I'm sure this is a dumb question, but I'll ask it anyway... At 3:32, you say: "Restore your machine to a backup image taken immediately before the infection. That way, the malware isn't there yet." But the malware is already on the computer's hard drive. Does restoring the image backup fully *delete* all the data (including the malware) that was previously on the hard drive? Or does it merely replace missing files, without deleting the ones that are already there? If it's the latter, then the malware will not be deleted. (I.e., say you have files A, B, C, and D on your hard drive. You permanently delete file B. (Accidentally or otherwise.) If you do a full restore from an image backup, does that delete all of the remaining files [A, C, and D] and then replace everything, or does it merely notice that file B is missing and replace only that?) And a quick follow-up question.... If it's the former (image restore deletes and then replaces everything), how does this differ from the "nuclear option" of wiping the hard drive and replacing everything from scratch?
@@Milesco Restoring an image erases everything currently on the hard drive and replaces it all with the contents of the image. An image backup includes all of your data and programs as installed and configured. Quite literally when you restore it, it's as if nothing happened at all. The nuclear option requires reinstalling Windows, reinstalling your applications, reconfiguring what you want, restoring your data from somewhere, and probably other things.
Leo, please create a video on installing and running virtual machines. For anyone that is not careful, or is careful and just screws up, a virtual machine can make recovery simple, and near-instant. If the person who wrote in was checking his e-mail on a virtual machine, then he could have restored his virtual machine to the last time he took a snapshot (snapshots are quick and simple to take). You tell your virtual machine app to restore to your last snapshot (remember to periodically take snapshots), and 1 second later, you are done. VMs are not 100% safe -- but they are darn close. It is highly unlikely that any malware could escape a VM and infect your host machine. And you can have one VM for checking e-mail, and a different VM for web browsing, etc. As long as you have taken a snapshot when your VM was clean, you can return to that snapshot almost instantly. If you have enough RAM, you can run multiple VMs simultaneously. Another benefit is if you want to tinker around with Linux, or Win95, etc. Just install them as a VM, and have fun. Oracle's VirtualBox is free and simple (at least compared to other offerings). I installed Box World on my Win98 VM, because it will not run elsewhere, and I love that game. VMs are amazing!
Another issue has to be considered. An infection can occur without being noticed right away. So it's important to keep multiple system image generations in case the last image contains already the malware problem. And yes, disconnect the image and data backup so it's not impacted by the issue.
I don't miss these days -- been on Ubuntu and Debian since January 2009. Intrusions can happen, but they practically have to be forced. I only run something as root when I know it's legitimate.
This is exactly the issue I am facing now. I completely re installed windows, because the malware has embedded itself deep within the system, that I have no choice but to reinstall. I have a backup of the infected machine, but how do I restore an app and all of its data? For example; Google Chrome and the bookmarks and history inside it.
I see the user's concern. Connecting an external drive to the compromised system can destroy all data on the drive. There exists ransomware that encrypts both internal and external drives. Ways to mitigate the risk: 1. Do not connect an external drive that contains the only copy of latest backups to the infected computer. Rather connect a new drive, a drive with data to be discarded (eg very old backups you would overwrite anyway), or one of several copies of the data ("Have three copies of your backup"). 2. Start "boot" your computer from a malware-free portable system drive - eg from the Windows Recovery Environment on Windows Installation media.
You install Windows, updates, and drivers...Do full backup...Next install your programs, sync your Edge or other browser to your favorites-passwords-accounts, and sync your Thunderbird accounts, emails, and other folders...Do an incremental backup... Also, you can install a registry backup like Erunt that backs up your registry every day...On top of that, export your browser data and email data to a USB drive for backup, and sync your pictures, documents, and music folders to the cloud... The downloads folder...You could save all your downloads to a USB drive because if one of your downloads is infected, Windows Defender, which actively scans every device will alert you and you can easily reformat your USB drive in case of infection... I also copy all my downloads of programs to a separate USB drive so I can easily install my favorite programs if I install Windows on a different pc... Of course, this is just me...
Hi Leo, I have a question. I have 3 the same laptops (5502 Dell) and I want to use 1 at my girlfriend (always at her place), 1 allways at home and the other for on the road. Is there a way to backup the entire SSD and put that on both of the other computers. I was thinking of a HDD and make an image (like I did with Ghost ages ago) but which software do I need in 2025. And maybe you know a better way to keep all laptops always up to date and the latest Logseq, Libreoffice and movie files on all machines. I rather not do this online because of the price of the cloud space and I don't trust anybody with my files. What do you think is a good solution. Kind regards
I'm thinking about a version control software that stores the data on an external drive. Check out your work at the beginning, and commit changes at the end of your session. If you crash the external drive, you will lose the history, but you will still have three or two recent copies of your work on three computers.
First disinfect the machine using 3rd party tools if your antivirus can't do it. Use Malwarebytes & Kaspersky. You could try creating a new user to fix the problem if your system is crippled. Then recover the data from that first account. Always try to fix rather then starting from scratch. If the system is deeply broken then yes you might have to do a fresh install. Also Microsoft provides lots of tools inside Windows to try & fix the broken files after you have disinfected your system. You could also try Windows recovery to a date earlier. So I can't imagine a tech guy coming to help someone & reinstalling/backing someone's data it's a whole day process especially if you have terabytes of data. I like to do fresh install of Windows after 1 year or a new build release of Windows but I've been doing this since Windows 98 I also keep my data mostly on other drives. So my disk C is just Windows & applications mostly. Desktop & My Documents I might have some minor stuff there like local games saves. Before starting from scratch prepare all your driver's besides your files.
I'm concerned about the completeness of your advice here Leo... In the event that your main PC has become infected by ransomware that encrypts your files - as soon as you connect your backup drive and turn it on, or connect your infected PC to your network drive to perform that backup you mentioned - the ransomware most likely will immediately infect/encrypt everything on your backup drive or network drive - including encrypting all your previously saved clean and safe backups. Other than risking paying a ransom - as far as I know the only way to survive that kind of malware attack is to completely wipe your system, reinstall your OS - and only then connect your backup drive to restore from your backups. If you don't have any backups - well most of us have been there at least once - and it should only ever happen once... 🤷🏻
@@reginwill but linux doesnt have the backup software i use plus what if the virus use a exploit can infect other device just by file witthout executing it ?...
@@askleonotenboom Do you have a separate video or article about quarantining in general? I.e., what it means to quarantine something, why it's done, etc.?
i get daily a dozen new and free softwares for my recording music studio, and on average 3 has viruses. in case microsoft defender alerts i erase the file in seconds from the torrrent, and do a restoration, then erase the restoration points, hoping it hasn't spread. it is a risky procedure, but i saved 4 figures in 25 teras of a couple thousand free programs for my piano. also i am in a hurry when i check out my email or buy online. i erase all traces soon. very fast.
✅ Watch next ▶ How to Back Up Windows ▶ th-cam.com/video/L7XUaS909eQ/w-d-xo.html
I'm sure this is a dumb question, but I'll ask it anyway...
At 3:32, you say:
"Restore your machine to a backup image taken immediately before the infection. That way, the malware isn't there yet."
But the malware is already on the computer's hard drive. Does restoring the image backup fully *delete* all the data (including the malware) that was previously on the hard drive? Or does it merely replace missing files, without deleting the ones that are already there? If it's the latter, then the malware will not be deleted.
(I.e., say you have files A, B, C, and D on your hard drive. You permanently delete file B. (Accidentally or otherwise.) If you do a full restore from an image backup, does that delete all of the remaining files [A, C, and D] and then replace everything, or does it merely notice that file B is missing and replace only that?)
And a quick follow-up question....
If it's the former (image restore deletes and then replaces everything), how does this differ from the "nuclear option" of wiping the hard drive and replacing everything from scratch?
@@Milesco Restoring an image erases everything currently on the hard drive and replaces it all with the contents of the image. An image backup includes all of your data and programs as installed and configured. Quite literally when you restore it, it's as if nothing happened at all. The nuclear option requires reinstalling Windows, reinstalling your applications, reconfiguring what you want, restoring your data from somewhere, and probably other things.
Leo, please create a video on installing and running virtual machines.
For anyone that is not careful, or is careful and just screws up, a virtual machine can make recovery simple, and near-instant.
If the person who wrote in was checking his e-mail on a virtual machine, then he could have restored his virtual machine to the last time he took a snapshot (snapshots are quick and simple to take). You tell your virtual machine app to restore to your last snapshot (remember to periodically take snapshots), and 1 second later, you are done. VMs are not 100% safe -- but they are darn close. It is highly unlikely that any malware could escape a VM and infect your host machine.
And you can have one VM for checking e-mail, and a different VM for web browsing, etc. As long as you have taken a snapshot when your VM was clean, you can return to that snapshot almost instantly.
If you have enough RAM, you can run multiple VMs simultaneously. Another benefit is if you want to tinker around with Linux, or Win95, etc. Just install them as a VM, and have fun.
Oracle's VirtualBox is free and simple (at least compared to other offerings). I installed Box World on my Win98 VM, because it will not run elsewhere, and I love that game. VMs are amazing!
Thanks for the clarification Leo. JimE
Another issue has to be considered. An infection can occur without being noticed right away. So it's important to keep multiple system image generations in case the last image contains already the malware problem. And yes, disconnect the image and data backup so it's not impacted by the issue.
I don't miss these days -- been on Ubuntu and Debian since January 2009. Intrusions can happen, but they practically have to be forced. I only run something as root when I know it's legitimate.
This is exactly the issue I am facing now. I completely re installed windows, because the malware has embedded itself deep within the system, that I have no choice but to reinstall. I have a backup of the infected machine, but how do I restore an app and all of its data? For example; Google Chrome and the bookmarks and history inside it.
I see the user's concern. Connecting an external drive to the compromised system can destroy all data on the drive. There exists ransomware that encrypts both internal and external drives.
Ways to mitigate the risk:
1. Do not connect an external drive that contains the only copy of latest backups to the infected computer.
Rather connect a new drive, a drive with data to be discarded (eg very old backups you would overwrite anyway), or one of several copies of the data ("Have three copies of your backup").
2. Start "boot" your computer from a malware-free portable system drive - eg from the Windows Recovery Environment on Windows Installation media.
You install Windows, updates, and drivers...Do full backup...Next install your programs, sync your Edge or other browser to your favorites-passwords-accounts, and sync your Thunderbird accounts, emails, and other folders...Do an incremental backup...
Also, you can install a registry backup like Erunt that backs up your registry every day...On top of that, export your browser data and email data to a USB drive for backup, and sync your pictures, documents, and music folders to the cloud...
The downloads folder...You could save all your downloads to a USB drive because if one of your downloads is infected, Windows Defender, which actively scans every device will alert you and you can easily reformat your USB drive in case of infection...
I also copy all my downloads of programs to a separate USB drive so I can easily install my favorite programs if I install Windows on a different pc...
Of course, this is just me...
My first thought is this scenario may not even be an infection of your PC as someone could have obtained you address book in a different manner.
Or those people got hacked and this guy is in their contact list and the spoofing doesn't do a good job.
Hi Leo, I have a question. I have 3 the same laptops (5502 Dell) and I want to use 1 at my girlfriend (always at her place), 1 allways at home and the other for on the road. Is there a way to backup the entire SSD and put that on both of the other computers. I was thinking of a HDD and make an image (like I did with Ghost ages ago) but which software do I need in 2025. And maybe you know a better way to keep all laptops always up to date and the latest Logseq, Libreoffice and movie files on all machines.
I rather not do this online because of the price of the cloud space and I don't trust anybody with my files. What do you think is a good solution.
Kind regards
I'm thinking about a version control software that stores the data on an external drive. Check out your work at the beginning, and commit changes at the end of your session. If you crash the external drive, you will lose the history, but you will still have three or two recent copies of your work on three computers.
but can virus infect the file system or the auto run folder of the external drive or if it is a ransomeware can it put thre backup as ransom ????????
Malware can do anything. I'm not sure your point?
First disinfect the machine using 3rd party tools if your antivirus can't do it. Use Malwarebytes & Kaspersky.
You could try creating a new user to fix the problem if your system is crippled. Then recover the data from that first account.
Always try to fix rather then starting from scratch. If the system is deeply broken then yes you might have to do a fresh install.
Also Microsoft provides lots of tools inside Windows to try & fix the broken files after you have disinfected your system. You could also try Windows recovery to a date earlier.
So I can't imagine a tech guy coming to help someone & reinstalling/backing someone's data it's a whole day process especially if you have terabytes of data.
I like to do fresh install of Windows after 1 year or a new build release of Windows but I've been doing this since Windows 98 I also keep my data mostly on other drives. So my disk C is just Windows & applications mostly. Desktop & My Documents I might have some minor stuff there like local games saves.
Before starting from scratch prepare all your driver's besides your files.
unfortunatly not everyone will do the nuke and pave option they dont like doing that
I'm concerned about the completeness of your advice here Leo...
In the event that your main PC has become infected by ransomware that encrypts your files - as soon as you connect your backup drive and turn it on, or connect your infected PC to your network drive to perform that backup you mentioned - the ransomware most likely will immediately infect/encrypt everything on your backup drive or network drive - including encrypting all your previously saved clean and safe backups.
Other than risking paying a ransom - as far as I know the only way to survive that kind of malware attack is to completely wipe your system, reinstall your OS - and only then connect your backup drive to restore from your backups.
If you don't have any backups - well most of us have been there at least once - and it should only ever happen once... 🤷🏻
1: Turn off the device
2: use a bootable USB to backup files stored on main PC
3. Reimage main PC
4. Transfer individual files on an as-needed basis
@@reginwill but linux doesnt have the backup software i use plus what if the virus use a exploit can infect other device just by file witthout executing it ?...
When Malwarebytes and Microsoft defender quarantine Trojans on your computer, should you delete them?
I have mixed feelings. In theory you shouldn't need to (quarantining should be enough), but I also feel better if I do delete the quarantined items.
@ thank you
@@askleonotenboom Do you have a separate video or article about quarantining in general? I.e., what it means to quarantine something, why it's done, etc.?
@@Milesco I do not, but I'll definitely consider it. Thanks!
I would recover the file and run it on linux machine instead of windows. Linux has malware but most windows malware won't work on linux.
he was hacked/
I uninstalled my Microsoft authenticator app .what I do to backup
i get daily a dozen new and free softwares for my recording music studio, and on average 3 has viruses. in case microsoft defender alerts i erase the file in seconds from the torrrent, and do a restoration, then erase the restoration points, hoping it hasn't spread. it is a risky procedure, but i saved 4 figures in 25 teras of a couple thousand free programs for my piano.
also i am in a hurry when i check out my email or buy online. i erase all traces soon. very fast.