Headstone

My son wanders around the internet on various sites trying to get live sport. Leastways he says these are the only dodgy sites he goes on. Anyway he has the latest paid for AVG and Malwarebytes anti-malware installed on his machine. The other day he turned on his computer and saw an alert from AVG stating they had detected 2 Trojan Drop In which had the highest danger rating and one partly opened Exi file. It said they had been isolated and quarantined. On switch on the next day it detected 2 others and again had isolated and quarantined. He has since done 3 complete computer scans with AVG and nothing detected. Is it now safe or should he have the computer professionally looked at in case there are any more nasties lingering in his system? I believe these drop ins allow someone to remotely access your machine and so are quite dangerous.

mixture

The only way to be sure nasties are gone is to reformat your system and reinstall the operating system, then restore files from the backups you're diligently doing as you should.

Anything else and you're basically just burying your head in the sand and hoping you've found everything.

There's no way I'd do my online banking on a previously infected computer unless it had been wiped and reformatted.

Prevention is the best cure when it comes to computer viruses, its not exactly difficult to avoid infection .... unfortunately most users are lazy and click on stuff etc. without considering the repercussions.

jcbmack

Mixture is correct on all points, however, I would add that Malwarebytes, although a light anti-malware program compared to AVG is more reliable. I would replace AVG with VIPRE, for better early detection/website blocking, and also because I personally use it alongside Malwarebytes and I have seen it on many other computers as more effective than AVG.

Bushfiva

VIPRE generates way too many false positives. Plus, these guys don't like to pay for stuff.

crewmeal

In my experience and even though you might have reformatted your PC check the files you are putting back are free from virus's, malware etc. Quite often files that are saved elsewhere can also infected.

mixture

That wording needs a little tweaking.

My definition of restore from backup is that of restoring your personal files.

I do not believe in the restoration of software or operating system components from backups.

Thus, the restoration of an infected file, whilst evidently not a good thing, is also fairly harmless because the virus is not active at that stage.

One would also hope that you take the wipe/restore opportunity to :
(a) strengthen your virus defences before restoring
(b) update and patch your system fully before restoring
(c) perhaps take the opportunity to have a spring clean and not restore unnecessary files or directories.
(d) run a virus scan on restored files and directories

Guest 112233

Mixture (and other expert support/experienced users)

The terms Backup and restore historically, have an explicit meaning for many people.

I'm talking about the capturing (very nearly) of a total snapshot of a system; (perhaps covering a number of both logical,physical and remote mapped drives) at a time and restoration being the explicit reverse of the backup process.

I'm allowing for the "Backup" in this sense, covering the situation of System on"C" and the installed applications on another partition(s)

Provided that users (like me) keep an archive; using the three copy principle on a regular basis depending on scale of use - with a rigorous schedule of Anti malware and anti virus checks (preferably automated), together with regular copies of your working data on USB sticks or other writable media is practical.

Where is the problem ? (No offence by the way) - with system restores. with after restore checks and updates etc and re incorporation of the working data back onto the system for small scale users.

Of course, full scale system re builds from scratch using original media (if available) is an safer option - but possibly a last resort.

If the offending infection has ensconced its self in the Boot Sys including the New UEFI ? Has that been compromised ? - surely post restore checks will reveal its presence and a full scale Sys re build is the only option.

Think of the problems of re installing Cards, Printer(s) and "Old" but functioning kit. Think of the No of applications that accrue to woring systems (CAT III a Bad offender here - all very useful at the time)

The bad guys do not play fair; I suspect that in some cases you might need to contact your ISP to get your internet facing internet address changed - and also changing E-Mail accounts deleted etc.

I propose that for many simpler users, a traditional "Restore" is a practical option if made regularly.

Correct me if I'm taking your "Restore" to mean a replication of the data back to the new system, keeping the data structures in place.

Copy may not be the right word, think of the days of PKZIP - I used this in action for years (without probs) and associated copies if the [edit: Un-zipped] files made systematically at the same time.

CAT III

mixture

The predominant "problem" with restoring from snapshot backups (or indeed, even worse, attempting to use the built-in Windows Restore functionality !) is as has been mentioned by crewmeal above .... how do you know when your last known good clean snapshot backup was ?

The secondary issue I have with them is the waste of space... you're wasting gigabytes of disk space backing up software .... that means you have to over provision your capacity.... which, if you're backing up to multiple robust devices, as you should .... equals $$$.

Don't get me wrong, configured correctly, in the right circumstances I like snapshot backups... for example I use Apple TimeMachine for example... but I have it configured to exclude Applications and System Files.

The whole point of backups is to keep safe stuff you cannot recover by other means. Software and operating systems can easily be recovered (even if its a slight pain to dig through your emails for license codes ... but because you'd have backed up your emails, that's not much of an issue either).

For most people, starting afresh with a clean install after having used a computer for a few years is going to be no bad thing.... they accumulate garbage over the years and that has a tendency to cause slow downs depending how many services are running in the background. Even more so if you're dealing with a family computer used by kids !

On the other hand, I can't complain too much... since you're actually making the effort to do regular backups ! Just don't forget to do a test restore once in a while !

Guest 112233

Thank you for the reply:

I'm literally an in-betweenie: as is all too well known to Ppruner's, the phrase hoisted by my own petard comes to mind.

Grumpy reply: the landscape has changed - its the sheer complexity of restoring the original software environment that's the problem.

We no longer have the "structured back path" of old -"Still could not find the last 5 digits of that Office 2007 Key - excluded from the domain of discourse" - Hold your head in shame CAT III - Yes I broke a toe against the crumbling fence - for real.

Libre Office user (A memory hog - even on the Bit-coin Miner Wonder box Mk II - Core II Duo - 6 Gb of RAM - 2 GB of VID Ram 64 bit Linux all fans alight - 85 Watts - but it keeps the house Warm.) - Now what's happened to my Mt.Gox Wallet ? for another PPruNe thread.

CAT III [Edit: Not being a Troll] - I feel for those affected by the Mt Gox failure - Mixture, being very serious, the complexity of the framework of interaction that we now (all face) is so complex, that we need to teach users explicitly, using a representative example - How to frankly, to cover themselves - but "How" is the question.

You could establish a whole new PP permanent thread.

M.

mixture

In terms of Apple, most of my software is now available off the Apple App Store .... so one login later and I can download my software again without even having to fumble around for license keys. Outside of Apple, same goes for my Adobe suite and other vendors.... all I need to do is remember which email address I registered on their site with... the rest does't matter.... forgot password ? reset it ... forgot license key ? its all there under my account.

Maybe Apple make it more seamless ? I upgraded laptops a couple of months ago, and was up and running on my new one within a couple of hours.

Or maybe, as you point out, for me and others with experience, computer migration is at the "piece of cake" end of the spectrum of complexity....

Google et. all will probably tell you the future's in their clouds and you should stick all your stuff on there ASAP.... but with simplicity also comes restricted functionality and security concerns.

You're probably right... if people knew more about the why's and how's there'd be less reluctance in doing things "properly".

Says someone who's just finished watching a 1080p HD film streamed over the internet and delivered over a segregated QoS'd VLAN on a Cisco switch at home... who needs DVDs, Bluray or a smelly Cinema ?

But none of the above would be possible 5 or 10 years ago, its astonishing the pace of change !

jcbmack

VIPRE firewall is excellent and I have not experienced many false positives; AVG generates far more false positives. However, if you want to go free then Malwarebytes, IOBIT and adblock plus are very useful and the will NOT slow down your computer by anything noticeable. CCleaner (Crap cleaner) is a great way to erase faulty files, cookies and broken links as well as source paths to infected websites.

Some of the newer viruses and certainly many Trojan Horses are more adaptive and they have begun to exploit Machine learning technology, and can be extremely dangerous even at that stage.

Of course many older or amateur viruses can be kept from being active as you point out, but viruses and co-transfer of viruses with other malware more adaptable at various stages are becoming more common.

mixture

Depends on your OS and how you've got it configured.

But given that most threats the average punter gets exposed to arrive via email and are reliant on people clicking on them.....

Headstone

Many thanks for the replies as I can show them to my 20something know it all to convince him to get the machine checked as us old folks know nothing about computers.
One point though if I am not being computer illiterate. I have a Seagram external hard drive which I use to keep photos and documents on. He has downloaded photos from his machine and camera onto this device. Is there anyway the virus/infection could have transferred to my hard drive and then onto my machine when I plugged the hard drive in to my machine?

le Pingouin

Depending on the nature of the infection it's entirely possible, even likely.

Saab Dastard

There speaks a whisky drinker!

SD

jcbmack

Agreed, and depends upon updates in general and how the security is configured.

mixture

Let's hope for his sake it wasn't one of those ransomware encryption ones !

Guest 112233

This malware is pernicious - The creators have used mathematically advanced techniques that have legitimate uses as cryptographic tools for privicy to encrypt user's system's for fraudulent gain.

As said previously the "Cloud" does not protect the user as it is listed in the drive table of the system if you are logged in.

I use several "Seagate" like EXT drives for System Backups as described, having tested each in anger with a system restore, using Windows Vista Business SP2's inbuilt backup utility. I know about Win Backup not having the best reputation but it has been OK so Far.

The Linux box Ubuntu 12.10 x64 - In this case i'm closer to Mixture's methods, and have a Master re-writable DVD with the operating System as downloaded, with a set of complete documentation of the Tweak's (no pun intended). Fixes for the wireless PCI card (a git to get running) and printer settings etc.

But I'm a relatively small scale user - 27 GB to backup under Windows and a much smaller Linux footprint 7 GB or so.

Think of the issues for users with photo collections - Many Gb or Terabytes at stake. Me think's of air gapped systems (internet disconnected), connected by Firewire and data transferred; say once a week, over night -

NB Mac computers use an enhanced connection protocol suite called thunderbolt.

CAT III

mixture

I almost praised you there, but I suspect you implied the other definition of git !

On Linux/BSD boxes (Mac too... it comes bundled with Xcode) .... git (the tool) is an incredibly handy tool for a multitude of purposes, but comes in particularly handy when you're messing around with config files.

Git your /etc dir and you can easily diff' the changes you've made from the base config.



I'd say a combination. Online/Nearline in the sort of form you describe for efficiency, combined with Offline (DVD/Bluray) backups for long term security.

Guest 112233

I was referring to the "absolute g** useage" instead of the libraries [manager]for interfacing componets with Linux computers ( and Yes i'm having a go at that with the pi) - The config.fx bit has a ressonance grrrrrrrrrrrrrr re Flatron W1941S it fought me all of the way: but the Internet documentation helped enormously.

"Almost praised" - Now i'm in real trouble.

CAT III