Infected Backups?


J

Juan Wei

If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?

I'm thinking Avast or AVG and Malwarebytes or Superantimalware.

Thanks.
 
Ad

Advertisements

P

pjp

If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?

I'm thinking Avast or AVG and Malwarebytes or Superantimalware.

Thanks.
Not always, sometimes things are so bad it's easier to just do a
complete reinstall.
 
D

Desk Rabbit

If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?
Nope, that won't touch the registry.

Why don't you describe your problem rather than a theory of how you
might fix this un-named problem?
 
J

Juan Wei

Desk Rabbit has written on 8/1/2013 12:06 PM:
Nope, that won't touch the registry.

Why don't you describe your problem rather than a theory of how you
might fix this un-named problem?
Your suggestion about the registry suggests that I asked if running a
virus scan on backed up files will clean a computer. Not so.

I'm concerned only about those files.

I'm not having a problem. I'm just curious.
 
G

Gene E. Bloch

Desk Rabbit has written on 8/1/2013 12:06 PM:

Your suggestion about the registry suggests that I asked if running a
virus scan on backed up files will clean a computer. Not so.
No, he suggested that running a scan on an external drive won't touch
the registry files on the external drive.

That is correct.
 
J

Juan Wei

Gene E. Bloch has written on 8/1/2013 2:40 PM:
No, he suggested that running a scan on an external drive won't touch
the registry files on the external drive.
I didn't know that there would be registry files on an external HD.
 
Ad

Advertisements

G

Gene E. Bloch

Gene E. Bloch has written on 8/1/2013 2:40 PM:

I didn't know that there would be registry files on an external HD.
If the external HD is a copy (clone) of the OS disk, that will happen.
If not (which you seemed to imply) then perhaps not.
 
D

Desk Rabbit

Desk Rabbit has written on 8/1/2013 12:06 PM:

Your suggestion about the registry suggests that I asked if running a
virus scan on backed up files will clean a computer. Not so.

I'm concerned only about those files.

I'm not having a problem. I'm just curious.
You are assuming that the virus has infected a file or files. This may
have been the case years ago but more likely the infection will be in a
file that the user downloads. Moving that file to another disk will take
that infected file off the machine but it's possible there is more than
one part to the infection, such as a registry entry that kicks off a
process using valid OS programs to download another copy of the
virus/trojan.

Your view of the virus removal process is quiet naive but I can't fault
you for being curious.
 
W

Wolf K

If the external HD is a copy (clone) of the OS disk, that will happen.
If not (which you seemed to imply) then perhaps not.
Every "volume" has hidden "system volume information" files on it.
Functionally, these are part of the registry, as I understand it.

On most systems, a "volume" is a partition. AIUI, a "volume" is a
container for folders/files. It can span several "drives", both physical
and logical. Part of the problem here is that terminology is not
standardised. MS itself uses these terms inconsistently.

HTH

Best,
Wolf K
kirkwood40.blogspot.ca
 
J

Juan Wei

Desk Rabbit has written on 8/2/2013 5:09 AM:
You are assuming that the virus has infected a file or files.
No, you're assuming that I think that infecting a computer only infects
a few files. I don't.
This may
have been the case years ago but more likely the infection will be in a
file that the user downloads. Moving that file to another disk will take
that infected file off the machine but it's possible there is more than
one part to the infection, such as a registry entry that kicks off a
process using valid OS programs to download another copy of the
virus/trojan.
I'm sure you're right.
Your view of the virus removal process is quiet naive but I can't fault
you for being curious.
Hell, no! Read my original question again:

"If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?"

Note the penultimate word "them". It refers ONLY to the files.

I said nothing about cleaning up the computer they came from.

Now, I'll tell you what I was thinking:

1) Backup data to an external HD
2) Disinfect them
3) Nuke and pave the infected computer
4) Restore the data
 
D

Dave

Desk Rabbit has written on 8/2/2013 5:09 AM:

No, you're assuming that I think that infecting a computer only infects
a few files. I don't.


I'm sure you're right.


Hell, no! Read my original question again:

"If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?"

Note the penultimate word "them". It refers ONLY to the files.

I said nothing about cleaning up the computer they came from.

Now, I'll tell you what I was thinking:

1) Backup data to an external HD 2) Disinfect them 3) Nuke and pave the
infected computer 4) Restore the data
Data files are not vulnerable to infection, only executable files. An
infected executable could corrupt or erase data files but I think your
concerns are unwarranted. What you want to do is ok if in fact your
machine has been attacked and you can't clean it up running anti malware.
 
Ad

Advertisements

G

Gene E. Bloch

Every "volume" has hidden "system volume information" files on it.
Functionally, these are part of the registry, as I understand it.

On most systems, a "volume" is a partition. AIUI, a "volume" is a
container for folders/files. It can span several "drives", both physical
and logical. Part of the problem here is that terminology is not
standardised. MS itself uses these terms inconsistently.

HTH

Best,
Wolf K
kirkwood40.blogspot.ca
AIUI, in a way you're correct. SVI is the place where System restore
backups are kept, including Registry backups. But this is not literally
*part* of the registry, any more than any other backup file is a part of
what it's a back up of.

As for volume versus disk, I stand corrected - thanks.

Trying to document what I said about SVI, most of what I can find is
hints on how to access the directory or how to get rid of it, but here's
an exception, although it's for XP and Vista:

http://wiki.lunarsoft.net/wiki/System_Volume_Information
 
Z

Zaphod Beeblebrox

Data files are not vulnerable to infection, only executable files.
How 90's of you. Google "word document virus infection" for a start,
but there are many examples of ways that a "data" file can be
compromised in a way that when opened infests the host.

--
Zaphod

If I had two heads like you, Zaphod,
I could have hours of fun banging them against a wall.
-Ford Prefect
 
K

Ken Blake

Data files are not vulnerable to infection, only executable files. An
infected executable could corrupt or erase data files but I think your
concerns are unwarranted. What you want to do is ok if in fact your
machine has been attacked and you can't clean it up running anti malware.


Please note that many types of data files (Word, for example) can
contain macros. And if they contain macros they *are* executable
files. And there have been countless examples of infected data files
that have been sent to people as e-mail attachments and from which
they have gotten infected.
 
Z

Zaphod Beeblebrox

Please note that many types of data files (Word, for example) can
contain macros. And if they contain macros they *are* executable
files. And there have been countless examples of infected data files
that have been sent to people as e-mail attachments and from which
they have gotten infected.
And they don't even have to be data files that traditionally contain
macros. There are many examples of exploits that use malformed data
files of a particular type that exploit flaws in the software that
reads them. I don't know if there are "viruses" that "infect" data
files by inserting the required data into an existing file but I do
believe there are those that replace existing files with malformed
files.

--
Zaphod

Arthur: All my life I've had this strange feeling that there's
something big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.
 
W

Wolf K

On 2013-08-02 11:21 AM, Juan Wei wrote:
[...]
Now, I'll tell you what I was thinking:

1) Backup data to an external HD
2) Disinfect them
3) Nuke and pave the infected computer
4) Restore the data
Will work for "simple" infections. But some malware will propagate to
the external drive, too. I suspect we'll see more of that type.
Disinfecting the external drive may work; you just have to experiment.

FWIW, I use an active shield, which about once a week tells me it's
prevented a known bad file from opening. Most of these bad files are
adware or spyware, and come embedded in software downloads.

HTH
 
Ad

Advertisements

D

DanS

Desk Rabbit has written on 8/2/2013 5:09 AM:

No, you're assuming that I think that infecting a computer only infects
a few files. I don't.


I'm sure you're right.


Hell, no! Read my original question again:

"If I back up some files to an external HD, and then run a virus and an
anti-malware scan on the HD, is that sufficient to clean them up?"

Note the penultimate word "them". It refers ONLY to the files.

I said nothing about cleaning up the computer they came from.

Now, I'll tell you what I was thinking:

1) Backup data to an external HD 2) Disinfect them 3) Nuke and pave the
infected computer 4) Restore the data
FWIW....while I've never had a real virus or malware problem on any of
*my* PC's, I have cleaned dozens of PCs for other people (which I stopped
doing a couple years ago).....

Even using paid for AV utilities, I've never seen any of them actually
able to "clean" a file that really was infected with a virus (the
"standard way", the way a *real* virus works).
 
K

Ken Blake

On 2013-08-02 1:24 PM, Dave wrote:
[...]
Data files are not vulnerable to infection, only executable files.[...]
False.

What you say is of course correct. However I think that what he
perhaps meant is "Data files are not vulnerable to [virus] infection,
only executable files."
 
Ad

Advertisements

D

DanS

Please note that many types of data files (Word, for example) can
contain macros. And if they contain macros they *are* executable files.
And there have been countless examples of infected data files that have
been sent to people as e-mail attachments and from which they have
gotten infected.
Let's add media files to that too. Well, MS format media files, at least,
anyway, like wmv's and wma's, that can have scripts embedded in them.

It's always best to use something other than WMP to play media files.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top