01 PM

Posted 23 May 2015 - 04:43 PM

However, in some cases even an infected system image could be used. If you were at a point where the computer became unbootable or unstable to the point of uselessness, then a restore could return stability allowing you to remove the infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 24 May 2015 - 04:19 AM

yea, lol better then nothing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users