Protecting "secure zone" & creating restore cds

Discussion in 'Acronis True Image Product Line' started by Blendersww, Feb 27, 2006.

Thread Status:
Not open for further replies.
  1. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Couple questions.....

    Windows XP Pro
    Acronis TI 9.0

    I would like to be able to password protect the Secure Zone Archive I have already created. (on c:\)
    I do malware testing and often purposely infect my "test box" with all kinds of nasties ranging from easy to kill spyware to almost impossible to kill rootkits. Pretty much any baddie is fair game.
    After installing all the software I want to...I don't intend on creating any more backups. Want to be able to revert back to pre-infection state after running all the tests I wanna run.

    Big reason for post...

    Created main "full backup"
    Installed more goodies and created "incremential" backup.
    Created no backups since.

    Then......

    Ran a real nastie 2 weeks ago that turned out to be a file infector...trashed pretty much everything on c:\
    Realatively new infection and no AV could touch it.
    TI Restore went well. (used boot cd and ran ACI from it because Acronis was also infected on c:\ )
    Used the complete restore...Not "snap restore"
    All was well...scans show clean.

    Ran another nastie about a week later and used TI restore again to revert back to normal...Again using complete restore...not "snap"
    I was unable to run any scans or else the computer would crash. Never in same place twice. Slow system, "serious errors" from windows [send] [dont send] typical of Haxdoor infection but it was not present.
    Any malware scanner would crash....leading me to believe I was still infected.
    Any logs created in eventvwr were not present....virus deleted em.
    It also deleted any firewall logs.
    RC showed nothing odd as far as bad drivers possibly rootkit involved.
    Later Bootup errors something to the effect of "boot device not found" (no cd or floppy in drives) led me to believe hdd died....

    Slap another hdd in the box and for the heck of it slaved the bad one to good.
    Re-installed Xp on "new hdd".
    System good and stable.
    Installed my other apps from known good cds.
    Had a look around on the bad hdd and found some nasties. That was immediately after restore. (these were invisible when windows was working and drive was bootable)
    Have had no POST errors since about that supposed bad hdd. (leading me to believe infection was really misbehaving and the hdd is fine)

    I since wiped the hdd clean & removed secure zone from there but wonder how if possible the infection(s) jumped into "secure zone".
    There is supposed to be a way to pw protect secure zone so nothing can make changes unless password is provided....I just can't find that info! :)
    How do I get to setting to enable pw protection?

    Can I create the total backup cds if I start Acronis with bootable cd then do total backup? (so nothing should be accessing the hdd)
    Seems I cannot create the cd(s) within windows. Can't post error log I got because hdd since has been formatted. I was not saving anything from that drive cus I could trust nothing at this point.
    Something about error reading 0-0 (sorry I can't remember more)

    Ideally I would rather do backup to cd(s) so there is no chance anything can infect it.
    If I cannot do that...well "secure zone" password protected will have to do.
    I don't have any other burning software installed...just using whatever is included with ACI.

    Finally...since I re-installed everything to another hdd do I need to create a new boot cd?

    Love the idea of this btw...~ 20 minuites to total restore instead of 6-8 hours formatting/re-installing everything. :)

    Hope I didn't just write the most cornfusing post ever! :rolleyes:

    Thank you muches! :)
     
  2. noonie

    noonie Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    299
    I have much the same scenarios as you.

    There are types of hidden partitions that nothing will touch, but Ti's secure zone, obviously is not one of them.

    Personally I use mobile racks and trays to make complete basic os hdrive images or clones to the removeable drives and remove them from the system until needed. I always just use the TI boot or rescue cd to make and restore images. I don't install Ti at all. Using mobile racks is much, much faster than optical media, although the tib files can be copied to cd or dvd at anytime as long as you made the tib files no larger than 700mb. You can use a great free burn prog called Deepburner to write to cd or dvd later.

    An alternative to that is to image to a shared folder on a network and then disconnect when done.

    If I an os drive become very infected I just write zeros to it with the manufactuers floppy based utilities.
     
  3. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Hi noonie :)

    I just spotted this thread:

    https://www.wilderssecurity.com/showthread.php?t=121447

    Looks like that is likely the best bet. That Deepburner I'll have to try...:)

    Yes I have the most recent version of TI (2337)

    I have to agree that SZ is likely not the most secure way to go. (not to mention the fact it wants to hog a fair chunk of hdd space.)

    Massive infections.....yeah I like ll format myself. I do it regularly.

    So....in short I should be able to get rid of current SZ along with the backups there, boot with boot cd (full version)> create images on cds so windows has nothing going on that prevent TI from full access to the hdd.....right?

    How were you able to create TI boot cd without installing TI?

    I don't have the luxury of a pile of hdd or racks...I pretty much am gonna have to go with cds. I think that is the safest route unless I stupidly leave one of the image cds in the drive....

    I don't want to risk network access when trying to restore an infected pc! Especially where worms & rootkits are involved....
    I just went thru loosing control of one of my tests and basically wiped out the entire network and had to start over on 3 pcs. (I had already used fw on good computers to totally block infected one from any access what-so-ever and still got nailed beyond belief.) Used ZAP to block infected puter's IP addy.
    Infected puter had only WAN access...not LAN access. (so I thought) (Obviously not so)
    Used router to block any outgoing smtp so I wasnt emailing everyone my 'gifts'...lol.
    First time I 'lost it" in several years of 'playing with viruses'...This really ticks me off btw. I lost 3 systems! :oops:

    In this case I was unhable to determine where exactly I lost control because any investigation resulted in hard crash/reboot and any useful logs were deleted presumed by the infections (fw, eventvwr, etc) on all affected computers. Therefore scans of any sort were useless...
    I didn't spend much time trying to investigate....wiped all/re-installed all.
    I did however have whatever I consider important backed up to cds (before infection fest) so it was mostly time I lost. I have all the origional install cds for my OS and big programs like Office, Drivers, etc.

    And why even tho when I am logged in and told it to "remember me" I still have to log in again even to "preview post"??
     
  4. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Blendersww,

    Thank you for choosing Acronis Disk Backup Software.
    I'm afraid that Acronis True Image 9.0 does not have the password protection for an image which you create in Acronis Secure Zone.

    If you want us to change the behaviour of Acronis True Image in any way or add some new features to this product, please feel free to post any of your suggestions in Acronis True Image WISH-LIST thread.

    Please note that Acronis Secure Zone is hidden, protected disk partition on the hard drive. Since this partition is inaccessible by the operating system and applications, you can be sure that the disk images stored are secure and cannot be altered. So, if you create an image to Acronis Secure Zone and there is no any viruses on your computer, the image can't be infected. However, if you have viruses on your computer and create the image to Acronis Secure Zone, this image can be infected.

    It's possible to create the image of the entire hard drive/partition to CDs within Windows and in rescue mode. If you get any error messages, please feel free to submit your request for technical support containing the step-by-step description of the actions taken before the problem appears. We will investigate the problem and try to provide you with the solution..

    Please find the detailed information on how to use Acronis True Image 9.0 in the respective User's Guide.

    Please contact our Support Team and provide the information confirming your purchase of Acronis True Image 9.0. They will provide you with a special ISO image which you can use to create the bootable rescue media without installation of Acronis True Image 9.0.

    Thank you.
    --
    Tatyana Tsyngaeva
     
  5. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Hi

    Thanks for the reply. :)

    That would explain why I cannot find that setting. :)

    What exactly is needed for "proof of purchase"?

    Like I said above....submitting any logs of previous errors is impossible since I formatted the drive, deleted the Secure Zone and started over from complete scratch.

    I will try again to create a new complete backup to cds from within windows first...then try from "rescue mode" if that does not work.
    Since set-up is pretty much the same as before (cept the hdd is larger) I *should be able to reproduce the error(s).

    Hard to say exactly what happened. I do know I was virus free or any other type of malware free when I created the image.
    I then installed more goodies from known good cds and Scans ran fine at that time and no infections.
    Created the 'incremential backup"
    Created no backups since and had nothing set to 'auto-backup'
    Then I went to malware land....
    After getting infected fair bad and collecting logs/files etc, then putting them to usb jump drive I booted with rescue disk I created and did total restore. (yes I removed usb drive)
    This one went well.
    I understand I can use the backup image as many times as I want?
    Second visit to malware land landed me some real nasties. Collected some logs, files, etc> put to usb drive> remove usb drive.
    Done complete restore again. This one didn't go so well. Lots of BSOD, no scans would run withiout crashing/reboot, slow system, odd requests from firewall for programs wanting internet.....
    I couldn't access any logs from fw or eventvwr cus it appears they were deleted. Even recent stuff that should have been logged since restore.
    Tried total restore again just in case some files were not overwritten properly the first time....same results.
    When I started getting "boot device not found" at POST; I figured hdd was on its way out. It's fine....was just infected real bad...lol.
    Sometime during this whole episode I somehow managed to infect the entire network and ended up starting from complete scratch on all computers involved.

    Sorry to blabber on so...:)
     
  6. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Blendersww,

    Thank you for choosing Acronis Disk Backup Software.

    You can provide your order number, e-mail, the information about the place of your purchase our product, etc. in order to confirm your purchase.

    Yes, you can use your image as many times as you prefer.

    As I said above, if you encounter any problems with Acronis True Image 9.0 in future, please provide us with the detailed information on the problem and we will investigate the problem and try to provide you with the solution.

    Thank you.
    --
    Tatyana Tsyngaeva
     
  7. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Hi

    I submitted request here:

    https://www.acronis.com/enterprise/my/support/

    Regarding the ISO image after registering product.

    Obviously for my security I am not posting order numbers, email addresses, etc here. If needed I can PM you the info.
    I can tell you here I downloaded the product directly from Acronis site and used VISA to buy it.
    Not sure if that was the correct link to use but was the one in the ATI "help>about" within the program GUI.
     
  8. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Blendersww,

    Thank you for choosing Acronis Disk Backup Software.

    Please provide your confirmation of purchase via e-mail because we are not eligible to provide you with the ISO image via Private Message on the Forum.

    Thank you.
    --
    Tatyana Tsyngaeva
     
  9. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    HI

    I didn't think I was going to get this ISO img thru the forum...:)

    The link I posted above is where/how I submitted the request.: (not the right place?)

    https://www.acronis.com/enterprise/my/support/

    I did get an "auto-reply" in email:

    Like I said in above post...Not sure if that was the correct place to go since it is not related to a problem with the product.

    What I had meant about the PM was if You needed confirm I would PM you my email addy I had used to register the product and the order number.
     
  10. noonie

    noonie Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    299
    Blendersww

    Hopefully, you downloaded the iso file, if not, you can just do a basic xp install (without updates and tweaks) and install TI to create the restore disk. It's Linux so you need nothing fancy. Then you can either uninstall TI or reinstall your os and use Ti from the boot disk only, if desired. Or you can leave it installed. I prefer to keep my systems as clean as possible.
    If you wrote zeros to the drive and installed os from scratch etc, you should be clean so you can create your image over a share and then put your image files on cd or dvd later from another box.

    Here are some links if your in the US. Can't beat the prices.

    http://www.directron.com/mr27.html

    http://www.circuitcity.com/ccd/Sear...st3160023ark&searchSection=All&go.x=12&go.y=8

    If you ever decide to go that route, you'll love it. You can then stay image or clone and stay isolated easily.

    Good luck and stay clean.
    Good luck
     
  11. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Well...this is kinda odd.

    Knowing all is clean...I decide to try create backups on CD.
    New total backup.
    Ends with error after about 15 minuites of the cd rom working like mad.

    OK...so I can't do this within windows for whatever reason.
    Ok....copy error log created by TI to a folder on desktop.

    Use the boot cd I had already created a while back (when clean) and try it from there...
    cd rom works away for another 10-15 minuites working like crazy and no progress indicating anything created. Tells me backups were created with errors. (write error)
    Remove CD (the one created with errors)
    System crashes to BSOD. (Stop: 0x0000008E (0x0000001D, 0x80534FB4, 0xF7951B34, 0x00000000)
    I have system set to not automatically restart when it crashes.
    Restart
    System crashes to BSOD same stop code
    Restart > Repeat above several times.

    Boot to safe mode & get it started.
    copy crash dump log to TI error folder on desktop.
    Open TI error log in notepad & crash again....

    Reboot again this time to normal mode

    Started OK...try starting TI to look at error logs & crash again to same stop error as above.

    Not sure what went wrong with all this but alla that crashin can't be good! o_O

    Since I have not turned off XP sys restore yet...going to try that cus I cant run TI at all at this point without hard crash.

    <<Sigh>> lol

    @ noonie

    Waiting for email regarding the ISO image. I don't know how long that will take. support may be quite busy and may take a couple days.
     
  12. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Blendersww,

    Thank you for choosing Acronis Disk Backup Software.

    The link which you have used to submit the request is correct. As you have already received the auto-reply, you will be contacted in the nearest future.

    As for the system crashes, please do the following in order to enable mini-dumps.

    - Open Computer properties either by right clicking on My Computer icon and choosing Properties or by opening System properties in Control Panel;
    - Go to Advanced tab;
    - Press Startup and Recover Settings button;
    - Choose Small memory dump in Write debugging information box;
    - Close all the dialog windows by clicking OK buttons.

    Then please reproduce the system crash and send us the mini-dumps created. This will allow us to investigate the problem thoroughly.

    Please also create Acronis Report as it is described in Acronis Help Post.

    Please contact our Support Team once again and provide them with the information requested above.
    We will investigate the problem and try to provide you with the solution.

    Thank you.
    --
    Tatyana Tsyngaeva
     
  13. Blendersww

    Blendersww Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    10
    Hi

    Sorry I didn't get back sooner. I work long hours.

    Have been getting emails from TI support.
    Got the link for the ISO Image file to download and use.
    Have re-produced the problems and am working with them on whatever info/logs etc is needed to troubleshoot the problem(s).

    Thanks for shooting me in the right direction.

    :)
     
Thread Status:
Not open for further replies.