Quote:
|
Originally Posted by jmk94903
Restoring an image performs the essentially the same functions as a format, so if that would eliminate a rootkit, restoring an image will also.
Unless someone creates a new super rootkit, restoring an image of the boot drive will eliminate it. That's why image backups are so valuable.
By the way, backups are usually at least a few days or weeks old and restoring one will delete all data created since the backup. If this is a problem, make an image immediately BEFORE retoring the older image.
You can safely retrieve your data files from the image without worrying about the rootkit reactivating.
|
Thank you for that speedy reply JMK! I am assuming from your reply that it does not matter that I am only restoring the C partition from an image archive of just the C Drive… Basically I keep all my data on my D partition, I used TweakUI to relocate the various important folders such as MyDocs and such to that partition when I built up the system, and various registry hacks where needed, also tell Firefox to locate the Bookmarks.htm file on that drive as well. I only use webmail interfaces for mail.
I then pretty much just surf with just a name brand anti-spyware and firewall software (no anti-virus software), and if (it actually has not happened in a long while) I suddenly find some malware doing the funky chicken on my desktop then I can put in the TrueImage Boot CD, reboot and restore from the image of the C Drive without hesitating to think if I am losing something – the restored OS immediately is "linked" back up to the data because the data was on D all along.
My question came from reading a PCMag story about how some of the newer viruses were combining rootkits (new versions Bagel apparently), and I wanted to be sure that my strategy was still valid in the face of those threats.
Anywho thanks for the input!
June 3rd, 2006, 12:38 PM
How-to handle a rootkit invasion
Re: How-to handle a rootkit invasion
Re: How-to handle a rootkit invasion
Re: How-to handle a rootkit invasion
