Crash and Burn

When a virus strikes your computer, do you have a strategy for recovery?

Just four days after Occupational Hazards proclaimed me their "chief geek" (August issue, page 50), an e-mail virus destroyed the 60 gigabyte hard drive in my primary computer.

There's nothing like a humbling experience to bring a prideful geek back to reality.

This was my first data loss to a virus or hardware crash in more than 10 years. I'd learned my lesson well after losing a hard drive in the late 1980s. I regularly back up important data, run anti-virus software using the latest virus definitions and burn CDs with all the software needed to rebuild my system.

Unfortunately, I'd become complacent. My hard drive crash was more severe than it should have been, and recovery was painfully slow. In the end, my data loss was minimal, but the experience taught me several important lessons:

  • Treat every virus report as a serious threat.
  • Anti-virus software can fail.
  • Backup strategies can fail.
  • Efficient recovery requires organization and discipline.

The disaster forced me to re-evaluate my backup strategy. As a bonus, I found a great source for inexpensive software.

Let's examine each lesson so that you may learn from my mistakes.

Treat Every Virus Report as a Serious Threat

Hurriedly checking e-mail one Friday afternoon, my anti-virus software reported a virus in an unsolicited e-mail attachment. This has happened many times over the years, and my anti-virus software always had provided 100 percent protection.

This time was different. After clicking the button to repair the infected file, the virus report reappeared. After a second attempt failed, I deleted the offending e-mail and attachment.

In my rush to get on with my work, I made two critical mistakes. First, I didn't write down the name of the virus. With the name of the virus, I could have obtained detailed information about the virus and how to repair the damage (securityresponse.symantec.com/avcenter/vinfodb.html). Second, I didn't run a full virus scan after the attack. This might have prevented the major damage that followed.

Within minutes, Windows began reporting errors. I restarted my computer. After the initial bios check, the hard drive made a continual chatter as it tried to boot. My heart sank.

What was the name of that virus?

Anti-virus Recovery Software Can Fail

While eTrust Anti-virus detected the virus, it failed to prevent an infection. Time to try the anti-virus recovery disk created for just this occasion. The computer booted from the recovery disk, but the anti-virus software could not access the hard drive.

Partition Magic (www.powerquest.com) has excellent disk analysis and repair tools. Unfortunately, Partition Magic reported multiple, irreparable problems. This was serious.

A friend suggested rebuilding the drive's Master Boot Record, a popular virus target. The Master Boot Record is the section of a hard drive that identifies where an operating system is located so it can be loaded into the computer's memory. Once again, my software could not access the damaged drive.

Finally, I bought a copy of Norton Anti-virus and ran the Anti-virus Repair program from the CD. Norton Anti-virus could not access the drive, either.

After hours of frustration, the truth finally hit home. My 60 gigabyte hard drive had been reduced to an expensive paperweight.

Backup Strategies Can Fail

My backup strategy is simple. First, I burn an image of my C: drive to CDs using PowerQuest Drive Image. A new image is saved after any hardware change or major software addition. Next, I keep copies of all software installation discs and the latest drivers just in case I have to rebuild from scratch. Finally, I regularly back up key files monthly.

It was time to rebuild my system. After installing and formatting a spare 80 gigabyte hard drive, I ran Drive Image from a floppy disk and restored the old C: drive. I restarted the computer.

It wouldn't boot.

Next, I tried a "repair" installation of Windows XP. Theoretically, this would reinstall Windows XP while maintaining all the software and settings restored from the drive image. The setup program asked for my administrator's password before it would repair Windows XP. It refused to accept my password.

Efficient Recovery Requires Organization and Discipline

Now it was time to start from scratch. After a fresh Windows installation, I reinstalled the rest of my software. I was ready to restore my files from backup CDs.

Over the months, I'd accumulated more than 20 backup CDs. Labeled with just a name, the discs were undated and not indexed. It took hours to sort through the contents of each disc to find the latest files.

Now I keep all backup CDs in a disc wallet. I use separate discs to back up e-mail, financial and word processing documents. Each disc is clearly labeled and dated. The wallet has everything I need to rebuild the hard drive should disaster strike again.

Backup Strategies Revisited

Huge hard drives create problems for conventional backup strategies. CDs are too small for efficiently imaging drives larger than 3 to 5 gigabytes. DVD drives can store almost 5 gigabytes on a single disc, but the drives and media are expensive. With 20 gigabyte tapes priced at $40 each, tape drives don't make economic sense, either.

One option is to back up data to a hard drive installed in a removable drive carrier. With 80 gigabyte drives available for less than $100, hard drives are a fast, cost-effective backup solution.

Lian Li Industrial (www.lian-li.com) and Kingston (www.storcase.com/dexpress), manufacture reasonably priced drive carriers. A receiving bay is installed in one of the computer's 5.25-inch drive bays. A hard drive is installed in a removable carrier that plugs into the receiving bay and is locked into place.

After my disaster, I installed a Lian Li RH32 drive carrier with an 80 gigabyte hard drive. With backup rates over 400 megabytes per minute, a full backup of my documents folder took less than three minutes. A weekly, incremental backup takes less than a minute. Finally, I have a system that makes weekly backups feasible.

Never Pay Full Price

Anti-virus and backup software must not fail when the chips are down. My trip to geek hell made me lose faith in my software. I immediately looked for replacements.

Based on a friend's recommendation, I drove to Software Craze to buy a copy of Norton System Works 2002. Software Craze specializes in buying overstocked and closeout software at deep discounts, passing on the savings to the consumer.

What I found at Software Craze was astounding: System Works for just $15 compared to $70 charged by other local retailers. Software Craze has equally impressive savings on other software. Check out their catalog and prices at www.softwarecraze.com.

Tumbling Dice

Not everyone appreciates the need to regularly scan their computer for viruses. After my disaster, I decided to install Norton System Works on my daughter's laptop before she headed to college. A virus scan by eTrust Antivirus before installing System Works found 26 infected files involving three viruses. After cleaning the infections and installing System Works, Norton Anti-virus found 131 instances of the W32.Funlove.4099 virus in her XP's Restore folder.

It's amazing that my daughter has survived these virus infections for months without a major disaster, yet my drive was toast from a single attack.

Virus protection and data backup comes at a cost. But weekly virus scans and an organized backup strategy can minimize the potential for loss and improve your chances of recovery.

Contributing Editor Michael Blotzer, MS, CIH, CSP, is an occupational hygiene and safety professional, writer and computer enthusiast who brakes for animals on the information superhighway. Mike can be reached by mail addressed to Occupational Hazards, by fax at (309) 273-5493 or by electronic mail at [email protected]

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish