WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93115 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
member
Posted 23 September 2021 - 06:57 AM
If ransomware hit and you had a disconnected hard drive with an image of windows, could you use macrium to boot into a clean image of windows and remove the intrusion?
With the pc off >insert the macrium boot media>boot up and select windows. Would this delete the intrusion on the hard drive and install windows?
Register to Remove
WTT Technical Elder
Posted 23 September 2021 - 12:50 PM
????? Don't understand you're question.
Seems like you would boot the Macrium Rescue flash drive you've created then restore your latest backup.
Rich
Die with memories, not dreams. – Unknown
member
Posted 23 September 2021 - 06:51 PM
Edited by Peter1, 23 September 2021 - 06:56 PM.
MRU Administrator
Posted 24 September 2021 - 10:41 AM
If your machine gets infected with ransomware, and you have a disk image, or clone, that has not been connected to your machine whilst you have been infected, then you can recover your machine by doing the following .....
Do not under any circumstances attach your backup to the infected machine before you have reset it and removed the infection, or the infection may well spread to your backup.
Edited by Gary R, 24 September 2021 - 10:42 AM.
member
Posted 24 September 2021 - 10:47 AM
Are you able to use your pc to reset while captured by ransomware. I had not thought of that; it is a real good suggestion if it will work.
I thought a boot from Macrium media would take over and wipe the disc.
Edited by Peter1, 25 September 2021 - 07:00 AM.
member
Posted 24 September 2021 - 10:59 AM
If your machine gets infected with ransomware, and you have a disk image, or clone, that has not been connected to your machine whilst you have been infected, then you can recover your machine by doing the following .....
- Reset Windows to factory condition to remove infection.
- Restore from your backup disk image / clone to restore your machine to its pre-infection condition.
Do not under any circumstances attach your backup to the infected machine before you have reset it and removed the infection, or the infection may well spread to your backup.
I Googled several sources and one should not reset the pc before using a back up rescue media or catastrophic results will occur.
Just boot from an off pc with the rescue media
MRU Administrator
Posted 24 September 2021 - 03:08 PM
Can you link me to some of those sources, because I can see no reason why you should not reset your machine, nor what catastrophic occurrences could occur if you do.
Only circumstance I could think of, is if you have upgraded your machine since you purchased it, in which case your backup media may be to an OS that was not originally present on your machine.
But really a backup should be "self-contained" because it is only going to be any good to you, if it's not dependant on your machine, since that may be corrupted, so should be able to function a restore, no matter what.
Edited by Gary R, 24 September 2021 - 03:12 PM.
member
Posted 25 September 2021 - 07:10 AM
In post #5 the word PC was phone and was an error.
I actually tried to recover the sources which said not to reset, both on the web and within some forums I visit but it is like the needle and thread.
It seems as though you don't have to but is a good preauction.
MRU Administrator
Posted 25 September 2021 - 09:31 AM
With anything else but ransomware, I would say resetting was optional, and I'm probably just being overcautious by advising one, but ransomware is insidious and capable of spreading to anything that's plugged into a machine that's infected with it, and since most people only have one backup, then I tend to err on the side of caution, and like to see it fully removed before attempting a restore from backup.
Theoretically, if you're booting from a recovery media that is not your OS, then you should be OK, however it would be a shame if that were not to prove true, and new ransomware variants seem to have ever expanding capabilities.
member
Posted 25 September 2021 - 09:36 AM
Oddly enough I have images on a portable SSD and also an HDD I put on a kit. Both have images but I tend to agree with you after all that is why I come to forums to learn not teach. Reset first it is.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: What the Tech
