Other things to do after with a Virus attack

Not sure exactly what your questions are!

IMG files or as in Norton's GHO files, are safe from viruses because viruses attack programs. Thisis why you never see a jpeg with a virus or a txt file that gets infected. However, the image maker program can get infected, ghost.exe etc etc.

It's also wise to keep backup drive images on a CD. (I keep my images on a separate partition and CD's.

What are you asking BB?

 

BB

You are correct that if a virus existed undetected before an IMG was made, then the IMG will have a complete copy of the virus included in it.

(FYI, an IMG and GHO are identical, the only difference is the extension. Ghost can create a drive image and save it as GHO or IMG.)

And yes, ithe Restore points can get corrupted by an anti-virus program if the program detects a virus in the Restore Point files. That is why it is always best to then manually create Restore Points or drive images after thorough cleaning is done.

In 98 systems, Scanreg is not always a 100% method of safety or restoring. For instance, a virus 'could exist' on a 98 box. And IF the virus has not yet executed, restoring the registry will not stop the virus.

On the same 98 box, if the virus has executed, and made changes to the registry, using scanreg/restore can [put back a clean registry, but if the virus executable still exists on the drive, it can then still become activated and do damage. (many such viri will activate on certain times or dates)

When I image a drive or partition I do the following:

1. Ensure no viruses exist.
2. Delete files or entire folders of Recycle bin, Temp, TIF, Cookies,History.
3. Backup email box (Calypso or Courier) to other drive or partition or zip or CD.
4. Ensure any other backups that may be needed ar done.
5. Then I image the drive or partition.
6. If this IMG will be used on a boot CD, I then put the IMG on a CD and leave the CD open so I can add the boot files or above backups to it.

You are 100% right about imaging a drive with a virus on it. It is a useless backup and will cause further problems if the IMG is ever used.

NAV and other apps can detect and repair viruses contained in an IMG, however, there is no guarantee that the 'repaired IMG' is now good and usable, even if the imaging program says the image integrity is OK. I would NEVER use an IMG that had been 'repaired'. That's a scary thought and a risk I would not want to take!!

 

Symantec covers the above: (may be mentioned at other vendor sites too but I never looked)

NAV and System Restore

 

A friend of mine had problems with his computer and asked me (of all persons available!?) for help.
It was a virus (don´t remember which) and I cleaned it out but he didn´t have the time to say thanks before it was back.
It actually launched itself from within the System Restore folder which was among the exceptions for scanning in the Anti Virus software he uses.
I disabled System Restore to clear all restore points and reactivated. Of course, I also enabled virus scanning of the SR folder. Finally I cleaned it out once again and it never came back.

No BillyBob, I won´t disclose which AV software he uses ...... ...... won´t get You started again!

Christer

 

Exactly why I UNBIND TCP from File & Print Sharing as well as the MS Client. And then I use NetBeui instead. AFAIK, a virus cannot infect another machine on a LAN via NetBeui, all on it's own. But if users access other machines on the LAN and move, write to files, then yes, the virus can travel in an infected file that the user unknowingly transfers.

An aside:

BillyBob has been known to stick a virus in a golf ball and chip over to other machines on his LAN. However, this has only ever happened when he had a bad lie such as in the rough behind a tree or in a bunker without a wefge. This may or may not be true, but I have heard his wife accuse him of this when she was 7 strokes behind once!

 

BB

Check Events and what they mean here:

www.eventid.net

 

Correction to above URL:

http://www.eventid.net/search.asp