jimbo45 said: View Post
I always have 100 disconnection from Internet when taking backups and immediately store the backup device offline. My Backups on Windows are run via a read only bootable USB to load the backup / restore program.

I should have mentioned that in the post!!
A good practice that everyone should follow.

jimbo45 said: View Post
I have to disagree though that using a Virus cleanser type program is quicker than re-storing a clean system -- especially when SSD's and USB 3 devices are involved -- on an SSD a typical Windows restore probably won't take more than 15 mins (if that) and you have 100% certainty your system is clean.
Before deciding to clean install or to use an AV to clean one’s system, it must first be ascertained what each procedure entails. In this case, Young Tomlin has said, “The reason I don't reset is because of the applications I have on this pc and I don't have time to reinstall them as I use them for work.

We must understand and consider the individual user’s wants and needs before deciding for him/her that a clean install is more valuable than cleaning the computer. How many apps and programs are on the computer. How long will it take to reinstall them? Once they’re reinstalled, how long will it take to set them up the way we want them? An individual’s files are a major consideration here. Even if we can recover the files from a corrupted system, will they need to be scanned before we can use them? Would it have been easier to clean the computer; thus, saving all our files?

Not every malware/virus is cleanable, but the majority of them are. If they weren't, AV companies would not exist, nor would they be releasing tools to clean specific infections.

I’d hate to be required to clean install the Fall Creators Update on my teaching Lappy. I have a lot of things on there that won’t be easily replaced; not the least of which are deeply discounted (free) apps that cannot be reinstalled.

In my considered opinion, it would be a huge disservice to tell Young Tomlin to do a clean installation at this point. With Simrick’s guidance, it wasn’t necessary; he’s back up and running.

jimbo45 said: View Post
As for DATA backups you need to control that in any way you see fit - there's no "one size fits all" method of data backups.
Most AV programs come with an “individual file scanner” and/or a “multiple file scanner”.

If Young Tomlin’s files reside on his internal drive(s), they will have been successfully scanned due to his prior work to clean his computer. If files were on externals (including flash drives) …

The question must be asked, (1) “Was it attached to the computer at the time of the attack? (2) And if so, was the external still attached during Young Tomlin’s prior cleanup efforts?” These two questions and their answers will serve to guide Young Tomlin in how to proceed.

jimbo45 said: View Post
However the main problem here is how to know whether any DATA files have been corrupted by any attack -- this actually is not a trivial exercise and here I'm interested to know how people check for "Data corruption" -- note I'm on about DATA here (personal files etc) rather than the OS which we've covered.

It's possible for an attack say on your DATA files which you might not know about - that's where a lot of these AV programs fail -- they might be good at protecting the OS but DATA is an increasingly valuable commodity. You can't just compare old and new files - they usually aren't in readable ASCII format.
Any AV worth its salt will certainly yell bloody murder if it perceives an attack, whether it be on the OS or on Data! I believe a combination of all the above will help anyone to decide how to proceed.

jimbo45 said: View Post
I've found the only way that seems "semi-reliable" is any time I've changed a file is to re-open it again with whatever application -- e.g EXCEL or multi-media program for music / video and if it is OK then I send it away to a temporary file on my Linux NAS server for final update at the end of the day. Not perfect but I can't think of anything better here - so I'm open to ideas.
Why not just individually scan the finished file with your AV? If it won’t scan individual files, get one that will.

jimbo45 said: View Post
No(w) we've got people more used to the idea of backing up and protecting the OS - we need now to start sorting out the best way of protecting data before it gets saved to backups / cloud servers / NAS boxes etc.
Young Tomlin has successfully cleaned his computer, run a final check with Eset and has downloaded Macrium Reflect, installed it and backed up his computer. By following Simrick’s advice, he is a little more knowledgeable today than he was yesterday or the day before.

All’s well that ends well …