Jump to content


Photo

Preventing Reinfection from Backups


  • Please log in to reply
4 replies to this topic

#1 solibytes

solibytes

    Member

  • Helper Trainee (A)
  • Pip
  • 61 posts

Posted 27 November 2008 - 06:34 AM

If a system has been 'declared' clean, and the 'victim' opens files eg photos or documents from a backed up system, eg hard disk or CD/DVD, will there be a risk of reinfection? :scratchhead:

If so, how can we prevent the reinfection? :gasp:

Cheers
And there it was - gone!

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,526 posts

Posted 27 November 2008 - 08:07 AM

Yes, there is a risk... Backup files, particularly if they were created or accessed during a time when the computer is infected, need to be thoroughly scanned to make sure that they are not infected... Backing up to a CD is generally safer because it is static compared to a hard drive and that makes it less likely that the infection will migrate by stealth, but it doesn't protect against the infection being hidden in the files... If the infection is severe, it is extremely important to scan the backups with an updated antivirus and anti-spyware tool... If the infection is a rootkit, it is generally not possible to be certain it is gone and it may not be detected unless it is targeted in the backups...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 27 November 2008 - 08:27 AM

Part of that prevention is having them create a new Restore Point, and then clean all the old ones with Disc Cleanup (although scanners may have already cleaned any infected files in the Restore points and in the process broken the Restore point). While there may be something archived off-line, most people requesting assistance are doing so because they don't have a backup to go back to, or if they do, it was so old as to be useless. I can restore my primary drive from a backup image in under 10 minutes. Most people don't have that option, because they never looked at the necessity of a backup program (and how to properly use it) until it was too late. Probably the biggest risk is infected flash drives with how common they are these days, and how little understanding there is of how easily they can spread an infection.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 solibytes

solibytes

    Member

  • Helper Trainee (A)
  • Pip
  • 61 posts

Posted 29 November 2008 - 03:49 AM

Many thanks once again for the replies. As Budfred states,

If the infection is severe, it is extremely important to scan the backups with an updated antivirus and anti-spyware tool...

:huh:



....most people requesting assistance are doing so because they don't have a backup to go back to, or if they do, it was so old as to be useless...

How true!!


...Probably the biggest risk is infected flash drives with how common they are these days, and how little understanding there is of how easily they can spread an infection...


People seem to be oblivious of the potential problem of flash USBs. I am not sure if I am paranoid, (just because I'm paranoid it doesn't mean that they are out to get me :rofl: ) but I recently attended a course hosted by the local town hall. During this course I politly declined the facility of downloading my working files to one of my USBs. I was concerned that, even with the different spyware and antivirus programs running I ran the risk of being infected. No one else appeared to share my concerns. :thumbsdown:
And there it was - gone!

#5 PP3P

PP3P

    Advanced Member

  • Full Member
  • PipPipPip
  • 156 posts

Posted 21 December 2008 - 01:23 PM

Ironically I was assisting on a thread on another site where all APPEARED 'clean' after the usual scans had been run..


only to get a report back that the computer was again infected, as the owner had reloaded files saved as soon as the infection had manifested itself onto another Drive, but that had NOT been pre-checked for infections before reloading them :techsupport:




Member of UNITE
Support SpywareInfo Forum - click the button