Viruses can transfer through backup files?

Discussion in 'Acronis True Image Product Line' started by azeqebo_757, Oct 29, 2008.

Thread Status:
Not open for further replies.
  1. azeqebo_757

    azeqebo_757 Registered Member

    Joined:
    Oct 29, 2008
    Posts:
    2
    So I have a laptop which I booted up using the Acronis bootcd (Acronis 11). I want to save the image from the laptop to a working desktop computer. Now, I don't know how badly infected the laptop's files maybe. But since the backup is in a *.tib archive, can viruses still transfer over to the working computer? How big of a risk am I taking?
     
  2. bilbus

    bilbus Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    28
    sure if you backed up a virus it will be in the TIB

    Are you asking if it can jump from the TIB to the computer ... nope it can not .. unless you open a infected exe inside the TIB.

    If you restore files from the TIB to the new computer your fine. If you restore files to the new computer and run the file and that file has a virus you will get infected
     
  3. Karma

    Karma Registered Member

    Joined:
    May 13, 2005
    Posts:
    19
    Hi, I'll venture a guess and then the smart ones will correct me if I'm wrong. :eek:

    I doubt that there's any risk of an infected object INSIDE of a TIB would hurt your system.

    Except in these cases:

    1. You mount the TIB to a drive letter and proceed to restore the infected object to a location outside of the TIB on your hard drive. Then in a "what's this?" moment, you proceed to execute it. :cautious:

    or

    2. You mount the TIB to a drive letter and proceed to double-click an infected (application) object so that it executes straight out of the "virtual drive". :blink:

    or

    3. You inadvertently mount the TIB and attach an infected object from the TIB to an email. And then inadvertently send that email to your (soon to be former) best friend. :eek:

    or

    4. You perform a "restore" of a partition from the TIB to a live computer (could be the same one or a different one from the computer that was backed up), then somehow load, execute, email, or otherwise "wake up" a virus that was attached to an object that got backed up on the original computer. :'(


    As I see it, you'd have to make a series of mistakes in order for a backed-up infected object to do any major damage. You'd almost have to try with malicious intent! :shifty:

    This is why it's critical to regularly run an anti-virus program. If you keep a clean house in the first place, then you won't need to worry about backing up any viruses. :D
     
  4. azeqebo_757

    azeqebo_757 Registered Member

    Joined:
    Oct 29, 2008
    Posts:
    2
    Alright, Karma's post kind of confused me, but I kind of get what it means. I am just making an image, not going to be mounting it or exploring it in anyway.

    Thats exactly the question, so if it can't jump from a TIB file then I hope its ok.
    I do wonder how this is accomplished though, aren't files copied over to the backup computer one by one? Or does this tib file work differently? I thought tib files were just like zip files... Or I just don't understand how viruses spread in archives.
     
  5. Karma

    Karma Registered Member

    Joined:
    May 13, 2005
    Posts:
    19
    I think viruses can only spread from "ZIP" files if you extract then access/open/execute them.

    If they're just sitting in a ZIP file and you never extract or execute the infected object, then nothing will happen. They will lie dormant like a seed that never gets water or sunlight.

    Which is what I said in my post above. In far too many words, I'll admit. But I was in a mood. :)

    Maybe somebody from Acronis will add some knowledge for us.

    Good luck!
     
  6. seekforever

    seekforever Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    4,751
    A virus is a piece of code, be it assembly language, macro language or whatever. For it to do anything it has to be "run" so a virus sitting inside a file that is just sitting on the HD or CD can't do anything. If you open the file and give it the needed access to execution facilities then it will do its work. If you have a Word document that has a macro virus in it, and you open the document with Word's macro processing feature enabled, the virus will execute. If the macro processing is disabled, you can open the document and the virus cannot execute but it will still be present in the document file.

    Obviously, the best thing to do is to keep them out of your system since it is impossible to know what is required to execute every known virus type.
     
  7. Ltuae

    Ltuae Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    11
    Location:
    Melbourne.Au
    Logically, if you have good grounds for suspicion that the Image taken from the laptop might be infected, then you would not want to ever restore the rotten thing as a whole package anyway.

    Equally, in that sense the purpose of taking the Image would be to at least backup as much good useful material as possible, and have it available nicely crammed in a .tib, for selective replacement or use if ever required.

    And to do that, you would have to access and extract ("run") files from within the .tib archive, which does expose some danger.
    edit: By "run" I didn't mean 'execute' implicitly, I meant transfer (copy) into system memory, and optionally onto media. That's enough to evoke malware and allow it opportunity to infiltrate. A good AV will realtime alert during an attempted access~copy of naughty data.

    To be near totally safe why don't you simply exclude in ATI from backing up the common known troublemaker extensions?
    eg. something like:
    *.EXE,*.COM,*.BAT,*.CMD,*.VBS,*.PL,*.BAS,*.JS,*.JAVA,*.REG,*.SHS,*.PIF,*.SCR,*.DLL,*.SSH,*.CHM,*.HLP,*.LNK,*.{*},*.CPL

    ..would cover most potential nasties and give some surety that when inspecting or extracting from the .tib you wouldn't be touching vermin that could infiltrate onto your 'good' PC(s).

    Also make sure you're running very good latest-updated AV and Malware murdererware while ever you're playing in the .tib and you'll be pretty safe.
    edit2: corrected my disgraceful spelling [your>you're].

    Make sense?

    --
    Ltuae
     
    Last edited: Oct 31, 2008
  8. Karma

    Karma Registered Member

    Joined:
    May 13, 2005
    Posts:
    19
    Ltuae, you make some great points.

    Yes!

    Plus, a TIB, being a single file, is somewhat portable, though probably only portable from hard drive to hard drive (and not to a memory stick, etc).

    Yes, the difference between "run" and "execute" should be kept in mind. Opening a spreadsheet with macros in it is kind-of/sort-of like running a program.

    This is the one spot where I might disagree with you; though only slightly. If the OP is backing up a data partition (or folder structure), then yes, he could exclude the file types you list.

    But in this day and age, most people don't really keep their data on a single partition. And, in a trend disappointing to me, more and more applications are mixing their data, config, and application code into common folders. Disappointing to me because it makes it harder and harder to just back up my data, if I so desire.

    Indeed. And one thing that I need to get better at is actually RUNNING my AV scan and my malware scan from time to time... :doubt:
     
  9. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello all,

    Thank you for using Acronis True Image

    The archives previously created can be infected (I mean after their creation), but it is very unlikely. At any rate, we are not familiar with such cases, and the likelihood of it is considered to be theoretical.

    If a virus is already present inside a backup archive, it can't infect the system if you don't touch the backup file. If you launch an infected recovered application, or mount the archive, explore it, etc., the malware can become active and infect the system.

    Thank you.

    __

    Oleg Lee
     
  10. dbknox

    dbknox Registered Member

    Joined:
    Jun 7, 2006
    Posts:
    511
    Location:
    Canada
    When I was using win 98 and XP ( I haven't had a virus yet with Vista after a year ) and I got a particularly nasty virus/worm that was proving to be almost impossible to get rid of, I would use TI to restore a known good image and my problem would be easily solved!
    I would make a backup every second day. ( With Vista it is now once a month).
     
Thread Status:
Not open for further replies.