putting together a rescue package

Discussion in 'malware problems & news' started by wampmonster, Dec 22, 2013.

Thread Status:
Not open for further replies.
  1. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Let's make a list of things that would be useful if you got diddled by cryptolocker and needed to bring your computer back. I'd start off with:

    gparted [say on a DVD]: sometimes when restoring the backup needs a bigger partition. Gparted can solve this problem.

    DBAN [burnt to a DVD] : for cleaning the whole slate before restoring the system.
     
  2. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Trinity rescue kit [ not sure what this does]
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I would recommend making an image periodically, perhaps using one of the programs mentioned at https://www.wilderssecurity.com/showthread.php?t=327781. You mentioned in the other thread that you're hesitant to make an image due to partition size issues; you could, however, devote 1 or perhaps 2 external drives for just image backups. The external drives devoted to imaging needn't ever be stored offsite. Just be sure to remember that if you restore an image, that you afterwards need to restore your data files from your most recent data files backup.
     
  4. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Start with a USB flash drive having a capacity of 32GB (or more depending on the size of the recovery image or images).

    Install Paragon free 12 and Macrium free 5.2 (or use a paid version of either or both if you have a license or need the extra features).

    Divide the USB drive into four partitions:

    A) The imaging apps.

    B) Where the recovery images will be stored.

    C) A partition for other applications: file recovery, AV/AM, file and registry unlockers, partitioning, HDD testing, disc mapping, and anything else you might need for your situation. My particular needs would concern recovery of XP and my list would include Recuva, Unlocker, Malwarebytes Registry Assassin and File Assassin, Roadkills' Unstoppable Copier, CCleaner, Glary Utilities version 2.6.0.228 (totally free and no pop-up ads ever), MBAM, Emsisoft Emergency Kit, GParted, Partition Wizard (free edition), DBAN, Maxtor Low-Level Format Tool, Firefox, Process Explorer, KeyFinder, Magical Jelly Bean, Auslogics Disk Defrag 4.4.1.0, and SBIE free or paid if you have a subscription.

    D) A bootable Linux distro.

    -or-
    A, C, and D on a bootable DVD and backup images on an external drive.
     
  5. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Well;

    Looks like I've killed another thread ! :argh: :argh: :argh:
     
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I guess my approach would be simple.

    I make whole drive images and additionally back up my data separately. If CryptoLocker happened to me, I'd probably nuke the drive and restore back to the way it was before the infection. Other than the nuking tool (which I never use but have on hand), the other programs are in regular use.

    From accounts I've read, CryptoLocker may not be all that difficult to remove. The issue is the encryption of one's data. But my backup preparations make that of little concern...
     
  7. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Re: putting together a rescue paickage

    DBAN
    GParted and/or Partition Wizard
    Cold Imaging/Restore on USB
    OS Installation Media on USB
    Linux Live CD/USB
    Any 1 of the System Rescue Discs listed here:
    http://lifehacker.com/5984707/five-best-system-rescue-discs

    Data recovery program
    WSUS Offline Update/Portable Update
    (to speed up the update process for Windows in case of fresh install or a much older image restore)
     
Loading...
Thread Status:
Not open for further replies.