Re: [MBZ] Korean malware FIXED
Stuff like this is a moving target that takes three people and tens of thousands of dollars of very sophisticated equipment to protect our organization from such incursions. The worst part of it is that the authors will take one piece of malware or a virus/trojan, whatever, and make a minor tweak to the code that can prevent it from being seen or detected by even the best antivirus software. We are a "gold" Symantec customer due to the number of files we submit to them for further inspection EVERY DAY. I would add that we use geoblocking as well - that is, blocking IPs and domains that are in parts of the world that are known to be vectors for this stuff. No reason why we should be getting any traffic from those parts of the world, anyway. It's job security, man. Dan > On Feb 4, 2015, at 5:10 PM, archer75--- via Mercedes > wrote: > > The Korean malware, which had overloaded memory, blocked malwarebytes, and > slowed Win7 to a crawl, but still allowed the email and search engines to > function, has been removed; hopefully for good. > Esets scanner found its location but would only remove it if one subscribed > to Eset for $70. > > It was invisible to Avg, MS Security programs, and the usual "fixits" on Win7 > and other programs from the 'net. > Although it was visibly present on the MSconfig startup list, I hesitated to > try and remove it myself since that can often make removal more difficult or > impossible without wiping the HD. None of the antivirus websites on the 'net > seemed to know anything about it. > > I finally decided to "bite the bullet" and try removing it myself. > After spending probably an hour on every removal workaround I could think of, > and jeopardizing my chances of going to that great workshop in the sky some > day due to the foulest profanity, SUCCESS! North (or South) Koreas evil > geniuses have been defeated; no thanks to Malwarebytes $40 program. > > I'm thinking of investing $70 in Eset, an antivirus program that was top > rated in Consumers Reports in 2010. Either that or "really" biting the bullet > and switching to a Linux program or Apple. > Gerry > > > Just now got a pop up that one or more aspects of Malewarebytes have been > disabled with a button to push for enable. I pushed the button. > Gerry > > Been getting message from MS program that I'm low on memory. > Accessed msconfig, and at the top of the page appeared the word "Korean". The > next line had the symbol for "type configuration setting" with the address: > C:\users\archer\mydocuments\. > > Right clicking the symbol brought up 29 pages of Korean characters. > > I'm running Malwarebytes (paid for professional program), AVG antivirus, and > MS firewall. > > A quick search of Google had nothing specific about this being known malware, > and this blog was the only reference I found that might apply: > > http://blogs.microsoft.com/cybertrust/2013/01/16/koreas-malware-infection-rate-increases-six-fold-in-six-months/ > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > All posts are the result of individual contributors and as such, those > individuals are responsible for the content of the post. The list owner has > no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
You must be in the conspiracy with Brirriant Reader Kim Jong Numba Un! --R On 2/4/15 5:17 PM, Dan Penoff via Mercedes wrote: Stuff like this is a moving target that takes three people and tens of thousands of dollars of very sophisticated equipment to protect our organization ... It's job security, man. Dan ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
I'm thinking of investing $70 in Eset, an antivirus program that was top rated in Consumers Reports in 2010. Either that or "really" biting the bullet and switching to a Linux program or Apple. Gerry I think the Mac is worth the money. I am tired of fighting with M$ so even though XP was pretty decent. I have been struggling all afternoon to install a HP 2840 CLJ in Mac 10.6.8, XP or ubuntu with no success. on the mac, it starts up a HP setup assistant, which can't find the printer. end of the show... no way to install it manually that I can find. the printer add thing does not find the printer. XP problems, and ubunto is requiring a bunch of command line stuff I don't understand at all. Jury is still out on ubuntu. HPLIP 3.12.2 has to be removed, and 3. 15.2 installed. Who know what happens after that... just found out. got to where I can launch a gui interface. Now it can't find the printer. Same as on the Mac. Stupid HP. Overpriced, and crappy and make you buy a new printer because they won't update the drivers. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Gerry wrote: > The Korean malware...has been removed; I can remember editing NT4 registry numerous times without any failure. I would search small bits of observed names and remove as much as I dared and never saw massive hiccup. Maybe regedit doesn't exist? mao ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
I stopped using direct connected printers years ago, as the software the vendors use is garbage. My 'ol reliable HP LaserJet 4000TN is sitting right next to me, ready to pound out thousands of pages. I don't even have a color printer As for OS', I prefer a Mac but they're not the end all to be all. Dan > On Feb 4, 2015, at 5:39 PM, Curly McLain via Mercedes > wrote: > >> >> >> I'm thinking of investing $70 in Eset, an antivirus program that was top >> rated in Consumers Reports in 2010. Either that or "really" biting the >> bullet and switching to a Linux program or Apple. >> Gerry > > I think the Mac is worth the money. I am tired of fighting with M$ so even > though XP was pretty decent. > > > > > > I have been struggling all afternoon to install a HP 2840 CLJ in Mac 10.6.8, > XP or ubuntu with no success. on the mac, it starts up a HP setup > assistant, which can't find the printer. end of the show... no way to > install it manually that I can find. the printer add thing does not find the > printer. > > XP problems, and ubunto is requiring a bunch of command line stuff I don't > understand at all. Jury is still out on ubuntu. HPLIP 3.12.2 has to be > removed, and 3. 15.2 installed. Who know what happens after that... > > just found out. got to where I can launch a gui interface. Now it can't > find the printer. Same as on the Mac. Stupid HP. Overpriced, and crappy and > make you buy a new printer because they won't update the drivers. > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > All posts are the result of individual contributors and as such, those > individuals are responsible for the content of the post. The list owner has > no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Regedit is still alive and well through Windows 7. I can't speak for Windows 8 or 10, as I haven't worked with either in depth. I did some work with Windows 8 when I was at the school district because we had to use it to manage Windows 2012 servers and their VMs. Dan > On Feb 4, 2015, at 6:09 PM, Mountain Man via Mercedes > wrote: > > Gerry wrote: >> The Korean malware...has been removed; > > I can remember editing NT4 registry numerous times without any > failure. I would search small bits of observed names and remove as > much as I dared and never saw massive hiccup. Maybe regedit doesn't > exist? > mao > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > All posts are the result of individual contributors and as such, those > individuals are responsible for the content of the post. The list owner has > no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
A bit late since you have fixed it, but is there not a means of telling Windows to go back to an earlier date in order to avoid issues like this that crop up? RB On 04/02/2015 4:10 PM, archer75--- via Mercedes wrote: The Korean malware, which had overloaded memory, blocked malwarebytes, and slowed Win7 to a crawl, but still allowed the email and search engines to function, has been removed; hopefully for good. Esets scanner found its location but would only remove it if one subscribed to Eset for $70. It was invisible to Avg, MS Security programs, and the usual "fixits" on Win7 and other programs from the 'net. Although it was visibly present on the MSconfig startup list, I hesitated to try and remove it myself since that can often make removal more difficult or impossible without wiping the HD. None of the antivirus websites on the 'net seemed to know anything about it. I finally decided to "bite the bullet" and try removing it myself. After spending probably an hour on every removal workaround I could think of, and jeopardizing my chances of going to that great workshop in the sky some day due to the foulest profanity, SUCCESS! North (or South) Koreas evil geniuses have been defeated; no thanks to Malwarebytes $40 program. I'm thinking of investing $70 in Eset, an antivirus program that was top rated in Consumers Reports in 2010. Either that or "really" biting the bullet and switching to a Linux program or Apple. Gerry Just now got a pop up that one or more aspects of Malewarebytes have been disabled with a button to push for enable. I pushed the button. Gerry Been getting message from MS program that I'm low on memory. Accessed msconfig, and at the top of the page appeared the word "Korean". The next line had the symbol for "type configuration setting" with the address: C:\users\archer\mydocuments\. Right clicking the symbol brought up 29 pages of Korean characters. I'm running Malwarebytes (paid for professional program), AVG antivirus, and MS firewall. A quick search of Google had nothing specific about this being known malware, and this blog was the only reference I found that might apply: http://blogs.microsoft.com/cybertrust/2013/01/16/koreas-malware-infection-rate-increases-six-fold-in-six-months/ ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Of all the times I've tried, I never got Windows to roll back using the native recovery utility. I'm not bashing, just relating my experience. I am a great believer in clean installs. Keep a clean image and good, regular backups, and when something like this occurs you just nuke and start fresh. It makes life so much easier. Dan > On Feb 4, 2015, at 6:23 PM, Randy Bennell via Mercedes > wrote: > > A bit late since you have fixed it, but is there not a means of telling > Windows to go back to an earlier date in order to avoid issues like this that > crop up? > > RB > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
On Wed, 04 Feb 2015 18:10:41 -0500 Dan Penoff via Mercedes wrote: > I stopped using direct connected printers years ago, as the software > the vendors use is garbage. My 'ol reliable HP LaserJet 4000TN is > sitting right next to me, ready to pound out thousands of pages. > > I don't even have a color printer EXACTLY!!! I have a 4050N I bought off ebay when I was a graduate student for $900.01. (The other guy who really wanted it bid $900.00, so I won.) I put a 100 Mb/s ethernet network interface card into it and turned it into a 4050TN. It's been working great for 15 years now. We have installed one new toner cartridge. We print everything on it, including all our Christmas letters. The only difficulty is that the NIC stops listening after a couple minutes of no network activity. I fixed that by putting in a startup script that pings the printer once per second (boot the computer to get the ping going and then turn on the printer), so I have not had to replace that. It developed that problem just as I was preparing my presentations for an on-campus interview at Taylor University in Upland, Indiana in June of 2012; not exactly an ideal time. :-) Craig ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
When I started working for the schools back in 2000 I was charged with identifying the best network printers we could purchase for my campus. The District had a contract with Lexmark at the time, but the funds we had at my school were discretionary, meaning we could spend them on whatever we wanted and weren't bound by purchase agreements. I did my due diligence and found that the HP4050N was considered a real workhorse, so I ordered 12 of them. We got a bunch of flack from Purchasing over buying something off contract, but fortunately my principal respected my advice and pretty much told them to stick it. Today, at least nine of those printers are still in service. They've had hundreds of thousands of pages through them, had complete service kits put in them several times over, and they just keep churning out the pages. When I went looking for a network printer for the house some years back I knew it would be an HP4000 series model. I found a guy over in St. Pete who refurbishes them, and bought one off of him for around $75. I took it to our printer tech at the school district and had him check it out, and he gave it a clean bill of health. It's been sitting in my office since, running flawlessly. Oh - one VERY important thing to consider with these printers - ALWAYS use genuine HP toner cartridges. I bought one new in the box off eBay when I got the printer, and it's still in there. Dan > On Feb 4, 2015, at 6:29 PM, Craig via Mercedes wrote: > EXACTLY!!! I have a 4050N I bought off ebay when I was a graduate student > for $900.01. (The other guy who really wanted it bid $900.00, so I won.) > I put a 100 Mb/s ethernet network interface card into it and turned it > into a 4050TN. > > It's been working great for 15 years now. We have installed one new toner > cartridge. We print everything on it, including all our Christmas letters. > > The only difficulty is that the NIC stops listening after a couple > minutes of no network activity. I fixed that by putting in a startup > script that pings the printer once per second (boot the computer to get > the ping going and then turn on the printer), so I have not had to replace > that. It developed that problem just as I was preparing my presentations > for an on-campus interview at Taylor University in Upland, Indiana in > June of 2012; not exactly an ideal time. :-) > > > Craig > > ___ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > All posts are the result of individual contributors and as such, those > individuals are responsible for the content of the post. The list owner has > no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Curly, Not sure what problem you're having. I've been running an HP2840 since Win98 to WinXP and now Win7. It installs better under XP if you have the install disk which uses the web setup to install everything correctly (scanner, fax, etc.). Sometimes the web setup runs into conflict with your modem/router because of the assigned address the setup wants to use for the printer. I don't use the scanner on Win7, but the print/copy/fax work just fine using the Win7 Pro drivers. Contact me off line if you want and I might be able to help you. Best Wishes, Roger Roger Hale Dinnerware Classics, Inc. Monroe, Ga. 770-267-0850 www.dinnerwareclassics.com (new) www.southernnightsantiques.com (antique) ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
On Wed, 04 Feb 2015 18:38:03 -0500 Dan Penoff via Mercedes wrote: > Oh - one VERY important thing to consider with these printers - ALWAYS > use genuine HP toner cartridges. That's what I have always done. Craig ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Yeah, I got 4 8150s for $100. They got rid of them because there was no WIndwers 7 or 8 driver. We use 2 of em every day, Scrapped one, and have a spare. The HP SOHO stuff is crap. This one has a network plug, but never worked right on the network. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
We use an HP 8150DN that I bought at work for $25, with extra (refill) toner cartridge, cart, paper, cables... For color we have a Xerox 8560 MFP. Not small, either one, but they're both workhorses, and can sit quietly for months if they have to. -- Jim ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
I just checked, regedit is alive and well in Windows 8.1. On Wed, Feb 4, 2015 at 5:12 PM, Dan Penoff via Mercedes < mercedes@okiebenz.com> wrote: > Regedit is still alive and well through Windows 7. I can't speak for > Windows 8 or 10, as I haven't worked with either in depth. I did some work > with Windows 8 when I was at the school district because we had to use it > to manage Windows 2012 servers and their VMs. > > Dan > > > -- OK Don NSA: The only branch of government that actually listens to US citizens! *“Travel is fatal to prejudice, bigotry and narrow-mindedness, and many of our people need it sorely on these accounts.”* – Mark Twain "There are three kinds of men: The ones that learns by reading. The few who learn by observation. The rest of them have to pee on the electric fence for themselves." WILL ROGERS, *The Manly Wisdom of Will Rogers* 2013 F150, 18 mpg 2012 Passat TDI DSG, 44 mpg 1957 C182A, 12 mpg - but at 150 mph! ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
So, can you tell me in simple terms how to do this? I have a portable hard drive and would like to do essentially a clone of the hard drive on my computer. I understand there is a way to do it by booting from a flash drive so that the whole of C can be accessed to copy it. I assume I could use something like ghost or clonezilla to make the copy. The question is - exactly what do I need on the flash drive to make it bootable and let me make the copy? It is Windows 7 Home Premium. My IT guy says it is simple and he will do it for me but he is busy and despite a number of reminders, has yet to do so. He is good however, in the sense that when I had a hard drive going bad, he came and got my computer and copied and replaced it all within about 2 or 3 hours. Part of the business is a backup service that copies changes to files in the night and stores it off site. However, that would not recover the whole C drive if it was needed. Thus, I would like to have something that could put this back where it was pretty quickly if a problem arose. I understand it would need to be redone pretty regularely in order to be of much use. Part of the problem is that over time we tinker with programs etc and then if we do a clean install, things don't look or work like they did before. I am pretty happy with the machine right now and would like to be able to preserve that look and feel. RB On 04/02/2015 5:28 PM, Dan Penoff via Mercedes wrote: Of all the times I've tried, I never got Windows to roll back using the native recovery utility. I'm not bashing, just relating my experience. I am a great believer in clean installs. Keep a clean image and good, regular backups, and when something like this occurs you just nuke and start fresh. It makes life so much easier. Dan On Feb 4, 2015, at 6:23 PM, Randy Bennell via Mercedes wrote: A bit late since you have fixed it, but is there not a means of telling Windows to go back to an earlier date in order to avoid issues like this that crop up? RB ___ ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Randy, There are any number of programs out there for free that will allow you to clone a hard drive. CloneZilla is good as are others. Most of these have walk throughs that show how it's done. I haven't cloned a personal (PC) drive in some time, so I can't offer specifics as far as software recommendations. I clone Mac drives regularly using Carbon Copy, a Mac program for cloning that's been around for years. I also use Disk Utility to make compressed image files for archive and backup purposes as well. Disk Utility is a native program that's been a part of the Mac OS for years, and it's probably one of the best things they ever put together in that regard. The PC work I've done has been enterprise level stuff, so the tools I used aren't typically available to the general public, or they're rather expensive for the average person. There have got to be some list members out there with PCs that are cloning drives. ?? Dan Sent from my iPad > On Feb 5, 2015, at 11:19 AM, Randy Bennell wrote: > > So, can you tell me in simple terms how to do this? > > I have a portable hard drive and would like to do essentially a clone of the > hard drive on my computer. > I understand there is a way to do it by booting from a flash drive so that > the whole of C can be accessed to copy it. > I assume I could use something like ghost or clonezilla to make the copy. > The question is - exactly what do I need on the flash drive to make it > bootable and let me make the copy? > It is Windows 7 Home Premium. > > My IT guy says it is simple and he will do it for me but he is busy and > despite a number of reminders, has yet to do so. > He is good however, in the sense that when I had a hard drive going bad, he > came and got my computer and copied and replaced it all within about 2 or 3 > hours. > > Part of the business is a backup service that copies changes to files in the > night and stores it off site. However, that would not recover the whole C > drive if it was needed. > Thus, I would like to have something that could put this back where it was > pretty quickly if a problem arose. > I understand it would need to be redone pretty regularely in order to be of > much use. > > Part of the problem is that over time we tinker with programs etc and then if > we do a clean install, things don't look or work like they did before. > I am pretty happy with the machine right now and would like to be able to > preserve that look and feel. > > RB > >> On 04/02/2015 5:28 PM, Dan Penoff via Mercedes wrote: >> Of all the times I've tried, I never got Windows to roll back using the >> native recovery utility. >> >> I'm not bashing, just relating my experience. >> >> I am a great believer in clean installs. Keep a clean image and good, >> regular backups, and when something like this occurs you just nuke and start >> fresh. It makes life so much easier. >> >> Dan >> >> >> >>> On Feb 4, 2015, at 6:23 PM, Randy Bennell via Mercedes >>> wrote: >>> >>> A bit late since you have fixed it, but is there not a means of telling >>> Windows to go back to an earlier date in order to avoid issues like this >>> that crop up? >>> >>> RB >> >> ___ > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
Clonezilla works well but is not super intuitive. Make a bootable USB with unetbootin, then you've got a choice, if you've got another drive of the same size you can clone your disk to that drive. Otherwise you can make a disk image which will be much smaller.Last I played with it a Win7 disk image (just the OS, not backing up files) was around 9GB. A 64GB USB drive should cover you well for the OS and some media (documents, images and whatnot). The interface is utilitarian and since I don't do it often it always takes me a few fits and starts to get going. I've got a script for the computers at work that saves everything off to a network location. Taking a disk image to a Windows share is fairly slow but effective, its considerably faster to a USB drive. -Curt From: Dan Penoff via Mercedes To: Mercedes List Sent: Friday, February 6, 2015 9:35 AM Subject: Re: [MBZ] Korean malware FIXED Randy, There are any number of programs out there for free that will allow you to clone a hard drive. CloneZilla is good as are others. Most of these have walk throughs that show how it's done. I haven't cloned a personal (PC) drive in some time, so I can't offer specifics as far as software recommendations. I clone Mac drives regularly using Carbon Copy, a Mac program for cloning that's been around for years. I also use Disk Utility to make compressed image files for archive and backup purposes as well. Disk Utility is a native program that's been a part of the Mac OS for years, and it's probably one of the best things they ever put together in that regard. The PC work I've done has been enterprise level stuff, so the tools I used aren't typically available to the general public, or they're rather expensive for the average person. There have got to be some list members out there with PCs that are cloning drives. ?? Dan Sent from my iPad > On Feb 5, 2015, at 11:19 AM, Randy Bennell wrote: > > So, can you tell me in simple terms how to do this? > > I have a portable hard drive and would like to do essentially a clone of the > hard drive on my computer. > I understand there is a way to do it by booting from a flash drive so that > the whole of C can be accessed to copy it. > I assume I could use something like ghost or clonezilla to make the copy. > The question is - exactly what do I need on the flash drive to make it > bootable and let me make the copy? > It is Windows 7 Home Premium. > > My IT guy says it is simple and he will do it for me but he is busy and > despite a number of reminders, has yet to do so. > He is good however, in the sense that when I had a hard drive going bad, he > came and got my computer and copied and replaced it all within about 2 or 3 > hours. > > Part of the business is a backup service that copies changes to files in the > night and stores it off site. However, that would not recover the whole C > drive if it was needed. > Thus, I would like to have something that could put this back where it was > pretty quickly if a problem arose. > I understand it would need to be redone pretty regularely in order to be of > much use. > > Part of the problem is that over time we tinker with programs etc and then if > we do a clean install, things don't look or work like they did before. > I am pretty happy with the machine right now and would like to be able to > preserve that look and feel. > > RB > >> On 04/02/2015 5:28 PM, Dan Penoff via Mercedes wrote: >> Of all the times I've tried, I never got Windows to roll back using the >> native recovery utility. >> >> I'm not bashing, just relating my experience. >> >> I am a great believer in clean installs. Keep a clean image and good, >> regular backups, and when something like this occurs you just nuke and start >> fresh. It makes life so much easier. >> >> Dan >> >> >> >>> On Feb 4, 2015, at 6:23 PM, Randy Bennell via Mercedes >>> wrote: >>> >>> A bit late since you have fixed it, but is there not a means of telling >>> Windows to go back to an earlier date in order to avoid issues like this >>> that crop up? >>> >>> RB >> >> ___ > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor. ___
Re: [MBZ] Korean malware FIXED
On Fri, 06 Feb 2015 09:35:47 -0500 Dan Penoff via Mercedes wrote: > There have got to be some list members out there with PCs that are > cloning drives. I cloned drives for Windows machines at the Lab by using my Linux Personal Computer and the dd command, once from the source disk to free space on a disk in the Linux PC, and then from the image on the PC's disk to the target disk. It worked great; no muss, no fuss. Craig ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
Re: [MBZ] Korean malware FIXED
I use Acronis Trueimage, and have used it several times. It's pretty user friendly and can shrink or expand volumes to suit a new drive. It also can do automated backups, but I don't use that feature. I think you can get a free trial perion, although I bought it on sale for about $10 IIRC. Greg -Original Message- From: Mercedes [mailto:mercedes-boun...@okiebenz.com] On Behalf Of Dan Penoff via Mercedes Sent: Friday, February 06, 2015 6:36 AM To: Mercedes List Subject: Re: [MBZ] Korean malware FIXED Randy, There are any number of programs out there for free that will allow you to clone a hard drive. CloneZilla is good as are others. Most of these have walk throughs that show how it's done. I haven't cloned a personal (PC) drive in some time, so I can't offer specifics as far as software recommendations. I clone Mac drives regularly using Carbon Copy, a Mac program for cloning that's been around for years. I also use Disk Utility to make compressed image files for archive and backup purposes as well. Disk Utility is a native program that's been a part of the Mac OS for years, and it's probably one of the best things they ever put together in that regard. The PC work I've done has been enterprise level stuff, so the tools I used aren't typically available to the general public, or they're rather expensive for the average person. There have got to be some list members out there with PCs that are cloning drives. ?? Dan Sent from my iPad > On Feb 5, 2015, at 11:19 AM, Randy Bennell wrote: > > So, can you tell me in simple terms how to do this? > > I have a portable hard drive and would like to do essentially a clone of the hard drive on my computer. > I understand there is a way to do it by booting from a flash drive so that the whole of C can be accessed to copy it. > I assume I could use something like ghost or clonezilla to make the copy. > The question is - exactly what do I need on the flash drive to make it bootable and let me make the copy? > It is Windows 7 Home Premium. > > My IT guy says it is simple and he will do it for me but he is busy and despite a number of reminders, has yet to do so. > He is good however, in the sense that when I had a hard drive going bad, he came and got my computer and copied and replaced it all within about 2 or 3 hours. > > Part of the business is a backup service that copies changes to files in the night and stores it off site. However, that would not recover the whole C drive if it was needed. > Thus, I would like to have something that could put this back where it was pretty quickly if a problem arose. > I understand it would need to be redone pretty regularely in order to be of much use. > > Part of the problem is that over time we tinker with programs etc and then if we do a clean install, things don't look or work like they did before. > I am pretty happy with the machine right now and would like to be able to preserve that look and feel. > > RB > >> On 04/02/2015 5:28 PM, Dan Penoff via Mercedes wrote: >> Of all the times I've tried, I never got Windows to roll back using the native recovery utility. >> >> I'm not bashing, just relating my experience. >> >> I am a great believer in clean installs. Keep a clean image and good, regular backups, and when something like this occurs you just nuke and start fresh. It makes life so much easier. >> >> Dan >> >> >> >>> On Feb 4, 2015, at 6:23 PM, Randy Bennell via Mercedes wrote: >>> >>> A bit late since you have fixed it, but is there not a means of telling Windows to go back to an earlier date in order to avoid issues like this that crop up? >>> >>> RB >> >> ___ > ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor. ___ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.