Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will temp install of new hdd/OS change config/shadow copies of old hdd/OS?


  • This topic is locked This topic is locked
1 reply to this topic

#1 nick546

nick546

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 09 September 2015 - 06:57 PM

Hello,

 

I hope whoever is reading this is doing well. I'll try to be brief, but I want to be sure to include all of the important details. Forgive me if I use incorrect terminology. I have posted this to both the XP Forum and the Howdecrypt topic in General Security as I was not sure which was more suitable. If crossposting is not allowed, please let me know and I'll correct it.

 

I have an XP desktop machine that has sat dormant for about 8 months. It has four drives in it; An OS drive with XP Home (I think it's Home) and three data drives. I cranked it up and XP booted and recognized two of the data drives. One of the data drives gives me a "this drive needs to be formatted" error. I have a plan for trying to fix that drive and access those important files and I have removed that drive from the system. Otherwise, it booted, but things look different than the last time it was running. I have reason to believe that someone was looking for something on it and possibly used system restore. I'm afraid that this may have introduced a problem. 

 

This system was previously a victim of the "how to decrypt" virus. I worked with Emsisoft, but ultimately had to pay the ransom. After that, I was able to decrypt all of my files except for several very large multi gig files including an irresponsibly large Outlook archive file. So, I shut it down 8 months ago to postpone working with those large files and to postpone the post decryption cleanup of the machine. I had successfully decrypted the majority of the data and removed the essential data, but other priorities called and I had not yet cleaned the system.

 

Once I booted the system recently, there were some strange things happening that make me think that a secondary ransomware had been triggered, so I shut down quickly. What I would like to do now is remove all of these drives, take note of the SATA connection location/number of each drive (which may be unnecessary), install a new SSD drive and install Windows 10 on the new drive. However, once I am organized in a week or so, I would like to remove the new SSD drive and physically reinstall into the machine the old C drive and possibly the data drives (I will be careful with this to avoid further infection) and explore the shadow copies (if I have any,) the registry, etc. to determine what damage there is.

 

So, my question is basically: Will removing the current configuration of drives and installing Windows 10 on a new SSD drive cause any change to the shadow copies located on the current C drive (and possibly the data drives) and/or cause any other potential problem with any of the drives regarding data access/recovery in the future. Will I be able to reinstall the current C drive back into the machine as the OS/boot drive in the near future to explore the damage to that system and expect that it will look and behave exactly as before it was removed, as if it had not been removed at all. I will, of course, remove the new Windows 10 SSD  before using any of the old system.

 

I hope I've not been too confusing or used too much incorrect terminology.

 

Thank you,

 

George



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,390 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:21 AM

Posted 10 September 2015 - 05:22 AM

Topic posted in Gen Security has valid response...to avoid confusion, this topic is now closed.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users