Fastest, easiest way to recover PCs lost to viruses and malware?

Question

Probably like most people here I get the awesome task of looking after all my elderly relatives PCs, because 'you know about computers'. Right now I'm reinstalling XP on two of them, instead of doing useful work, because they are so infected with viruses and malware from general internet surfing ("you're our thousandth customer, click here to claim your prize!" type stuff) that they are beyond rescue.

I put Kaspersky internet security on last time i rebuild them, but good though it is it can't help when the user ignores or overrides it's instructions. I've pretty much decided that preventing virus infection is a lost cause here.

Anyway on to the questions:

I'd like to image the pc's once the reinstalls are complete, so next time this happens i can just drop the old image back on, ideally i'd like to be able to pull an image off each of the pc's from this machine and store it on my server (Windows 2003), what's the best Windows based option for this?

I'd also like to be able to periodically backup the data from these pc's over the internet to my server, so far no data has been lost to the various infections, but it's only a matter of time. What's the best solution for this which requires the least amount of user effort? If possible i'd like to pull the data to the server rather than requiring the user to start a backup.

Answer 1

Assuming the PCs are reasonably new and so you have the gigantic hard drives which are standard these days, you can make 3 partitions:

1. C: - Windows and Applications
2. D: - Data - Update the registry to move C:\Documents And Settings to here
3. Hidden - Partition to store the image of your clean build

In my experience when a PC gets killed by virus it's Windows and Applications that get infected and data is usually safe. If you keep the data on a separate partition then you can re-image safely.

Keeping the image on the PC is the best way to ensure it's always to hand. If you don't give the partition a drive letter in Windows your users/relatives never need know it's there.

I use the free PartImage to create my images which can be found with loads of other handy tools on the excellent SystemRescueCD

Answer 2

You cannot go past Acronis True Image for imaging the pc's. As for backup maybe something like mozy

Answer 3

Slightly unsuitable for your situation, but still a possibility... Windows Home Server. It will basically allow you to set and forget your backups, and from a recent post by Hanselman, it is incredibly simple to restore in the event of a failure/virus/other catastrophic failure.

Answer 4

Norton Ghost does a pretty good job of imaging drives and the restore process is pretty straight forward.

I don't know about pulling a backup from over the internet.

I know you asked for a windows solution but if they are just using the computer for a internet browser/ email machine kubuntu would be a good choice.

Answer 5

I told my parents that if they ask me for help with a virus infested computer, I'd install Linux on it. That way they either call me and I solve the problem for good, or they call the Geek Squad every few weeks and leave me alone. Either way, it's a win for me.

Answer 6

Is it just me or is this NOT a programming question!?

Answer 7

Although re-loading the OS from a clean image is the most complete recovery, sometimes this is overkill. I recommend that (from a new/clean OS install) you load and run "Hijack-This" (freeware program) and then save the logfile of registry entries it finds. If you run it again later any changes it finds in the registry entries will show you programs/malware installed after the clean image. This will help you decide if the malware so bad you need to reimage, or if you have a chance of cleaning it manually.

Answer 8

I use Drive Snapshot with an external drive to backup and restore systems.

A 30 day trial version is included with Bart PE. This will let you boot from a CD and restore a windows system from "bare metal". After the 30 day trail period you can still restore the image.

I find that Drive Snapshot works much better than Ghost.

Some of the features of Drive Snapshot: * Checks if its' .exe has become corrupted, warn you, and refuse to run.
* Works in DOS and Windows.
* Takes advantage of Win XP Copy on Write feature. * Can mount a disk image to look like a drive. * Can restore to a different size partition, as long as there is enough room. * Knows about windows files like the page and hibernate files. * Does not require installation to run. * 242 KB executable!

Hope this helps.