SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows XP

System heavily infected by burdensome virus

(20 posts)
  • Started 1 year ago by Genera
  • Latest reply from gedstar
  • Topic Viewed 1394 times

Genera
Posts: 6

So, that's my first post on this forum. I would like to share with you my problem about system infection. I tried plenty of methods of system cleaning but now I still have some virus. First of all my residental AV doesn't detect this infection. Then I wrote on Polish forum, where there is a person who can help cleaning system by analysing OTL reports. OTL also failed, it could not detect this trash ... Then I run GMER and ... IT ALSO FAILED (run in normal mode caused BSOD, in Safe Mode no rootkits detected) so Polish specialists could not help me anyway. Then I finally decided to scan my system by ComboFix. Here is the log:

ComboFix 12-10-21.02 - Administrator 2012-10-21 19:43:39.1.2 - x86
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: ESET Smart Security 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezydentny antywirus jest aktywny
.
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-09-21 do 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-19 11:34 . 2012-10-19 11:34 -------- d-----w- c:\program files\Windows Kits
2012-10-19 11:19 . 2012-10-19 11:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Package Cache
2012-10-16 20:08 . 2012-10-16 20:08 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes
2012-10-16 20:07 . 2012-10-16 20:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-10-13 18:31 . 2012-10-13 18:31 -------- d-----w- c:\program files\Common Files\Skype
2012-10-13 18:31 . 2012-10-13 18:31 -------- d-----r- c:\program files\Skype
2012-10-13 18:11 . 2012-10-13 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:17 . 2012-04-05 09:14 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:17 . 2011-09-12 19:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-06-30 19:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-09-21 17:15 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-06-30 19:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:17 . 2010-01-21 22:47 920064 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2010-01-21 22:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2010-01-21 22:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:09 . 2010-01-21 22:47 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2010-01-21 22:47 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2010-01-21 22:47 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2009-08-04 17:23 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-12 18:45 . 2012-10-12 18:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-21 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2010-01-21 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-01-21 15360]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-5-3 3553176]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Counter-Strike 1.6 V42 DiGiTALZONE\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows
"3587:TCP"= 3587:TCP:Grupowanie w sieci równorzędnej Windows
"3540:UDP"= 3540:UDP:Protokół PNRP (Peer Name Resolution Protocol)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Si3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2010-01-22 102528]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2010-01-22 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2010-01-22 212520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-03-14 120152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 Iprip;Odbiornik RIP;c:\windows\System32\svchost.exe -k netsvcs [2010-01-22 14336]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-09-29 12928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-12 2255464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-09-12 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 115168]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 250808]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:17]
.
2012-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-10-16 c:\windows\Tasks\Zapisy gier.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-04-02 23:27]
.
.
------- Skan uzupełniający -------
.
uStart Page =
IE: E&ksportuj do programu Microsoft Excel
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\fyz2ri2i.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-04 20:40; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 20:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-573735546-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,96,1b,77,93,2d,b1,46,b8,8f,ee,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,96,1b,77,93,2d,b1,46,b8,8f,ee,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,96,1b,77,93,2d,b1,46,b8,8f,ee,\
.
[HKEY_USERS\S-1-5-21-507921405-573735546-1177238915-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-507921405-573735546-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,46,02,83,9b,93,fa,b6,3a,13,02,5a,72,91,a2,d4,9c,b8,4d,d0,ce,95,d1,
b0,da,14,28,66,8a,7b,53,76,fe,84,33,c3,b3,1e,82,c6,07,17,1d,b0,8b,f1,85,70,\
"??"=hex:fa,55,9c,70,e7,da,6c,2a,83,f0,b0,0a,1a,c0,be,a3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Czas ukończenia: 2012-10-21 20:33:06 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-10-21 18:33
.
Przed: 35 207 319 552 bajtów wolnych
Po: 35 656 245 248 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 849E04247A1971A22C39D0A971F71F8C

This is in Polish verion, because I use Polish version of Windows Professional SP3.
My question is what exactly is THAT ? Rootkit or something like that ?

Posted 1 year ago
Top
 
Enthusiast
Enthusiast
Posts: 566

Instead of spending any more time trying to remove the virus from your system, it may be faster to re-install Windows XP. That way you know the virus is totally removed.

Posted 1 year ago
Top
 
Genera
Posts: 6

No no no I have a lot of important files on my computer and no external drives :(
I must save them ...

Posted 1 year ago
Top
 
Ruja
Posts: 230

Seriously, how many GB are we talking about? If it's not much you could use cloud services such as Dropbox (2 GB) or Ubuntu One (5 GB) to backup them. Or you could just ask a friend or someone to for an external HDD. I agree with Enthusiast, fresh reinstall is probably the best option. Also remember Windows XP is an 11-year-old operating system, I would consider upgrading to a newer operating system, such as Windows 7 or Ubuntu 12.04.

Anyways, if you still refuse to reinstall we may come with another option for you.

Posted 1 year ago
Top
 
Xhi
Xhi
Posts: 6298

Have you run Malwarebytes and SuperAntiSpyware In Safe Mode with networking so they can be updated?

Have you identified the VIRUS? What are the symptoms?

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

Genera ,

What makes you say it's a Rootkit ?

Posted 1 year ago
Top
 
Genera
Posts: 6

I don't want to spend more time formatting HDD, installing XP again, installing drivers again, installing programs again, updates, games and other things. My computer will NOT carry the requirements of Vista, really.

Just 100% kill the virus. I want to win this battle

@GuiltySpark
Because my AV (ESET Smart Security) cannot find the virus. Most of rootkits are undetectable.

@Xhi
Oh, I forgot. System also scanned by MBAM. No results.

The symptom is that after some time some websites don't work and surfing on Internet is impossible. And system is MUCH (especially startup) slower, than before the infection.

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

So you cleaned you system out, No AV found any problems and No Rootkit detectors found anything.

I think you are looking for something that doesn't exist.

So I ask again what makes you think you have a rootkit ?

Posted 1 year ago
Top
 
Genera
Posts: 6

@GuiltySpark

NO, because system is still VERY slow ;/

And first of all, please ANALYZE my ComboFix log.

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

Doesn't mean you have Malware of any kind.

Posted 1 year ago
Top
 
Genera
Posts: 6

OMG ... I don't know I bet my computer that I have some virus. And again, please look at the log.

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

I have looked at the log and No where does it state about any problems.

Posted 1 year ago
Top
 
Genera
Posts: 6

But what are the files that ComboFix deleted ? Hm ?

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

Those are txt files, as to what they were I couldn't tell you as they are listed merely as txt files.

Posted 1 year ago
Top
 
Enthusiast
Enthusiast
Posts: 566

I looked at your log, and unless you are prepared to translate it to English, I won't be any help. In order to have someone look at your log who knows how to analyze a ComboFix log, check the reponses to this search "Where can I post ComboFix logs": http://www.bleepingcomputer.co.....39942.html

Posted 1 year ago
Top
 
Xhi
Xhi
Posts: 6298

Did you do your scans in Safe Mode??

Posted 1 year ago
Top
 
Kelen
Kelen
Posts: 283

If your Av scans, and rootkit scans are not showing anything prominent you may want to start doing some basic maintenance tasks. like Deleting temp files, defrag, going through startup items and disabling any that are not needed.
Also keep in mind that even though you may have had a virus and at some point removed, there still may be damage to your OS. Alot of the recent ones have been disabling or delete Windows services. Run System File checker(sfc) and see if anything needs to be repaired/replaced. Go over your internet settings and other settings for your computer to make sure they are where you need them.

Posted 1 year ago
Top
 
maniiacl
Posts: 6

Like Kelen says, If your PC have had a virus is most likely that your OS is not 100% clean and optimized. Also I can imagine your PC already was unoptimized and slow before you got a virus..
The best simple easier and faster way is to reinstall a clean fresh Windows OS!
I reinstall windows every 4-5 months eventhough it has 4gb ram good processor and no viruses!(at least they are not detectable by AV)
So yea! Format! Now lazyboy

Posted 1 year ago
Top
 
Xhi
Xhi
Posts: 6298

While not rereading that long OP, are we even sure OP has an actual virus and not some other malady.

Posted 1 year ago
Top
 
gedstar
gedstar
Posts: 521

Have you tried CCleaner

I would also recommend a Clean Install of Windows and when everything is done, Updates and installing Apps create an image of the drive.
I create a new image of both my Laptop and PC about once a month after updating windows and all apps and running AV + antispyware software.
Why anybody would NOT have a external backup of the files is beyond me. External drive are cheap as chips these days. I personally have 3 external drives and backup regularly to all. I don't store anything on my C drives which are SSD's, that way if I have to re-image either the Laptop or PC it only takes about 5 mins. Job done

Ged

Posted 1 year ago
Top
 



Topic Closed

This topic has been closed to new replies.

Enter Your Email Here to Get Access for Free:

Go check your email!