Best Way to PROTECT new WINDOWS INSTALL from future viruses and issues??

DarkFudge2000

Senior member
Dec 11, 2000
442
0
0
FOlks, this is the 2nd time I have had to reformat and reinstall Windows XP due to ugly backdore trojans, malware and viruses that Spybot, Adware, Malwarebyte, SmitFraudFix, Kaspersky, ect just could not permantly delete. (It would remove then reinstall and respawn more infected files after the Safeboot reboots)

So my question is....knowing that these malicious OS infecting viruses are out there and pretty much inevitable at times, what is the BEST way to take preventive measures rather than having to REACT after its too late.

Is there a way that I can back up or take snapshots of my system incrementally right before Im about to download a questionable file or goto an unknown website?

Or are there other tips or methods you can recommend that can simply allow me to quickly go back to a certain healthy state in my system immediately after i detect something malicious....and if I can, will it remove the malicious code

I am just trying to ultimately avoid having to completely reformat, reinstall all my drivers and apps everytime I get one of these pesky malicious infections


thanks...I'd love to your what methods you guys do to help
 

glugglug

Diamond Member
Jun 9, 2002
5,340
1
81
Method #1:
[*] The first application you install should be an alternate browser instead of IE ( I recommed Chrome or Firefox)
[*] If you are going to run .exes that you get from a warez site (or worse, .exes that claim to be porn videos, or claim to be special codecs or DRM for said porn videos), at least try it on a VIRTUAL machine first!!
[*] Stop running exes from e-mail attachments!
[*] In explorer: Tools->Folder Options->View Tab, uncheck "hide extensions for known file types"
Method 2:
Remove network cable.
 

Lunyone

Senior member
Oct 8, 2007
482
0
71
The first line of defense is to NOT go to questionable websites. If your going to file sharing websites, than you subjecting your system to possible attack. I'm not saying that file sharing sites are all bad, but I'd say that there will always be a small percentage that have viruses/trojans on their sites. Even if you have the best software to detect/remove viruses/trojans you will still get them when downloading from unknown places. This is the nature of the beast when you start roaming in sketchy websites, not that I'm saying that is where your going, but it's something to think about.
 

brblx

Diamond Member
Mar 23, 2009
5,499
2
0
i would say non-IE browser plus common sense gets 99% of it. even with 'questionable' surfing, files have to be put on your machine to do any real damage, and i've never known firefox to allow that. at worst, you get 'malicious' cookies. still randomly crashes in fits like a microsoft program, though.
 

DarkFudge2000

Senior member
Dec 11, 2000
442
0
0
Thanks guys for the suggestions...let me ask you this

I just freshly installed a new WIN XP SP3 on my PC and just completed all the necessery driver updates for my PC. Before I start re installing apps that Im not even certain may have had some of these malicious backdoor trojans and viruses embedded in them, is there an option in XP that will allow me to take a SNAPSHOT of my system the way it is right now and allow me to ROLL BACK to this very point if I get into trouble and want to revert back to this fresh point rather than doing a complete reinstall and format?

And if so, will it remove the malicious software as well if I Restore or Roll Back?

thanks

How would I do this?
 

theAnimal

Diamond Member
Mar 18, 2003
3,828
23
76
Originally posted by: DarkFudge2000
Before I start re installing apps that Im not even certain may have had some of these malicious backdoor trojans and viruses embedded in them

What apps are you installing? There is plenty of free software available that is virus-free.
 

Skyzoomer

Senior member
Sep 27, 2007
385
14
81
Originally posted by: DarkFudge2000
Thanks guys for the suggestions...let me ask you this

I just freshly installed a new WIN XP SP3 on my PC and just completed all the necessery driver updates for my PC. Before I start re-installing apps that Im not even certain may have had some of these malicious backdoor trojans and viruses embedded in them, is there an option in XP that will allow me to take a SNAPSHOT of my system the way it is right now and allow me to ROLL BACK to this very point if I get into trouble and want to revert back to this fresh point rather than doing a complete reinstall and format?

And if so, will it remove the malicious software as well if I Restore or Roll Back?

thanks

How would I do this?
I'm posting this in case my perception of how to do what you want is wrong and the "gurus" here will point out the flaws in my procedure.

Since you're primarily concerned with saving a pristine copy of your "system" so you don't have to do the long WinXP install with all the drivers and MS upgrades, I'll just refer to the system save and restore.

The only way I know to "roll your system back to this very point" if you get infected, is to do a backup of your system partition using a 3rd party backup software to an "external hard drive" or if you're into torture, to DVDs. Then disconnect that external drive from your computer to prevent it from getting infected. Acronis True Image is supposed to have an "Acronis secure zone" which is written in a different format to prevent infection if backing up to a hard drive that is always attached to the computer.

Then if your system gets infected, do a long (not quick) format on the entire hard drive before you do the backup restore. You would obviously need to have software on a CD that can do the long format in NTFS since your system drive would be kaput at this point. (The WinXP install CD can do a long format of the entire drive.) Then restore the system partition on your computer's hard drive from the external drive using the 3rd party backup program's rescue disk.

All other hard drives (data) should obviously be disinfected before running or accessing anything on them. I think you could do this from your new clean system drive that has a good, updated antivirus program. I also think that this would have to be done at least 3-4 weeks later to give the antivirus company time to discover the new virus that infected your computer in the first place and then provide detection and removal in the latest update. In the meantime, just get by with new data files that you create after the system restore.

I've heard that low level format of the hard drive can be necessary to get rid of sophisticated viruses but I've never had to do a low level format to get rid of an infection.

Sky
 

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
If you want to surf "Dark" or "Fudgey" sites, get some virtual machine software and let it infect your VM guest OS. If you use linux + firefox for the guest the malware probably will fail to run.

Also don't download and run yarrMateyware, some of it is after ye booty.

Another approach is Acronis True Image to backup Windows every so often, either to a second partition or external HD.
 

FallenHero

Diamond Member
Jan 2, 2006
5,659
0
0
DO NOT OPERATE UNDER AN ADMIN ACCOUNT! I think that is one of the best things that has been said around here.
 

Itchrelief

Golden Member
Dec 20, 2005
1,398
0
71
Originally posted by: FallenHero
DO NOT OPERATE UNDER AN ADMIN ACCOUNT! I think that is one of the best things that has been said around here.

I hope he is running XP Pro, because trying to use a limited user account in XP Home for anything more than an internet kiosk type machine is worse than having to watch a Rose O'Donne striptease with your eyelids taped open.
 

Blain

Lifer
Oct 9, 1999
23,643
3
81
* Malware can also infect Windows restore points, making a roll back pointless.
Use a third party application like RollBack Rx or similar product.
* With a 32-bit OS, always surf in Sandboxie.
* Delete "FWD" messages in email.
 

bruceb

Diamond Member
Aug 20, 2004
8,874
111
106
If a virus keeps coming back, then you probably skipped a step in removing it.
1): Boot into Safe Mode
2): Delete ALL Temp Files
3): Disable System Restore
4): Let the AV programs do what they need to do. This usually does the job.
Remember, some problems, can not be fixed if the scan is not done in safe mode.
 

DarkFudge2000

Senior member
Dec 11, 2000
442
0
0
Bruce...I dont think your statement is correct that the AV programs usually clean these problems....I think they work for the basics. But for the more serious malware, backdoor trojans, I have found that none of these virus programs completely clean them permentantly. They always say after reboot but then they spawn all over again

However, the one thing I did not realize in my cleaning process was the DISABLING of System Restore when running the cleaning in Safe Boot. I will have to try that the next time and see if that makes a difference the next time I recieve one of these Uglies!

How can I check to see if my profile that Im currently using is an Admin or a regular user account? When I set it up initially, WIndows asked me to create up to 5 names for profiles. One of them is the one I am on right now. So how can I confirm if it is Admin or not...and what benefit would I have if a virus corrupted this account if its not the admin account?...Will I be safe?
 

mc866

Golden Member
Dec 15, 2005
1,410
0
0
I think most of the main ones have been mentioned but here are a few I use, but mostly use common sense.

Make sure you use a limited user account especially in XP

I really like Acronis True Image, I have it set to run overnight and make snapshot images of my pc. I have it run daily and also once weekly and I store these images on a separate drive so I always have a backup image in case anything goes wrong. You can then restore this image any time you need. There are other free backup options out there but I've had good luck with Acronis and it has saved me on various occasions.

Use a browser other than IE

Run VirtualBox or VMWare for a virtual OS if you must visit questionable websites. That way you don't expose your system to any of the bugs you may pick up.
 

trexpesto

Golden Member
Jun 3, 2004
1,237
0
0
This used to be my preventative, but the virtual OS sounds real intyresting:


Fully prepare machine before connecting to network - that means having clean drivers, service packs, anti-virus, firefox, etc. on disk if necessary. Driver downloads were often used as bait for malsites.
Use a NAT router
Then Ghost or other disk image software.
Don't let the kids use it.

 

Itchrelief

Golden Member
Dec 20, 2005
1,398
0
71
Originally posted by: DarkFudge2000
Bruce...I dont think your statement is correct that the AV programs usually clean these problems....I think they work for the basics. But for the more serious malware, backdoor trojans, I have found that none of these virus programs completely clean them permentantly. They always say after reboot but then they spawn all over again

However, the one thing I did not realize in my cleaning process was the DISABLING of System Restore when running the cleaning in Safe Boot. I will have to try that the next time and see if that makes a difference the next time I recieve one of these Uglies!

How can I check to see if my profile that Im currently using is an Admin or a regular user account? When I set it up initially, WIndows asked me to create up to 5 names for profiles. One of them is the one I am on right now. So how can I confirm if it is Admin or not...and what benefit would I have if a virus corrupted this account if its not the admin account?...Will I be safe?

Don't take my word as gospel, but maybe go to control panels > Users (or something like that) and and look around. Maybe click the option to change your account type, and try to change it to administrator. If it says you don't have permission, you're limited. If it doesn't bitch & moan, or indicates you're already administrator, then you are admin.

Generally, if you're a limited user on XP Home, YOU KNOW IT, because if you try to do almost anything, the OS bitches at you and you have little recourse except to either log in as admin or change your account to admin, as "Run as administrator" fails half the time (or does what you want but only for the admin account you logged in as, and your limited user account still can't access what you wanted installed or changed).
 

DarkFudge2000

Senior member
Dec 11, 2000
442
0
0
Ok folks...I got Acronis True Image 11 ( btw what's the difference between version 11 and True Image Home 2009?...what does the 2009 version add?)


In True Image 11, there is an option to Clone Drive, there is an option to Back Up and Restore, and another interesting option is Try & Decide

of these 3 options what would you recommend to use?....Im not really sure I understand the main difference between the Back Up and Restore and the Clone Drive feature. Arent they pretty much doing the same things? Is one more complete than the other?

Sorry if these are stupid obvious questions
 

NetGuySC

Golden Member
Nov 19, 1999
1,643
4
81
Here is a site built by anandtechs resident computer security guru..... mechBgon


Do a search for mechBgon here at anandtech. you can learn allot from his posts and his website.

http://www.mechbgon.com/build/security2.html

If you take his advice your computer will be much better off.

IMHO, if it is possible for you to ditch XP and go with Vista then do so. Vista makes it much easier to use a limited account and overall it is much more secure.

 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
Originally posted by: DarkFudge2000
Ok folks...I got Acronis True Image 11 ( btw what's the difference between version 11 and True Image Home 2009?...what does the 2009 version add?)


In True Image 11, there is an option to Clone Drive, there is an option to Back Up and Restore, and another interesting option is Try & Decide

of these 3 options what would you recommend to use?....Im not really sure I understand the main difference between the Back Up and Restore and the Clone Drive feature. Arent they pretty much doing the same things? Is one more complete than the other?

Sorry if these are stupid obvious questions

Very good choice
(as oppose to some of the childish suggestions made in the thread course).

Backup and restore is what you use.

Make a full backup of the Installation to an External Drive, or NAS Box or Server computer.

I.e. The backup should reside separately from the main computer.

On an Average to Fast capable System, backing up a Drive with 30GB of info takes about 10 - 15 Min.

The resultant file at the default compression is about 40% smaller. With a .tib extension.

After the initial backup run the validation option to make sure that the back is Not corrupted.

There after you can do incremental backups.
If needed the backup can be mounted as a Virtual Drive to extract individual files.

At the moment there is No real reason to use the TrueImage 2009 version.

However I do not know if this would be the case when Windows 7 goes RTM.

I would Not worry about it since with the passage of time Acronis probably would offer upgrades for about $20.

TrueImage can be use from within the Drive, and you can also burn a CD that would allow restoring the Drive even if it is trashed.

Booting from the CD would recognize the external backup source (works very well through Network).

 

DarkFudge2000

Senior member
Dec 11, 2000
442
0
0
Pardon my ignorance on this, but let me ask you this....when dealing with malware, viruses, trojans and backdoor stuff, arent all these programs just modifying/replacing system files to do their dirty work?.....So in essence, wouldnt it be safe to assume that just doing a Back Up of a System State 9 which seems to use the least space and backs up the quickest) really the way to go if I dont want to do a complete Backup and Restore of my entire drive?


Also, can I just do the backup and restore to my 2nd internal drive?....or is that a no no?

Finally, lets say i get a nasty virus that doesnt allow me to properly boot....how do I now launch this .TIB restore file?

thanks and again sorry if this is obvious stuff
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
If a Virus infects the lower level of an HD it is real trouble, and if cannot be dealt with sometime it necessary to get rid of such drive.

Full backup via TrueImage Backups the Drives one step above low level formatting.

I.e. TrueImage restore you original Drive into any Drive that is large enough to contain the data even if the Drive is Not Formatted or portioned with anything.

If a Drive has something on the first step is "erasing" everything on it and restore the partion bellow the Boot and Up.

You can buy 100 drives and use the same tib file and you would get 100 drives with exact copy of your system.

The original drive would even be activated, the others (depending on your OS) might need an activation.

Backing up any drive on the system whether it is a Boot drive or a Data Drive is the same to the TrueImage program, it detects all the drives and you can choose whatever you like.

P.S. Believe it or not there is a Manual of the program that if read can explain all of these things too. ;)
 

bruceb

Diamond Member
Aug 20, 2004
8,874
111
106
Yes, you can back up to a second internal drive. That is what I do. As long as you are not on the same drive as the OS you are fine.
Just be careful when or if you need to restore an image that you select the correct target drive to restore the image to.
 

mc866

Golden Member
Dec 15, 2005
1,410
0
0
Finally, lets say i get a nasty virus that doesnt allow me to properly boot....how do I now launch this .TIB restore file?

Like Jack said, you can create a boot CD/DVD that you would boot your system to if you were unable to get to windows. Once you boot to the disc it gives you the option navigate to the system drive where the .tib image file is and restore it from there.

Along with the boot CD you can also create a bootable USB drive if you like, which is also a good option to have on hand just in case.