Saturday, February 23, 2008

Reformat bot discovered within ACER notebook

I am currently working on a client computer that had a very interesting, yet disconcerting bug found. Part of the cleaning/updating process that I will typically do to any computer is create a backup pretty much right away and in this case that was exactly what I had done when I first cleaned it up. That is, create a backup partition and then create a "clean image" of the system to this backup drive partition. In the case of most notebooks however, this backup partition is not the second partition on the drive as the manufacturers create a 'hidden partition' with the necessary materials to re-install the system to the factory standard (just as it was the moment you turned it on the first time you bought it).

The software (I used to use) for this backup procedure was Norton's Ghost (.pqi) and as it would be in the case of this ACER notebook, they too use this similar technology and within the hidden (first partition) is the necessary information to completely reinstall the o/s. The software I now use is Acronis True Image Home as this not only creates the backup partition but hides it within it's own software program, making it very easy to schedule regular backups and/or restoring files as necessary. Essentially the same idea as what Ghost does but without leaving the partition not 'hidden' as the Acronis Secure Zone does. This one thing, as I am learning with this computer, would have been the saving feature (of the data that was now lost), which became a problem as I activated a script while performing a deep virus scan (including archive files). From what I have discovered so far, this script made this first boot partition active, which started the built in autorun sequence which then presents the user with the ability to reinstall the factory settings. Now in my case I had started the virus scan and went about my business, working on other computers. Because it is a laptop, and I had the settings set to continue with power even with the lid closed. It wasn't until I hear the system restart and the windows boot music come on (which is very identifiable windows xp initial setup screen).

At this point I started investigating why I was being prompted to enter my information as this was not a clean install, nor was it supposed to be any install whatsoever, only to discover that the "c partition' had been wiped clean (formatted) and the data virtually lost! Fortunately for me, I had created the backup "clean install' but unfortunately for my client, this was about 15 months ago and this means one more case where Carbonite 24/7 backup system installed would have saved the day. Ironically the very next computer I started to work on--a desktop system from another client, ended up requiring a new hard drive due to physical hardware 'knocking sounds' which quickly rendered the drive unreadable. In this case a simple install of a new hard drive, windows reinstalled, I was able to install Carbonite and choose 'restore' and about 12 hours later, the system was completely restored (of all client data). In this case I was still required to reinstall all other software, but only because the acronis secure zone was not installed--it is now!

If only this computer had seen some technical help sooner then later, I would have quite easily been able to recover any lost data, just as have done with the desktop client with the dead hard drive!

What I found: a simple file that was labelled 'install' and reading the script to it, unhides the first partition and runs the built in batch files for placing the system back to factory standards.

From what I can gather, this install was triggered by the virus scan which was initiated (but only after the antivirus had been reinstalled due to no antivirus running at the time the system was first turned on to be examined and cleaned up).


Why am I going through so much detail technically? Because I feel it is finally time for the average, every day user of the computer to understand some basic 'backup' issues and that is to first think about what you currently have on your computer and then ask yourself if you were to have that stolen from you (whether through natural hazards or theft, for example), what would you miss? If your system had any pictures that you had taken and had transferred to your hard drive for example, would be gone unless you have posted them to a photo sharing site such as flickr or webshots. Knowing that we used to think "viruses" are such a problem and wouldn't think twice in spending $50-$75 for antivirus software which required a yearly subscription to stay active in the scanning to the ability of having all of your data safe all the time for less then $50 per year, which would you say is most important?

That being said, I don't know how many times I hear people asking me "how much is it going to cost?" to get their computer fixed... since that will depend highly on just what the problems are, in this one clients case with the ACER notebook, a computer that had absolutely no tech support for over a year, since it was first set up, out of the box. You must figure in to any 'repair', the cost of essential software that is required for your computer and in my opinion, that would be both, the Carbonite 24/7 off-site backup system as well as the Acronis true image software. Then, if you have a technically apt friend, (like me), to help you on a much more regular basis (other then waiting until you find your computer is running incredibly slow or you have already had a friend that 'knew more then you' work on it--only to find it is either worse or still has problems), I am realizing that with each and every client computer I have ever worked on requires one main component and that is the logmein service which is also completely free to install and use. The ideal features of this logmein (online service) allow for any individual to decide/determine what level you want to be able to communicate with the remote computer, and offer additional 'pay services' which can keep your entire computer infrastructure safe and secure.

With more and more great online services showing up (the age of Web 2.0?), I believe it is this sort of blog post that I can use to help educate and inform any and all of my "existing clients" .. The purpose of this blog post is so that I can get the information out there to anyone interested in knowing more about how to prevent and maintain your computer from serious issues causing grief. I do try to keep my site up to date with TIPS and SOFTWARE/SUPPORT but most of all, it is the Blog where the communication to not only my existing clients but anyone that wants to stay informed on these and many technical issues. If you have come across this site for the first time, welcome, if you have subscribed to the RSS feed or have the site bookmarked as one of your favorites so that you can also stay up to date, wonderful. It is truly the best method in which I can get my comments out to ALL of my clients WITHOUT forcing them to read an email message that they may or may not find useful! THAT afterall, is what RSS is all about!