Introducing AX64 Time Machine - hybrid imaging/snapshot software

Discussion in 'backup, imaging & disk mgmt' started by Isso, Jan 18, 2013.

  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Good to know about bets.

    @Isso
    Can AX64 work with Linux partitions. What if I use it just for normal image and restore of my Linux partition?
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Good to know about beta.

    @Isso
    Can AX64 work with Linux partitions. What if I use it just for normal image and restore of my Linux partition?

    Can I expect the beta to fix bypass by TDL4 root kit etc.

    Thanks
     
  3. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    aigle, would you please inform me as to what that's all about (wrt AX64)?

    Thanks,
    Cruise
     
  4. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    4,459
    Location:
    The Pond - USA
    Aigle, TDL4 is a MBR vectored infection. At the moment, to my understanding, AXTM does not deal with the MBR in any way. Based on that, the infection would stand between snapshots.
     
  5. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    4,459
    Location:
    The Pond - USA
    Aigle, I think AXTM needs an indigenous volume tracking mechanism for the partition it protects. My guess is that only the Windows ROOT system partition is the one it can manage at the moment.
     
  6. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    Froggie, aigle,

    We already added MBR restore support to the program, so beta version should cope with TDL rootkit just fine. I'll be testing it in upcoming days.

    Linux partitions aren't supported, sorry.

    For supported partitions - the user may select any partition (system, or non-system) to be protected. In both cases, if a boot (small hidden) partition exists on the drive, that is automatically backed up and restored too.
     
  7. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    4,459
    Location:
    The Pond - USA
    Don't take those thinking caps off just yet... :eek:

    There are two new variants of the TDL rootkit... one modifies the VBR (Volume Boot Record) and leaves the MBR in tact (do you image the VBR when your taking your snapshot?), the other creates a hidden partition out at the end of the disk with its own file structure (looks UNALLOCATED to a partition tool), makes it active, then modifies the partition table in the MBR to BOOT through the hidden partition (kinda like a special SYSTEM partition).

    These guys are very creative...
     
  8. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    Froggie,

    Thank you for the information. Yes, AXTM does restore VBR too. So as long as TDL depends on either VBR or MBR, it should be killed upon restore.

    Isso
     
  9. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Shoud it? While there's no arguing that would enhance malware-protection, I don't think that invading the MBR is the only way malware could mess-up an AX64 system!

    Cruise
     
  10. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Isso, while the ability to restore the MBR is important, I hope that it's a selectable option because there are times when we might not want to restore the MBR.

    Cruise
     
  11. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    Cruise, yes, that's an optional feature. I agree that malware may use other methods to compromise the system, but MBR IMHO should be protected, because it's one of the parts of OS that is quite easy to hack.

    Isso
     
  12. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Excellent.


    No argument about that, but some of the 'nasties' out there load direct disk I/0 drivers which can cause havoc anywhere!

    Cruise
     
  13. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    Yeah I agree. But those drivers will be placed into the partition itself, so will be handled by normal backup/restore.

    Isso
     
  14. carfal

    carfal Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    177
    Isso, I've solved the "Error! Please try other media" message.

    It's amazing how trying to resolve another issue brings light on existing problems. I installed the latest version of IFW v2.80 and was trying to create a boot disk for it. It was failing miserably. It complained that the Winre.wim file was not at its expected location. I wondered if my F8 boot recovery still worked and discovered that the "Startup repair" option teminated with error. I have no idea how long this had been broken.

    I did a quick google and soon learned that Winre.win should be located in a hidden/protected folder called "C:\Recovery". Since i dont know how to get folder permissions properly to look inside ( and then there's the issue of reinstating them exactly the same) i thought i'd do a google on repairing the Winre enviroment. I concluded that i'm the only person in the world with this issue. :argh: All the links talked about everything except how to fix missing files. Then i remembered a program from Josh Cell from MyDigitalLife forums called "Winownership". Essentially allows access to protected folders/files. I was able to look inside "C:\Recovery\{GUID}" and saw that Winre.wim had been renamed to Winre.dat. So i renamed it back to Winre.wim and my startup repair now works.

    It suddenly hit me that this was probably the issue with AX64 boot disk creation so i tried it again and problem solved! It successfully created the boot disk.
     
    Last edited: Mar 9, 2013
  15. carfal

    carfal Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    177
    Thanks for your suggestion and links RollbackFrog. I did download them but as you can see from my post above this issue should now be fixable.
     
  16. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    11,168
    Location:
    NSW, Australia
    carfal,

    Aladdin knows all about missing winre.wim. I think his was due to Rollback Rx usage.
     
  17. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi Brain,

    You beat me to this! :D

    Yes, it is Rollback Rx which renames the winre.wim to winre.dat. And, upon uninstall of Rollback Rx, it doesn't name back the file to the original name. From winre.dat to winre.wim.

    I remember pulling my hair out on my machines, eventually I had to reinstall Win 7 x64 on four of my machines, which is not very easy task.

    Best regards,

    Mohamed
     
    Last edited: Mar 9, 2013
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Thanks
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    TDL4 can bypass AX64 recovery ATM.
     
  20. carfal

    carfal Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    177
    I just ran some tests in a VM and as predicted you guys are right, RBRX is the culprit of renaming the "Winre.wim" file to "Winre.dat".

    However it seems they've fixed the issue in RBRx v10 of renaming it back to Winre.wim after uninstalling RBRX. In my VM, Winre.wim was correctly renamed back after uninstall.

    I havent had any issue since i manually renamed "Winre.dat" back to "Winre.win" while RBRx v10 was still installed.

    I'll keep an eye on it and report any adverse effects.
     
  21. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    carfal,

    Of course, how could I forget about Winre.dat issue! We discussed it a while ago and aladdin pointed the problem root. I'm happy that it works for you now.

    Isso
     
  22. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    By the way, does anyone have any idea about why RBX renames that wim file?

    Isso
     
  23. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    To disable Windows Recovery. Windows Recovery breaks Rollback Rx.

    Best regards,

    Mohamed
     
  24. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Carfal,

    You can see now how badly Rollback Rx is written. From version 6 or 7 until version 9, for many, many years Rollback Rx messed up the "System Recovery", even for those who just wanted to have a 14 days trail.

    I am sure that you won't agree that Rollback Rx is a craaapy program and HDS is an ethical company, but it doesn't matter. Most people on this forum have already concluded as such.

    Having said the above, I have still some machines suffering from the above based on 14 days trail I had on these machines. And, would like detail instructions on how you fixed your machine. If we don't need to hijack this thread, then you can please PM me.

    Best regards,
     
  25. Isso

    Isso Developer

    Joined:
    Mar 28, 2009
    Posts:
    1,450
    I see, thank you Mohamed. Ironically, we faced two same problems as Rollback RX about a year ago - 1) TRIM support and 2) Problems when the volume is modified from outside OS.

    Rollback RX developers just went ahead and used two hacks - disabled TRIM and recovery environment. That I guess would take us a week to implement. Instead we spent entire year to properly resolve those issues, as I would never even think of releasing a program with such ugly hacks.

    What we have as a result - RBX guys are making money for entire year, and we are almost broke. Summary - it's not always a good idea to perfect the program.

    Moreover - if RBX guys now fix any of these problems, and make a paid update - the users will happily buy it, giving even more revenue to the company (another advantage of releasing a non-perfect program).

    Just thinking out loud...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.