How many times you faced the next scenario ? Your installed antivirus find a virus in your system, ask for your options, you choose to delete it, the antivirus tries to do so, it reboot the computer to complete the deletion procedure but the virus is reported again ? No matter how many times the deletion procedure is repeated, the virus is still there ?
There are cases when only disinfection is available as an option, when an important file part of the operating system is infected as: explorer.exe, svchost.exe, services.exe, winlogon.exe, lsass.exe or smss.exe. In these cases, to delete or quarantine such a vital file will render the operating system inoperable but also the disinfection fail miserable, at every computer reboot we find that the computer virus survived. Even trying an another antivirus is not giving the desired results, the virus is very deep embedded in the operating system or it has backup copies of itself somewhere on the hard disk the fact is simply it can be not removed from the computer.
Let’s say though the virus is deleted by our security program. Very often, after a strong infection, we have a discomfort feeling, we don’t know if the virus is fully deleted or malicious components are left on the system. An antivirus can ideally delete a computer virus but the changes made by this virus to the system are not reverted back, this is not an antivirus job. These changes can be as dangerous as the virus itself, a virus can affect the browser homepage and searches behaviour, can change the background used for desktop, or as more serious problems, can modify the registry opening backdoors or vulnerabilities, even if the virus is dead these changes remains untouched. A very simple and apparently inoffensive change made by a virus in the registry(only a key value is changed) is to instruct the system to use a proxy server when no proxy is used. The result is the lose of connectivity and for a not so savvy user this is an insurmountable problem.
Ok, these are the facts, what are the solutions ? One solution is an operating system fresh install, I don’t know how many times I reinstalled the system in my old computer due to a strong virus infection or simply because the system become in time overloaded with all sort of junks, files and registry keys left by the previous software installs after uninstalling them, temporary files, backup files and so on.
When the system start to be slow or unresponsive, when the Users or Windows folders size grows to the sky, I knew it’s time for a Windows fresh install. But, formatting the hard disk and reinstalling the OS has its disadvantages: it’s a lot of time-consuming and all of your installed programs or personal folders are deleted forever, to resume you must format the hard disk, reinstall OS and reinstall all the needed programs and drivers, it can takes several hours. At this point I must mention two little programs, nLite — for Microsoft Windows XP or vLite for Windows Vista, they can help you customize the Windows installation, removing unwanted Windows components or adding pre-installed programs, drivers and Hotfixes at your choice. These programs offers also the so called Unattended Setup, all of your settings, registration keys, services configuration are saved when the bootable Windows setup media(CD or DVD) is created. Using these programs can shorten the necessary time for a fresh OS install but not too much.
Other alternative is the Windows System Restore but this service handle only the main components and settings of the operating system not the whole active partition — that’s the partition where is Windows installed, usually the C:\ partition. Without doubt, the default Windows system restore is not bulletproof against the viruses, who can bypass or survive in certain circumstances to the restoring procedure. Other disadvantage is in the case the operating system is critically corrupt and unbootable, the System Restore does not helps us at all.
Luckily for us, there are better alternatives both to a Windows fresh install or to the default Windows System Restore.
RollBack RX from HorizonDataSys is a such better Windows system restore alternative and has some very powerful features which is not met in other restore systems.
It supports up to 60.000 system snapshots, being able to restore the system to any snapshot with data synchronization even from a totally crashed and unbootable system. The impact on the system performances is very low and the snapshots are created automatically, manually, at computer startup or upon file execution, in less than 3 seconds. If the system become overloaded with junk or infected with malware or even if a program uninstaller does not work correctly and leave behind files and registry entries, the system can be restored to a previous state in no time getting rid of junk.
Because the program has a driver which is loaded independently of Windows operating system, after the computer start but before the Windows boot, it does not matter if Windows installation is corrupted, RollBack RX will offer to the user the chance to revert back the system to a previous working state (snapshot) and not only the important files are restored but instead the whole hard disk, all the partitions if that’s was the user option.
RollBack RX offers a nice and clean interface providing logs about operations performed or the disk space usage by the each snapshot. Without to be wrong, it can be considered a data loss prevention system.
The snapshots can be encrypted and the Access Control feature prevent unauthorized persons to get access to the program console and make changes.
Another program that I like very much is Acronis True Image Home. This is a complete backup and recovery solution, able to recover the system from any disaster, excluding of course the fire or an earthquake. It make an image of chosen hard drive or to the whole hard disk, image which is bit by bit, identical to the backed up drive including the free space, it is a true clone of it.
This program is also abundant in amazing features:
- -Nonstop backup, assuring a continuous file and drives protection;
- -Online storage for saving your backups. Now I see I was wrong when I said the program it’s not able to protect the data if the computer melts in fire;
- -Option to create a bootable media: CD, DVD or USB stick;
- -Try & Decide is kind of sandbox, when it is ON you can install and test intrusted software, visit suspicious websites or open dubious email attachments. After you’ve done these risky operations you can discard or apply the changes to the real system, discarding them gives you the peace of mind that no malicious changes are made to the system;
- -Emails form Microsoft Outlook Express or single files can be backed up individually;
- -Incremental, Differential or full backup;
- -You can save reserve copies of the backups on a USB flash drive or a Network drive;
- -Recovering to different hardware;
- -The possibility to mount and explore a hard disk image as a virtual drive, you can open, save, copy, move, create, delete files or folders;
Any of these programs, Acronis True Image Home or RollBack Rx can keep the user out of headaches, when very important data are deleted accidentally or as result of a virus action. Moreover, if you suspect a malware infection, if your system become slow or every time you feel an operating system fresh install is necessary, you can have it in seconds with a few mouse clicks. In fact, just to be sure, it’s recommended to restore the system to a previous clean state and to change all of your online credentials periodically; you never know for sure what is hiding into your operating system.
Keep safe !