• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Windows - System Maintenance & Disaster Recovery

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

roYal

Member
Joined
Jun 17, 2002
Location
Chicago, IL
Last Updated: 06/24/2006 @ 10:40PM CST:

Introduction:
Ever wondered why Windows' performance degrades over time? Ever wonder how to get your system bootable after a disaster? If you answered yes to either of the last two questions, then this article is definitely for you. I will explain how to keep your computer in good health and how to prevent disasters for occurring. In the unfortunate case of a disaster, there are several steps you can take to help you get your system back up and running. Please keep in mind, that there are many ways to acheive different tasks. This includes using different programs and such. The programs I have listed are what I have found to work for my needs and I am sharing my experience and knowledge with you to help you better understand the methods that can be taken to achieve having a better and cleaner system over time.

The first section, I talk about system maintenance. This includes things you could do daily or at least weekly to maintain a healthy windows installation; even after months of usage. The second section, I discuss preventative maintenance and what to do in case of system failure. This section discusses things you can do before you install a program or make an important system change. This includes backing up your registry, making a full backup, creating a custom restore point, creating an ASR disk, etc. I also discuss on how you can use these tools in addition to other tools to restore your computer and get it back up and running.

System Maintenance:
Doing maintenance on your computer is critical to achieve and maintain an adequate performance level. Most users stray away from performing these daily tasks; either because of lack of knowledge or because of laziness. I will show you how easy it is to perform these tasks to keep your system running in top-notch performance at all times.

* Disk Cleanup Utility - A Windows integrated utility that makes intelligent decisions as to what files on your hard disk drive are unneeded and categorizes these files to assist you in deleting them.

To launch this utility, go to Start | My Computer | Right-Click your Hard Disk Drive of choice | Properties | Disk Cleanup. Doing maintenance at least once a week on your computer will help alleviate system slowdowns. If this is your first time loading the program and you've been using your current Windows installation for a while, it will take a while for the program to do its work. Rest assured, after you clean up the system, the program will be much faster the next time you use it.

After the scanning is complete, the files are placed into several categorizes. This option is there to assist you in making a choice as to what categories you would like to keep and what files you would like to remove. I advise you to not select compress files. What this does is look at your file system and use its best judgment as to what files it think should be compressed to save space depending on usage. Most drives these days have tons of storage and compressing files only makes Windows use more system resources when you need to open that file. Once you have your options checked, go ahead and click on OK.

* CCleaner - A third party freeware utility that optimizes and removes unused files from your system thus restoring unused disk space. This program also deletes files such as internet history and cookies to help ensure privacy. It is much more comprehensive than the disk cleanup utility but should still be used in conjunction with it.

These unused files are located in many places and Ccleaner does an excellent job in doing a thorough cleaning. It will look in places such as Temporary Internet Files, Cookies, History, Temporary Files, Clipboard, and much more. Ccleaner also has a built in registry cleaner which will allow you to back up your pre-modified registry entries.

Another great thing about this program, is it allows you to uninstall programs from your computer (the windows uninstaller hides many things which ccleaner does not). Ccleaner can also delete RUN entries located in the registry which are run when Windows starts. The longer you use Windows, the more likely it is that you have many unneeded entries added to this registry location. Later in this article, I will explain how to remove these unneeded entries to cut down on Windows boot time which in addition helps free up system resources to help ensure your computer always runs faster.

* Video Resources - Believe it or not, most people do not have such powerful computers as some of the systems you see on these forums. Even if your system is powerful, you may have an older second computer that you wonder how you can tweak to be faster. Freeing up system memory and video memory help making slower systems run faster.

Removing your wallpaper is one way to free up resources. You can do this by going to Start | Control Panel | Display (Shortcut: Right-Click Desktop and Choose Properties) | Desktop Tab | Under the background section, scroll all the way up to none | Choose Apply and then Ok.

Lowering the Color Quality that your video card produces also helps in freeing up addition system resources. To modify this, go to Start | Control Panel | Display (Shortcut: Right-Click Desktop and Choose Properties) | Settings Tab | Under the Color Quality section, click on the drop down list and choose a lower quality setting | Choose Apply and then Ok.

Resolution also plays a key in system resources, although not entirely unless you're into playing games. If you do play games, having a high resolution can be detrimental to system performance. Screen resolution refers to the amount of pixels that your video card produces onto your monitor. The higher the resolution, the more pixels, as well as the more space you have to work with. To free up system resources, go to Start | Control Panel | Display (Shortcut: Right-Click Desktop and Choose Properties) | Settings Tab | Under the Screen Resolution section, move the bar to the left to lower resolution (free up resources) or to the right (use more resources) | Choose Apply and then Ok.

* Spyware/Malware - Spyware/Malware refers to unwanted files on a system that are installed without user consent. These files could be malicious or could provide no harm but use up system resources to provide information to companies such as what websites you like to visit, etc.

There are a few ways spyware can make it into your computer without you, the user, knowing about it. One of the most common ways is by using Internet Explorer which does not take precautionary measures to prevent Spyware installation. This is mainly due to the fact that Internet Explorer came out before Spyware began to heavily infect machines all around the world and has not had an overhaul. Internet Explorer 7 is coming out soon and should take care if this issue, hopefully. Another way spyware can make its way into a system, is by installing third party programs which sneak in spyware/malware. There are several new browsers out there which aid in the process of preventing infection. A couple of the more safer and popular alternatives are known as FireFox (http://www.firefox.com) and Opera (http://www.opera.com), both of which are free.

It is wise to get your system in the habit of scanning your system for these bad pieces of software every once in a while (I do this every week or every other week. Some good pieces of software to use for scanning, are Ad-Aware (http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-1) and SpyBot (http://www.download.com/Spybot-Searc...ml?tag=lst-0-1). Make sure you update your Ad-Aware or Spybot dictionary inside the program before you do a scan. This will help ensure your program knows about the latest spyware/malware applications on the internet. There are some other scanning programs in addition to the ones I listed that are also very good. Mr. Chambers created a thread over in the Internet, Network, & Security section which lists out several different programs which can assist you in acheiving a spyware/malware free computer. This thread is located at http://www.ocforums.com/showthread.php?t=379516.

* Virus/Worms - Most users are oblivious on how to correctly remove a virus or a worm from their system. A virus is an unwanted piece of software which replicates within a system. A worm is the same as a virus, but it attempts to replicate to other machines through the use of networked devices. There are many types of virus' that I will not go into, but you can read about them here (http://www.computerhope.com/vlist.htm).

The best method to get rid of a virus is to do a format and re-install. This will ensure your Windows installation is clean. If formatting is not an option, then these following tips will help guide you to removing an unwanted infestation. Even if you do decide to format, you should still read the rest of the section. The more knowledge, the better off you will be.

You should always have an anti-virus software solution installed on your system. If you have any reason to think that a virus has infiltrated your system, I would start doing some scanning. If no virus is found, great. If a virus has been found, you can either format, or do several other things to remove it. There are many good paid anti-virus scanners as well as many good freeware solutions. Personally, I use AntiVir Guard (AVG) which is free and it has served me well. When I suspect a virus is lurking on my system, I do a full system scan with AntiVir Guard, as well as use Trend Micro's free online virus scan, Housecall, which is an excellent scanner. You can find this free online scanner at the following url, http://housecall.trendmicro.com/.

When a virus has been found on your system, you can do several things other than formatting to attempt to get rid of the infestation. Start by going into your Task Manager by either Right Click Taskbar | Choose Properties or Press Control + Alt + Keys Simultaneously. Once you're in the Task Manager, go to the Processes Tab. In the Processes Section, you can see every process running on your system, especially if you check Show processes from all users. I go through each process and Google ones that I do not know. This research using Google will make you familiar with what processes are legit and which ones are a virus or even spyware/malware.

In addition to researching your processes list, the RUN section in your registry could have been modified so the virus could be set to run every time Windows loads. To open this section of the registry, you could either use the Ccleaner application I spoke of earlier in this article by going to the Tools section and choosing the Startup button. From there, you can navigate the RUN section and Google the file links found in there to see if any are malicious. If they are, you can delete that entry and then do a Windows Search and delete that file. To do a Windows Search, go to Start | Search | All Files and Folders | under All or part of the filename | Type in the filename | Wait for Results | delete the found filename. If you did not install Ccleaner, go to Start | Run | Type regedit and hit OK | and navigate to HKEY_LOCAL_MACHINE > SOFTWARE > MICROSOFT > WINDOWS > CURRENTVERSION > RUN In there, you can see all the entries you would have otherwise seen in Ccleaner. You will also want to navigate to KEY_CURRENT_USER > SOFTWARE > MICROSOFT > WINDOWS > CURRENTVERSION > RUN and make sure no modifcations have been made there either.

* Unneeded Processes - Too many processes can be detrimental to system performance

A lot of unecessary processes could be running on your system due to unnecessary software installation. It would be wise to go to Start | Control Panel | Add or Remove Programs. From here, you can uninstall applications which aren't really necessary to be installed. As a result this will also delete any files that are run as processes whenever your computer is on. You can also use Ccleaner to uninstall applications.

Processes are also set to start on bootup. You can navigate to the two registry entries located in the Virus/Worms section of this thread and delete files you believe to be unneccessary to be running when Windows Starts and throughout your entire session.

* Disk Defragmenter - A utility in all versions of Windows which re-organizes data to make your system more efficient at reading/writing data

When you delete a file, it's not actually deleted. The space on your hard drive is divided into tables. When something is deleted, there's basically a chunk of empty space and files from then on are still written at the end of the drive. This causes the hard drive controller to work more when it needs to start going all over the platter to retrieve data. The defragmenter re-arranges your data so it makes your system more efficient and faster.

There is a built in defragmenter inside Windows. You can run the utility by going to Start | Programs | Accessories | System Tools | Disk Defragmenter. There are several third party utilities that offer many more options including smart placement (organizes files by file usage) and automatic defragmentation. The one I use is PerfectDisk for its smart placement feature (http://www.raxco.com/products/perfectdisk2k). Another popular program is Diskeeper (http://www.diskeeper.com/)

Preventative Maintenance and Disaster Recovery:
Lets take a look at several ways you can prepare yourself in case of a disaster. It is always good to have a contingency plan on case of disaster. This is more so the case if you do important stuff such as online investing, online banking, and/or have business/critical documents stored on your computer.

* Backup Utility - The Backup Utility has not changed over the course of many years. It will be vastly upgraded in Windows XP in which case, I'll update this section when the time comes. The backup utility allows you to do full backups, backup select files, or backup the system state data; all of which I will explain. The utility also allows you to create an Emergency Repair Disk (Win2k) and an Automatic System Recovery Disk (WinXP).

The backup utility starts in Wizard Mode. If you want to get to the normal UI mode, you have to uncheck "Always start in Wizard Mode" then hit cancel, then open it back up. To open the backup utility, go to Start | All Programs | Accessories | System Tools | Backup.

Full Backup: This backup method is fairly straight forward; it backs up all files on your local hard disk drives. This offers the most comprehensive data restoration capabilities in the unfortunate case of system failure. Unfortunately, the backup utility in Windows 2k does not support CD burning. CD Burning support was integrated into Windows XP, fortunately. Even though the backup utility does not have burning support integrated, the full backup is stored into a single file, bkf format. You can then take this file, burn it, store it on another hard disk drive, another partition, or even a network drive.

Select Files (Partial Backup) If you do not wish to do a full backup, or do not wish to be restricted to local drives, you can use the Select Files option. From here, you are given the option to navigate and select a specific drive, a network drive, or specific folders that you wish to be backed up. This will then backup those files into a single bkf file. As with the full backup, you can then take this bkf file, burn it, store it on another hard disk drive, another partition, or even a network drive.

System State This option provides you with a backup of critical windows files. I recommend you do not use this backup option instead of doing a full backup of your system/boot partitions. Your system partition is where your boot files are located; C:\ drive on the majority of systems. I would recommend using the System State backup just to have a local copy of certain configuration files, registry copy, etc. just in case something small stops working and you'd like to restore a copy of the older file.

Emergency Repair Disk (Win2k): This option creates a recovery disk for you that contains information about the partition you are interested in making repairable. This should be used as a last resort. This option will create the disk and you will have the option to update the registry. The registry is located in X:\%systemroot%\System32\Config. X is the drive you are using, and %systemroot% refers to your Windows folder. In Windows 2000, your Windows folder will most likely be Winnt and with Windows XP, it will most likely be WINDOWS. When you choose to backup the registry, a copy of your registry files will be copied over to %systemroot%\system32\repair\regback. You will also notice files in the repair folder as well. This is a copy of registry files from your initial installation. They are used as a last resort if you really need to get back into your system. An example is if your registry gets corrupted.

So you have created the emergency repair disk. Now you use your cd and you are given the option on the screen to hit f2 and go into the emergency repair restoration process. You are given two options; Manual or Fast repair. Fast chooses all the options manual would give you. With manual, you can do the following: 1. Inspect and repair the startup environment, 2. Verify the Windows 2000 system files and replace missing or damaged files, and 3. Inspect and repair the boot sector. If you have the disk, it'll look at your system information using the boot.ini (contains information about your partitions) and refer to the registry files in your %systemroot%\system32\config folder. If the registry files are corrupt or it could not find the boot.ini file, it looks to your repair folder and reverts to an older copy of the registry.

Automated System Recovery (WinXP): This method in Windows XP is much more comprehensive than the Windows 2k predecessor, ERD. Instead of creating only a disk, it does a full backup of "ONLY" your system partition (usually C:\). Windows XP does not give you the ability to span the backup across multiple CDS, so it would be wise to have a 2nd hard drive or a DVD burner to back up the file to (depending on used space of your system partition). After the backup is finished, you will be prompted to insert a floppy disk. This contains information about your installation. Don't forget to make a backup of any other partitions in case of a full disaster.

To restore from an ASR, you need to press f2 when prompted to from your installation CD. Your system drive then begins to format without any user intervention. You will be presented with the Windows Installation screen and after a few minutes, a prompt comes up on the screen asking you to browse to the location of your backup file. After you have chosen the backup file, Windows will begin to restore all your data and the installation/restoration process will complete and you should be presented with a working copy of Windows identical to the time when you did to that specific ASR backup

* System Restore - A utility introduced in Windows Me & XP which allows you to undo changes made to your computer. In essence, it's like the undo command. This application will not make any changes to personal files.

To open System Restore, proceed to Start | All Programs | Accessories | System Tools | System Restore. From here, you are given two options, Restore my Computer to an earlier time and create a restore point. When you make a significant change to your computer, a snapshot will be made of your computer. This snapshot is called a restore point. These restore points are found in the Restore my Computer to an earlier time option. These restore points can be manually added by using the Create a restore point option. It is a good precautionary method to create a custom restore point before making a significant change to your computer.

To restore a restore point, simply open the System Restore utility, and choose the Restore my Computer to an earlier time option. From here, you can specificy what date and select which restore point you'd like to restore. After this is done, your computer will reboot and begin to restore these files. Before your computer reboots, another restore point is made for the present time in case you wanted to undo the restore and go back.

* System File Checker - A utility found in NT based operating systems (NT/2k/XP) which scans your system for malfunctioning/corrupted system files and replaces them as needed

To use this utility, proceed to Start | Run | Type cmd and hit ok | Type sfc /?. This will give you a list of commands associated with the sfc utility. When I believe there is a problem with my system, I load up the command prompt and do a sfc /scannow Keep in mind, you will need your Windows CD for this utility to perform its scanning functionality.

For Windows versions other than NT-based installations, there is a great support article from Microsoft that will assist you in replacing system files. You can find this article here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;129605.

* Event Viewer - A utility which allows you to view errors which occurred on your system.

To open the Event Viewer, proceed to Start | Control Panel | Administrative Tools | Event Viewer. On a client windows installation, you will see three categories. These include Application, System, and Security. It is good to periodically check your Event Viewer to see if anything negative is happening on your system. In an unfortunate case of a comptuer crash or other problems that might occur, it's good to come here to see if Event Viewer has any relevant information as to the cause of what might have occurred.

* Safe Mode - A barebones Windows login mode which only loads the necessary drivers and components to boot up your operating system. This is a great method for troubleshooting computer problems

Lets say you just installed a new driver and it begins to malfunction. As soon as the Windows Logo comes up, your system halts/freezes/crashes. You will most likely be able to get into safe mode since safe mode uses the default 640x480 VGA drivers and wont load the custom drivers. This will allow you to get into your system, and uninstall your old drivers, check event viewer, install new drivers, etc..

To access Safe Mode, press the f8 key on your keyboard during the boot process right before the Windows Logo appears. I usually just keep pressing f8 during the whole boot process to make sure I get in. For Windows NT, you'll need to use the spacebar instead of the f8 key.

* Last Known Good Configuration - A saved configuration file which contains information about hardware and drives. Every time Windows does a successful boot, the Last Known Good Configuration will be replaced with an updated copy.

When you boot up your system, if there are any issues, your Last Known Good Configuration will not be overwritten with an updated copy. If you had made a change previously to your system and now your Windows wont load properly, you can use the Last Known Good Configuration to replace your drivers and registry to the copy that worked on the previous successful boot. This is an added step to help ensure that you can get back into your system.

You get to the Last Known Good configuration just as you would with Safe Mode. Press the f8 key on your keyboard during the boot process right before the Windows Logo appears. I usually just keep pressing f8 during the whole boot process to make sure I get in. For Windows NT, you'll need to use the spacebar instead of the f8 key.

* Recovery Console - A command-line environment found on NT-based Operating Systems outside of the normal Windows GUI. This is used to troubleshoot installations by doing stuff such as fixing the boot sector, fixing the Master Boot Record, deleting files, etc.

There are two ways to access the Recovery Console. The first is by inserting your Windows CD and installing the Recovery Console. Once the CD is inserted, go to Start | Run | Type cmd and hit ok. Put in the following path (X:\ is the path to your CD-Rom): X:\i386\winnt32.exe /cmdcons. This will install the Recovery Console in addition to modifying the boot.ini (dual boot file) file so you will be given the option to load your Windows Operating System or the Recovery Console when you boot up. The second way is to boot off the CD, then follow the text-prompts by choosing R to do a repair using the Recovery Console.

Once you are in the Recovery Console, you have many different commands to choose from to do what you need to do. These commands vary depending on what operating system you are using. For a list of these commands, proceed to the appropriate link below:

* ScanDisk - A utility in Windows 9x versions which scans your computer for hard disk drive errors

To run this utility, proceed to Start | Rune | Type Scandisk and hit ok. You have the option doing a regular scan and a thorough scan. The thorough scans obviously takes a longer time but is more comprehensive and does a better job.

* Chkdsk - A utility much like scandisk but for NT-based operating systems such as NT/2k/XP.

To run this utility, proceed to Start | Run | Type cmd and hit ok | Type chkdsk /? to get a list of associated commands. The most common used commands are chkdsk /f and chkdsk /r. To run chkdsk on a certain drive, such as C:\, use the following command: Chkdsk C:\ /f. The /f is a faster scan which fixes errors and is a 3 step process. The /r switch invokes a much more thorough scan which is a long 5 step process.

* Repair Installation - Re-installing Windows on top of itself so the installation in hopes of Windows fixing itself

The Repair installation does a fairly good job. It should be used a last resort type of thing as most problems can be fixed without having to go through the installation process again. This is not to mention that after doing a repair install, you will have to activate your Windows again as well as install several patches again including the Service Packs.

To do a repair install, set your bios to boot off of the CD-Rom before your hard drive, and then boot off your Windows CD. Follow the text-mod prompts to do a repair installation. Windows will go through the process of installing just as you would have normally done. The only real difference is you didn't format and it's re-installing on top of itself. Your personal data will not be overwritten or changed and will still be intact after the installation is complete. As a precautionary method, I would still back up your personal files before doing a repair installation.
 
Last edited:

redduc900

Inactive Moderator
Joined
Dec 17, 2000
Location
Portland, OR
I can't believe that no one else besides El<(')>Maxi even acknowledged this thread. I think roYal did a fantastic job writing and researching this, and as such think it would provide an excellent resource to all Windows users. He definitely provides a lot of very useful information, much of which many Windows users aren't aware of (or know very little about)... definitely sticky material IMO.
 

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
This is the first I've seen of it - must've slipped to the second page fairly quickly :eek:

I agree, very well done Royal! You even linked to mine and IMOG's thread, even though I need to stop being lazy and update it.
 

Recursion

Member
Joined
Jul 28, 2004
Location
Bronx, NY
with the Viruses, if ya get one dont trust a Anti Virus because well its going to cikme back. if you think these things work then your crazy, because well if they worked componies like symantec wouldent be making the $$$$ like they do.

Get a Virus, Reformat or Wipe the drive fully and reinstall windows with a Full !quick NTFS format.
 
OP
roYal

roYal

Member
Joined
Jun 17, 2002
Location
Chicago, IL
VincentP said:
with the Viruses, if ya get one dont trust a Anti Virus because well its going to cikme back. if you think these things work then your crazy, because well if they worked componies like symantec wouldent be making the $$$$ like they do.

Get a Virus, Reformat or Wipe the drive fully and reinstall windows with a Full !quick NTFS format.

I agree that if a format is a possible option, then I would definitely format. Some users absolutely do not want to format and the Virus section includes several ways to assist a user in the removal of an infestation.
 

Captain Newbie

Senior Django-loving Member
roYal said:
I agree that if a format is a possible option, then I would definitely format. Some users absolutely do not want to format and the Virus section includes several ways to assist a user in the removal of an infestation.
If your box has been whacked, you can't trust what the OS is telling you; same for anti-anything-ware. That's why, at $WORK, when we discover an outbreak, the machines in question get wiped. You don't want to run the risk these days, with how dependent we are on our computers.
 
OP
roYal

roYal

Member
Joined
Jun 17, 2002
Location
Chicago, IL
Captain Newbie said:
If your box has been whacked, you can't trust what the OS is telling you; same for anti-anything-ware. That's why, at $WORK, when we discover an outbreak, the machines in question get wiped. You don't want to run the risk these days, with how dependent we are on our computers.

Of course. Like I said, if format is a possible option, then the machine should definitely be wiped. Businesses have images, SMS, RIS, etc. It's very easy to wipe a machine and get it back up and running virus free then leaving the virus on the system and trying to spend hours fixing it when it might still be infested in the long run and still leaving the possibility of the infected machine spreading to other machines. Re-imaging a machine is less downtime and less risk than trying to manually fix the problem with a risk of still leaving something on the system.
 

Recursion

Member
Joined
Jul 28, 2004
Location
Bronx, NY
I work at Circuit city and well if you got a Virus I dont care if you need some data, you will have to pay for data recovery. if you got a Virus or Malware, Reformat.|done
 

Captain Newbie

Senior Django-loving Member
roYal said:
Of course. Like I said, if format is a possible option, then the machine should definitely be wiped. Businesses have images, SMS, RIS, etc. It's very easy to wipe a machine and get it back up and running virus free then leaving the virus on the system and trying to spend hours fixing it when it might still be infested in the long run and still leaving the possibility of the infected machine spreading to other machines. Re-imaging a machine is less downtime and less risk than trying to manually fix the problem with a risk of still leaving something on the system.
I'm not going to advocate stickying this until it says "If it's been whacked you must reformat it in order to guarantee that you're not still whacked", or something to that affect. To recommend otherwise is simply reckless.
 
OP
roYal

roYal

Member
Joined
Jun 17, 2002
Location
Chicago, IL
Captain Newbie said:
I'm not going to advocate stickying this until it says "If it's been whacked you must reformat it in order to guarantee that you're not still whacked", or something to that affect. To recommend otherwise is simply reckless.

My post already says that and the statement has been there. "The best method to get rid of a virus is to do a format and re-install. This will ensure your Windows installation is clean. " *shrugs*
 

Recursion

Member
Joined
Jul 28, 2004
Location
Bronx, NY
Id like to see webroot spysweeper added, and ad-aware taken off.

There have been stories of major advertisers paying large sums of money to adaware and in return the software just doesnt find there spyware.
 

Captain Newbie

Senior Django-loving Member
roYal said:
My post already says that and the statement has been there. "The best method to get rid of a virus is to do a format and re-install. This will ensure your Windows installation is clean. " *shrugs*
Replace to read:

The best only way that absolutely guarantees the integrity of your system ... and you'll be set. Especially these days with the malware and such that's flying around, even if you use a removal tool, you can't be sure that nothing was left on your box.
 

nikhsub1

Unoriginal Macho Moderator
Joined
Oct 12, 2001
Location
Los Angeles
Nice write up there roYal! You may want to include DriveImage XML which I found thanks to redduc900: http://runtime.org/dixml.htm IMO this is the best imaging software around (only works on XP and W2K3) and is free. There is also a great boot CD you can make with Bart's PE builder from the same site, http://runtime.org/peb.htm DriveImage will image your C drive while running windows, no dos needed. Once an image is made you can explore it and extract files etc.

I ALWAYS make an image of my machines after everything is installed, updated etc etc. Then if you run the windows backup on a regular basis you can be back up and running from disaster in minutes.

1. Reimage your drive
2. Restore from backup.
3. Done :D
 

SuperFarStucker

Member
Joined
May 2, 2005
Location
Seattle, WA
a glaring omission

Nice thread, although I think a few things are worth mention.

#1. BartPE
#2. BartPE

You shouldn't boot into an environment that is known or suspected to be compromised by malware or a virus/worm. For starters, rootkits can hide their presence very well (lest we forget the XCP2/sony rootkit fiasco). Also, it is still exceedingly difficult to shore up a machine which has been massacred by internet e******r. BartPE makes it easy and it also makes it fast. The website is a great resource on what you need to make a recovery environment disk. The best course of action is to move the data off the drive and rebuild the installation of course, but even this is greatly facilitated by bartpe.

Also, a good precautionary measure is to install SpywareBlaster which maintains a list of known bad activeX controls which subsequently makes it much more difficult for users to unwittingly blow their leg off browsing the web. In my experience prevention is much more effective than running a barrage of scans weekly, as malware is quite crafty and some of it will always slip through the adware/spybot s&d/hijackthis trifecta or be otherwise unrepairable.