Note on archived topics.

This topic has been archived. Information and links in this thread may no longer be available or relevant.
If you have a question create a new topic by clicking here and select the appropriate board.
Intern
Intern
43 35 1 7
Message 1 of 7
300
Flag Post
HP Recommended

Restore Points corrupted by virus?

Compaq CQ5123F (circa 2009)
Microsoft Windows 10 (64-bit)

Recently I had a Ransomware Virus. It seems that it had corrupted all Restore Points, as each one said "missing file", and aborted. I then tried to revert to a System Image on my external HD. However the Windows Repair Disc gave no option of accessing a USB port, just the internal HD or DVD drive (asking for last DVD of a backup). DVD backups make no sense as they would consume MANY DVDs ! There isn't much point in using the internal drive, as a virus has access to it and could corrupt the system image as well as the restore points.

 

How to I protect my Restore Points from being corrupted by a virus ?

 

How can I make the Windows 10 Repair Disc find the USB ports ? ( I also tried my old Windows 7 Repair Disc: same thing.)

 

Note: there is no mention of USB ports in the BIOS ( MS-7525 VER1.0_5.31 Rev. A.bin ): this is the latest available from HP.

Compaq CQ5123F:Windows 10 Millenium Edition - Core 2 Duo E8500 3.16GHz - 4GB DDR2 800MHz - Samsung 850 EVO 250GB with RAPID; Radeon HD4350 512MB video; Benq G2220HD 22 inch LCD monitor; HP Deskjet F4480 AIO; Altec-Lansing BXR1121 - 2.1 speakers
0 Kudos
6 REPLIES 6
Dean
Dean
11043 11018 575 1623
Message 2 of 7
272
Flag Post
HP Recommended

Restore Points corrupted by virus?

> However the Windows Repair Disc gave no option of accessing a USB port,

 

Turn the computer off.

Connect the external drive to a USB port -- any computer built in 2009 _must_ have at least one USB port.

Turn the computer on, and launch the Windows Repair Disk.

It should assign a drive-letter to the device, probably 'E:' or 'F:'.

 

> There isn't much point in using the internal drive, as a virus has access to it

 

When you boot from some other device, the virus is not launched.

 

Can you physically remove the disk-drive, and temporarily connect it as a "slave" disk-drive in some other computer,

and use the anti-virus software on that other computer to do a "full" scan of that "slave" drive?

 

> and could corrupt the system image as well as the restore points.

 

It's probably "too late" for the System Restore points -- the virus may have turned-off System Protection,

and may have already deleted those points.

 

> How to I protect my Restore Points from being corrupted by a virus ?

 

Ensure that your anti-virus software is running, and is up-to-date.

Don't open attachments from unknown sources.

If you web-surf to a "bad" page, it may be impossible to close the web-browser.

Instead, hold down the "power" button, until the computer turns itself off. Doing so will *NOT* cause problems.

 

> Note: there is no mention of USB ports in the BIOS

 

Weird.  To repeat, any computer built in 2009 will have USB ports,

and the BIOS should allow you to change the "boot-order" to make a USB device the "first" boot-device.

 

 

 

0 Kudos
Intern
Intern
43 35 1 7
Message 3 of 7
262
Flag Post
HP Recommended

Restore Points corrupted by virus?

Well the latest BIOS that HP provided on their web site is installed, although it is much more limited than the one the BIOS manufacturer has available. HP says I should NOT install any other BIOS update other than what they provide !

The HP BIOS shows no selection for USB although the PC came with 6 of them: 2 in front and 4 in back.

Below is the BIOS page: Both Floppy and NetworkBoot are greyed-out to prevent selection.

The only option I seem to have is to create myriads of DVD-RWs (Repair asks for the last DVD of a set) or put the Images on the old internal HDD (I now have an SSD as the primary). That would mean clearing a lot of stuff off of "I" to make room.

IMG_5062.JPG

Compaq CQ5123F:Windows 10 Millenium Edition - Core 2 Duo E8500 3.16GHz - 4GB DDR2 800MHz - Samsung 850 EVO 250GB with RAPID; Radeon HD4350 512MB video; Benq G2220HD 22 inch LCD monitor; HP Deskjet F4480 AIO; Altec-Lansing BXR1121 - 2.1 speakers
0 Kudos
Dean
Dean
11043 11018 575 1623
Message 4 of 7
257
Flag Post
HP Recommended

Restore Points corrupted by virus?

> HP says I should NOT install any other BIOS update other than what they provide.

 

I agree.  HP may have customized the BIOS, e.g., to identify the BIOS as being used on an HP motherboard.

 

> The HP BIOS shows no selection for USB although the PC came with 6 of them: 2 in front and 4 in back.

 

Only one page of BIOS details?  Usually, there are multiple pages.

 

What did you expect to see?

Things like "enable boot from USB", or "disable USB ports" (often used in a "secure" corporate environment,

to prevent theft of data) ?

 

> Below is the BIOS page,

 

Sigh.  It did not upload/display properly.

 

0 Kudos
Dean Dean
Dean
8514 8370 679 3055
Message 5 of 7
249
Flag Post
HP Recommended

Restore Points corrupted by virus?

Hello @Mentorron,

 

Thank you for posting in the HP Support forum.

 

What you show is not related to the recovery.

 

Windows System Image recovery works via USB - if it detects your USB external HDD via the USB port and if it is inserted before you boot from the Windows Repair CD (DVD), then it should detect it, it will find the recovery image and you will be able to perform the recovery. This is how it works and I have done it literally hundreds of times.

 

Yes, you should not install any BIOS/UEFI update other than those from HP. However, I suggest you do not update your BIOS now as your problem is not related to this.

 

Your PC should be off, plug in the external USB HDD where the images are stored. You need to boot with F9 option from the Windows Repair CD/DVD, follow the on-screen instructions. Here is some example:

>> http://support.hp.com/us-en/document/c03544793

>> http://www.tenforums.com/tutorials/5495-system-image-create-windows-10-a.html

 

 

** Ransomware malware is designed to destroy your System Restore points, so what will save you is regular external back-up:

e.g. perform System Image back-up regularly (e.g. once per week), copy your most important files in external drive or in Cloud storage - store your system images in offline mode - drive disconnected unless you really need it at the particular moment. If you infect or destroy your back-up it is useless.

 

Re. protection - be very careful what you download, what you install, what you run. Ensure your Windows and main programs are updated. Use reputable security product - in my opinion and based on my experience, best are ESET products (www.eset.com) or Kaspersky (www.kaspersky.com).

****  Please, click on the button below to mark this post as an ACCEPTED SOLUTION if it helped you
****  Don't hesitate to hit the THUMB-UP+ button below to say THANKS or give LIKE
I am not employed by HP Inc. **** I express personal opinion only. **** HP Expert **** I work in IT and cyber security

0 Kudos
Intern
Intern
43 35 1 7
Message 6 of 7
211
Flag Post
HP Recommended

Restore Points corrupted by virus?

I think the problem was that the System Image was greated a month or so BEFORE I tried several ways of restoring the PC.

What happened was somehow the computer's "name" got changed during one or more of these attempts, to a generic phrase, not the same one the Image was saved under (the one that the original install of Windows 10 gave it).

So I suppose that Windows looks for an Image with the same name as the PC it is currently trying to restore. So it was probably finding the USB drive, but not seeing any Images there that it rtecognized.

Possibly one can change the name of the file somehow, but you need to know what name the restoral program is looking for.

That might be an extra step, but I sure don't know how to resolve it if I am correct in my assumption. I guess if it's JUST the file name on the folder, I could change it on my laptop first, then plug it into the desktop PC.

Compaq CQ5123F:Windows 10 Millenium Edition - Core 2 Duo E8500 3.16GHz - 4GB DDR2 800MHz - Samsung 850 EVO 250GB with RAPID; Radeon HD4350 512MB video; Benq G2220HD 22 inch LCD monitor; HP Deskjet F4480 AIO; Altec-Lansing BXR1121 - 2.1 speakers
0 Kudos
Dean
Dean
11043 11018 575 1623
Message 7 of 7
205
Flag Post
HP Recommended

Restore Points corrupted by virus?

> Below is the BIOS page: Both Floppy and NetworkBoot are greyed-out to prevent selection.

 

Correct.  Underneath the "top" window, none of the "1st/2nd/3rd/4th" entries allow booting from the "floppy" (or the "network") group.  So, that group is greyed-out.

 

As others have said, with the computer powered-off, connect the external USB device.

Then, as in the image you posted, enable booting from the "disk drive" group in the "1st" entry.

 

Then, in the "disk drive group", see if both the USB device and your disk-drive are members of that group.

If so, "promote" the USB device to be "above" the disk-drive device.

 

Thus, the "boot" process will first access the "1st" group, and will first select the USB device from that group.

 

Got a "spare" USB memory-stick, that is empty?

If so, then make another "recovery disk image", and then peek at the contents of the memory-stick, to determine the "folder-name" and "filename(s)" that were written.  Do they match the names on your "real" recovery image?

 

0 Kudos

Note on archived topics.

This topic has been archived. Information and links in this thread may no longer be available or relevant.
If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation