9 replies to this topic

[SUB-S0NIX]

So I deal with a lot of family computer related issues, which I am sure most of us do too. Every now and then I have relatives with children who love to play those annoying flash games or surf porn when no bodies around. Any ways I have been trying to figure out a quick way of being able to clean up spyware/viruses without having to totally reinstall Windows and bringing everything back up to date. I have been thinking about creating some kind of windows image that I can use with all the latest updates. Some people have suggested using nLite, which seems like my best bet. I was also thinking of installing XP on a flash drive with my favorite AV and anti-spyware tools so I can clean up spyware on site by booting off a flash drive instead.

I am curious to know if anyone else has any other suggested methods? I guess most people would argue that a clean installed be the right thing to do, even though setting up account restrictions doesn't seem hinder spyware that uses browser exploits.

EDIT: Sorry about the header.

Edited by SUB-S0NIX, 27 May 2009 - 05:36 PM.

[Ohm]

I'm tasked with this as well, but thankfully people follow my advice and I don't have to do this very often. IE is outlawed and nothing is to be downloaded unless I've checked it out first. So the best way of fixing the machines is to not have them break at all.

My solution is to... well, reinstall Windows using the XP disc. Surprisingly, once you install, get the drivers installed and do SP3, you're pretty much done. If I were to combine all that on one disc, I wouldn't be saving much time.

One thing I used to do when I had to work on Windows 95/98 machines that broke down monthly is to use Norton Ghost. I had one image of Windows 98 on a drive made from the first reboot during the install. All you do then is ghost the drive, do the last portion of the install and install drivers. This was done on varied hardware though, so I couldn't do a single image with drivers already installed. If you can do that, that would be the fastest way to get the machine back up and running though.

[snapple]

Try Deep Freeze(google)..Or Norton has something similar but I don't remember the name.

[totallyAunti]

I've found the easiest thing to do is the following :

-buy a portable drive which has at least as much GB as your entire computer (you can get them for about $70).
-get a disk imaging software and create a disk image of the entire computer and save it to the portable drive (this you can get free, I use Active Disk Image and I got it from download.com).
-then if you can't rid the infection just hook up the portable drive to a usb, hit "image to disk" option in the disk imaging software you have installed and in less than 40 minutes, you're computer is restored back to normal.

Fyi, I've used it and it's saved me from having to reinstall windows, reformat, etc. By using the disk imaging software, it restores everything the way it was (using the disk image you created and store on the portable drive).

This is way better than reinstalling windows. Reinstalling windows means you have to also reinstall every program and file you had by hand, one at a time, but with the disk image software it reinstalls the entire computer in one shot, windows, all your programs, all your files, right down to your desktop background!

Btw, a disk image is a replica of the contents of the computer - everything. And using this kind of thing beats having to reinstall windows and then reinstall every blasted program and file you had one at a time.

I love this thing sooo much, I only regret I hadn't used it the whole time I owned a computer.

P.S. So far, what I've done is to be sure the drive has nothing on it before restoring it, I've used a disk erase/scub program to erase everything (that way I know the infection and any damage it did is gone- reinstalling windows does this too, right before actually putting windows back in). I don't know yet if this is even needed since I believe the disk imaging software erases everything off beforehand. Next time I have to use it, I'll not use the disk erase program 1st and just use the disk imaging and see if it has erased the entire computer before restoring it back to normal - but I think it does from what I've seen so far. If it doesn't erase 1st, then you'd have to use a program to erase the disk first. But this still beats all the reinstalling of programs one at a time.

[Seal]

Dual boot and force the kids to use Linux while daddy gets Windows?

[totallyAunti]

I've found the easiest thing to do is the following :

-buy a portable drive which has at least as much GB as your entire computer (you can get them for about $70).
-get a disk imaging software and create a disk image of the entire computer and save it to the portable drive (this you can get free, I use Active Disk Image and I got it from download.com).
-then if you can't rid the infection just hook up the portable drive to a usb, hit "image to disk" option in the disk imaging software you have installed and in less than 40 minutes, you're computer is restored back to normal.

Fyi, I've used it and it's saved me from having to reinstall windows, reformat, etc. By using the disk imaging software, it restores everything the way it was (using the disk image you created and store on the portable drive).

This is way better than reinstalling windows. Reinstalling windows means you have to also reinstall every program and file you had by hand, one at a time, but with the disk image software it reinstalls the entire computer in one shot, windows, all your programs, all your files, right down to your desktop background!

Btw, a disk image is a replica of the contents of the computer - everything. And using this kind of thing beats having to reinstall windows and then reinstall every blasted program and file you had one at a time.

I love this thing sooo much, I only regret I hadn't used it the whole time I owned a computer.

P.S. So far, what I've done is to be sure the drive has nothing on it before restoring it, I've used a disk erase/scub program to erase everything (that way I know the infection and any damage it did is gone- reinstalling windows does this too, right before actually putting windows back in). I don't know yet if this is even needed since I believe the disk imaging software erases everything off beforehand. Next time I have to use it, I'll not use the disk erase program 1st and just use the disk imaging and see if it has erased the entire computer before restoring it back to normal - but I think it does from what I've seen so far. If it doesn't erase 1st, then you'd have to use a program to erase the disk first. But this still beats all the reinstalling of programs one at a time.

I'm quoting my own post above for a reason. I have to add some things :

1. Using a disk imaging program does erase everything that was on the computer during the restoration process. I just read the userguide that came with my program. So I no longer need to erase beforehand - all I have to do if infected is restore the saved disk image I have and any infection will be erased automatically.
2. The program I use isn't free. I forgot I paid $39 for it. Though there are free ones if one looks.

Now, I must advocate something new (at least, I think it's new). The best way to rid any infection, a 100% gaurenteed way to be sure it's gone on the first removal attempt, is to use a program like mine to restore the saved disk image - cause in 40 minutes flat all infections are erased - that's 100% of the time - plus any damage to the computer is erased as well and the entire computer is restored like it was. Because of this result this type of program produces, I see zero reason to continue along the "tried and true path" everyone else is using, where you find an infection 1st with scanning for it, then remove it, then rescan a few times to be sure you got it all - which doesn't always get it and sometimes results in reformatting. So, I've decided to stop dealing with any infections that way ever again - if I get infected, I'll simply use my program to restore the entire computer in 40 minutes - because this route produces much better results as follows :

-100% of infections are removed, everytime, on the first attempt.
-any damage from the infection is removed and computer is restored the way it was
-saves tons of time scanning, removing, and rescanning to be sure it's all out
-saves time trying to get out stubborn infections that no anti virus/anti spyware program is able to remove
-saves time trying to get out bad infections that keep reproducing themselves.

It's seems to me that with all these benefits I've listed above, I'd have to be crazy to keep using the old way which everyone else is using. So in that case, if anyone asks including you, I advocate dropping the old method of scanning and hoping to remove it with antivirus and antispyware programs - just use a disk imaging program and when the time comes you're infected, simply restore that saved disk image and the problem is gaurenteed to be solved within 40 minutes.

Can't beat disk imaging programs for saving the day. Thank gawd I have it is all I can say.

Btw, after reading the userguide that came with this disk imaging program, I found out that's one of the reasons the program was invented so clearly my idea is not a unique one since they thought of it first. And I agree with the people who make these programs, they're the best route to go to save yourself many headaches.

[totallyAunti]

I'm tasked with this as well, but thankfully people follow my advice and I don't have to do this very often. IE is outlawed and nothing is to be downloaded unless I've checked it out first. So the best way of fixing the machines is to not have them break at all.

My solution is to... well, reinstall Windows using the XP disc. Surprisingly, once you install, get the drivers installed and do SP3, you're pretty much done. If I were to combine all that on one disc, I wouldn't be saving much time.

One thing I used to do when I had to work on Windows 95/98 machines that broke down monthly is to use Norton Ghost. I had one image of Windows 98 on a drive made from the first reboot during the install. All you do then is ghost the drive, do the last portion of the install and install drivers. This was done on varied hardware though, so I couldn't do a single image with drivers already installed. If you can do that, that would be the fastest way to get the machine back up and running though.

Restoring the entire PC with a disk image made by a disk imaging program solves the need for all that. It'll even restore it with all the drives and updates you had intact. When I said it restores the PC to the way it was, I meant everything is back to normal and that means everything. No need to reinstall programs, do updates again, reinstall drives and service packs... all that's already in your saved disk image you'd restore. Using programs like this, you're just 3 clicks away from being done with it - cool.

In fact, rescue disks are now no longer needed with these types of programs around. Hooray for a lot less work!

[totallyAunti]

Try Deep Freeze(google)..Or Norton has something similar but I don't remember the name.

Microsoft has a free version of something like Deep Freeze called Windows Steady State.

Fyi.

[SUB-S0NIX]

I'm tasked with this as well, but thankfully people follow my advice and I don't have to do this very often. IE is outlawed and nothing is to be downloaded unless I've checked it out first. So the best way of fixing the machines is to not have them break at all.

My solution is to... well, reinstall Windows using the XP disc. Surprisingly, once you install, get the drivers installed and do SP3, you're pretty much done. If I were to combine all that on one disc, I wouldn't be saving much time.

One thing I used to do when I had to work on Windows 95/98 machines that broke down monthly is to use Norton Ghost. I had one image of Windows 98 on a drive made from the first reboot during the install. All you do then is ghost the drive, do the last portion of the install and install drivers. This was done on varied hardware though, so I couldn't do a single image with drivers already installed. If you can do that, that would be the fastest way to get the machine back up and running though.

Restoring the entire PC with a disk image made by a disk imaging program solves the need for all that. It'll even restore it with all the drives and updates you had intact. When I said it restores the PC to the way it was, I meant everything is back to normal and that means everything. No need to reinstall programs, do updates again, reinstall drives and service packs... all that's already in your saved disk image you'd restore. Using programs like this, you're just 3 clicks away from being done with it - cool.

In fact, rescue disks are now no longer needed with these types of programs around. Hooray for a lot less work!

What software suite are you using? From what I have read, most imaging software will not refresh the MBR. But using a the Recovery option on a Windows disc is a simple task.

I ended up figuring out that making an image is the best way to go, and saves a SHITLOAD of time. I stumbled upon Acronis. It has the option to create a hidden partition on a HD and create a bootable backup. If something goes wrong all one has to do is press F11 during backup and start the recovery process, it kicks ass basically. I'm not to worried about failing HD's, because by then they would be no need to install a fresh OS.

To save me time in the future I cloned a fresh install and saved it on a external HD like you mentioned, incase I ever need to refresh another relatives system that doesn't have the Acronis software already installed. The only problem I might run into is if said relative is running anything other than Xp Pro, I wont be able to reactivate their installation if I recover from a backup image

Also, if anyone else is ever tasked with having to do such dirty work, REMEMBER to BACKUP ALL DRIVERS! By the way does any one know of a source where I can download a shitlist of drivers to save on a external HD? Unfortunately HP's website does not offer all the drivers needed to do a fresh install. I remember surfing into a site that had gigs of down loadable drivers that could be used with nLite....

Edited by SUB-S0NIX, 08 June 2009 - 03:36 AM.

[totallyAunti]

I'm tasked with this as well, but thankfully people follow my advice and I don't have to do this very often. IE is outlawed and nothing is to be downloaded unless I've checked it out first. So the best way of fixing the machines is to not have them break at all.

My solution is to... well, reinstall Windows using the XP disc. Surprisingly, once you install, get the drivers installed and do SP3, you're pretty much done. If I were to combine all that on one disc, I wouldn't be saving much time.

One thing I used to do when I had to work on Windows 95/98 machines that broke down monthly is to use Norton Ghost. I had one image of Windows 98 on a drive made from the first reboot during the install. All you do then is ghost the drive, do the last portion of the install and install drivers. This was done on varied hardware though, so I couldn't do a single image with drivers already installed. If you can do that, that would be the fastest way to get the machine back up and running though.

Restoring the entire PC with a disk image made by a disk imaging program solves the need for all that. It'll even restore it with all the drives and updates you had intact. When I said it restores the PC to the way it was, I meant everything is back to normal and that means everything. No need to reinstall programs, do updates again, reinstall drives and service packs... all that's already in your saved disk image you'd restore. Using programs like this, you're just 3 clicks away from being done with it - cool.

In fact, rescue disks are now no longer needed with these types of programs around. Hooray for a lot less work!

What software suite are you using? From what I have read, most imaging software will not refresh the MBR. But using a the Recovery option on a Windows disc is a simple task.

I use a program called :
Active@ Disk Image

I paid $39 for it and love it.

According to my user guide, all I have to do is to use the boot disk I created of the program and boot with that and it'll bring up the program (which it did when I tested it). Then when I pull up Active@ Disk Image, I simply hit "image to disk" and it's done..MBR and all.

I only used this program once before and didn't bother to read the user guide so I didn't know this was th best way to do it, so instead like some dummy I 1st erased the entire hard drive with a disk erase program then I used the sysem recocvery to reinstall Windows Vista (now the looks in my direction for being a dolt are peering into my skull... ) and then finally I used the disk imaging program and had everything restored in no time. Then afterwards I figured out I didn't need to do all that, so I finally read the damn user guide and found out the above thing I should've done. What a dolt I am, I know, for not reading the user guide and doing it the hard way....haha.

Here's what my user guide says on the MBR :

Restoring MBR and track 0 --
When you create an image of a disk or a partition, the first track of each
disk containing a MBR in sector 0 is stored in the backup. Normally track
0 is filled with zeros except the first track which contains MBR (Master
Boot Record) code and a partition table. The MBR code is necessary to
boot a system from the disk and must be present on the disk containing
an active partition. When a new disk is added to the system Windows
must initialize it before use (you can do it in Disk Manager). During disk
initialization a typical MBR is written to the first sector. Alternatively you
may simply restore a partition to the new disk and Active@ Disk Image
will also initialize it, so you should have no problems with booting from
that disk.

However, if you use a non-standard boot manager it might use a
proprietary MBR code and extra code or data in sector 1 and below. If
you make a backup of such a disk and later restore it as a whole disk, the
whole first track (normally 63 sectors) will be restored automatically, so
the alternative boot manager data will be restored. If you, however,
decide to restore only a single partition to another (perhaps clean) disk,
this proprietary MBR and data will be left behind. You have an option to
restore the disk header (MBR and track 0) as a separate item when you
are restoring that partition.
When restoring a disk header (MBR and track 0), only sectors belonging
to the first track are overwritten. The partition table on the target disk is
also preserved, so it is safe to restore a disk header to the disk containing
data and you can do it even after restoring a partition.

NOTE If you are restoring a disk that has only one partition, keep in mind that
the process of restoring a disk is different from the process of restoring
a partition. If you select the partition in the image, you will proceed with
partition recovery. If you select the disk, you will proceed with disk
recovery.

Sounds to me like my program will handle the MBR fine.