My drumbeat. Backup with Images folks!

Once again I’ve had the frustration of dealing with failed hardware. The system was highly customized with special settings and configurations to enable unique line of business applications and data, plus the ‘regular’ business applications such as MS Office (with custom CRM databases) multiple email accounts and other applications installed after the system was first ‘fired up’. It was an HDD drive failure on a two month old HP laptop.

HP’s solution is to ‘just send the whole thing back and we’ll put the new HDD in with the ‘factory image’. A ‘factory image’ is what the new Laptop ships with; as if you just bought it. None of my installed applications, settings or files would/will be there. Meaning I’d have to finish the initial setup, update the Operating System to a Windows 8 Pro version (the ship version was Home Premium), install MS Office 2013 Pro (again from the MS Store – it didn’t come with system), install all the other business applications required for this user – 4+ separate ones each requiring special configurations to work with Windows 8, AND then get all the files and settings (like email accounts etc.) configured. Oh and of course there would be about a day and half worth of Windows and Application Updates and Patches to apply. Then hope that it all works as it did.

Had this system been IMAGED, I would have been able to remove the dying/dead drive, run down to the local PC store (Fry’s) and buy a replacement drive, install a clean/new one and restore that image to the new drive. The system would then be as it was when the image was created, apps, files, settings and all. Only time would have been the physical HDD removal and replacement and the time it takes for the image restore – that total time would probably have been only one day more or less.

I propose this to all of my clients. But for some reason they often don’t see the value till it’s too late. No matter my insistence. It is usually a, ‘yea, we’ll do that soon..just not now….. Sometimes it’s the capital cost (actually less than $200.00) or time (really very little – to install and setup). But in the end I guarantee that it will always cost more if they are out of business.

However in this case there was no image backup. The system was as a point where it was un-repairable via HP or MS Windows recovery tools and would not boot. I had to remove the HDD, place it in one of my HDD docks and use advanced disk recovery (forensic) tools just to get access to the data. I was then able to copy off nearly all the data to another drive. Note that I recovered data NOT the working system. So all the documents and files this person had are still accessible. But otherwise quite useless with out the applications and Operating system to use them.

I constantly hear the commercials for the many online backup services and their BS promises on the TV and radio. My clients do too. And they like most people do NOT understand that there is a WORLD of difference between a file backup and a full system backup that will enable complete system recovery; Operating System, Applications, Settings and all. It’s good to use some of these services to backup your documents and files (I do and recommend some – see my previous articles on cloud storage). But you must understand that if you SYSTEM fails you need some kind of system recovery, not just files.


I have written many, many times about this. You can read here and here.

My go to imaging software is Acronis True Image. The cost is nominal (right now only $79.00 U.S. for the Home Premium version that includes ‘Universal Restore’. You can check out there deals here. Add to that the low cost of External USB HDDs – less than $100.00 U.S. in most cases, and you can assure that you will NOT be out of business longer than a day or two at most. VS having a to wait for a manufacturer to send out replacement part( s) , re-install and configure everything and HOPE it all works as it did.

Well there you go just another rant after spending a few whole days working my tail off to help one of my clients. Sigh..

More on backups and archiving


After a few weeks of removing loads of nasties from Windows and Mac machines and recovering data from dead or corrupted drives from both types of systems because of malware/viruses and hardware failures, I thought I would republish this.

I must ask you – in this digital age what price will you put on your data?! You family pictures, you financial documents and communications – everything? I don’t ask this lightly. For only a couple of hundred dollars you can KNOW that you will be safe!


I have been asked again to explain in more detail with examples of how I personally backup/archive my data. My previous article is here and should be read first.

So here it is in a simple, I hope, form.

I have two external HDDs (actually many but for example this will work) I use Acronis as my primary imaging software. If you use OS X you can use Time Machine, Carbon Copy or Apple’s built in disk image utility. I covered these in the post above.

To create my images I use an external HDD mount, like this.  with drives something like this or this. You can mount the drives in your system if you like or use any other external type of drive. I just like the ease and economy of this set up. It also makes it easy to just take the drives, place them back in the protective bags they come in and put them( rotate) into a safe deposit box.

I create a full image of my system on external HD #1 on Jan 1st  – HD01_Jan_image01.tib
On Jan 2nd I create a full image of my system on external HD #2 – HD02_Jan_image01.tib

I now have two images on two separate drives.

At the end of week one for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_02.tib (or whatever Acronis auto names it.)

At the end of week two for the month I create an incremental backup to external HD #2 – HD02_Jan_image01_02.tib

At the end of week three for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_03.tib

On the 1st of the next month I create a new FULL image to HD #2 – HD02_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

On the 2nd of the month I create a full image to HD #1 – HD01_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

This assures me that if my system were to die AND one of my external drives failed I would lose no more that two weeks of data – usually just one week or less!

You should also copy or store one of the external drives in a fire safe or safe deposit box for true disaster recovery!

As with any good backup plan you should regularly test your backups! Either do a full restore (highly recommended) or at least validate and mount your images to insure they are fully readable.

If you wish to, or have to, for compliance issues (corporations) you can archive your monthly images to additional external drives. I do. I have images of machines that are long gone (some over ten years!) and I have been able to retrieve data I needed very easily and quickly. In fact I needed a Photoshop file recently that I was able to retrieve from one of my images of an old Mac G3!!


I hope this helps. Please don’t be the person who loses important personal, family or business data because you couldn’t take a little time and effort to set up a backup and recovery plan. The costs and time are insignificant when compared to the cost of loss!

McAfee fix for killed XP machines

I am not a fan of McAfee security and AV products and haven’t been for years. Their software has become a huge drain on system resources and worse, seems to get more false positives than actually stoping malicious software. I highly recommend Microsoft Security Essentials. But if you are one of those that have had this issue I hope this helps.

McAfee recently put out an update that literally killed many machines.

If you are one of those people here is a possible solution.

1. If your computer is forcing you to shutdown (you are getting an error with a countdown), go to Start – Run and type cmd. At the command prompt type ‘shutdown -a’ without the quotes. [This will abort the Windows shutdown.]

2. Open up the McAfee console (Start -> Programs -> McAfee)

3. Disable Access Protection and On-Access Scanner

4. Double click your Quarantine Manager in that window, and restore the files there (right click on it and select restore).

5. Go to your services console (right click on My Computer, select ‘Manage’, and click on the services in the left pane). Make sure both RPC (Remote Proceedure Call) services are running.

6. Start (or restart if already running) the McAfee Framework service.

7. Back in the McAfee console, select Tools -> Rollback DATs.

8. Reboot and you should be all set.

Here is McAfee’s own solution:

Convert Dynamic Disk back to Basic Disk WITHOUT data loss

Here is the story.

I had a Windows 7 machine that I was using as a test bed for various applications and settings.
I was trying to recover some files from an old hard drive. I attached the drive via a usb dock. And I was able to grab most of the files I wanted via a rescue start up disk.

I then wanted to delete the partitions on that old drive and format it. Simple enough. But the damaged drive was still giving me problems. I should have used the boot CD to kill it there. But instead, like a maroon, I booted into Windows & and tried to just ‘add’ the disk in the disk manager.
But somewhere in my sleepiness after a 16+ hour day I converted my Windows 7 drive to a dynamic volume that included the messed up drive!
Before I realized what I had done it was too late.

What to do?

With the damaged drive not working my ‘dynamic volume’ was now in accessable after restarting the machine!
So on with the searching for a solution.
I read over and over how a Dynamic Disk could NOT be converted back to a Basic Disk.
Even Microsoft say this is so!

But I knew I had read somewhere about editing the MBR and setting the drive back to basic year ago. I may have even done it.
And after many days and many hours I found a simple elegant solution in an old post that WORKED!

I simply pulled out the affected Windows 7 drive and used my HDD dock to attach it to one of my main machines and edit the MBR sector to change the disk back to a Basic Disk.

Basically it involves using a freeware hex disk editor to open the MBR and just change one sector(sector 0 location 1C2) value from ’42’ to ’07’ saving the change. Then running a check disk and fix (chkdsk x: /f).
I put the drive back in booted and after a few moments of ‘recovery’ at start up my entire OS was back!
Here is the post.

It is very detailed and easy to follow.
I hope no one needs it but if you do this is good to have in your tech notes file.

Recovery from dead HDD

As you can tell from many of my posts I am a fanatic about the importance of backups.
Yet very often many people don’t follow best practices and proceedures for data back up and security.
And there are times when items have not been able to have been backed up in a normal back up cycle or are not synchronized either. Such as laptops of executives that have been on hecktic travel schedules.
I recently had the horrible issue of having one of my executives have his laptop hard drive die while still loaded with data that is/was needed for an upcoming regulatory inspection and audits!
You know when you here that ‘clicking’ and ‘clunking’ you are most likely SOL.
So I remembered, going back about a decade ago, I once used a technique to recover data from an old Novell server that ran a COLD storage array for a large souther California municipality. There was no software available to ‘re-install’ on a new machine (manufacturer long gone) and the needed COLD indexes were on the server drives anyways. 
That technique was – Freezing the Hard Drive.
I have used it many times since for years.
I figured I could try that and hope for the best.
It may not always work but if the drive is truly toast it is well worth the shot. Unless you are someone who can shell out thousands upon thousands of dollars for a clean room recovery and reconstuction you may be able to recover data otherwise considered history with this very simple technique.

Many times drives fail because of overheating which can distort the metal. By freezing the drive, you can re-align the read head because the metal shrinks just enough to put it back on track.

Most modern drives use liquid bearings, and lowering the temperature makes these bearings work differently. Also, if there is an electrical fault due to a cracked solder trace, lowering the temperature re-connects the two sides of the crack.

What I did is remove the HDD from the laptop, rap it up in paper towels, throw a buch of those little silica packing packs and put it in a zip lock freezer bag after sucking out as much air as I could.
Then I left it overnight at our office in the deep freezer.
The next day, after having completely loaded up the laptop with a new HDD with an OS, and all our apps, I was ready to give it a try.
I popped out the new HDD from the laptop.
Removed the ‘frozen’ hdd from the bag and packing and put it in the laptop.
I then booted to a recovery;/rescue USB stick [more on those another time].
The first attempt I still had no recognized HDD 0. 🙁
But I restarted again, and BAM!
The drive was recognized and accessible – not even ‘clicking’!
I quickly opend up an ‘Explorer’ from the ‘MiniXP’ session and was able to copy ALL of the data we needed on to the Flash drive. I even got all the favorites/bookmarks, profile settings and other miscellaneous documents from the drive too!
Just after finishing up copying all that, the drive again began to chunk and click. But I still got all our stuff – Yeay!
Another way to do this would have been to use an external ‘cage’ for the drive. And I have done that in the past too. What ever works.
Well just thought I’d pass that on.
By the way, this technique works for Mac’s too! I recoverd an old drive from one my G3’s long enough to get some old Illustrator and PS files I really needed.
After my recent experience I looked around the web and found I am not alone in my experiences. Many others have had success too.
This guy has a good walk through here.
If you search there are sure to be many more.
Good luck and please back up your stuff.

Back ups and System restores

Folks, please back up your data.
Once again I have been involved with a system meltdown where there was NO valid back up available.
I was able to salvage some data only after many, many hours and lots of aggravation.
Please don’t let this happen to you.
If people would create, and more importantly follow an effective back up strategy, they (and I) would live a much less stressful life.
There’s one simple rule about backups that everybody needs to fully understand:
Your files should exist in at least Two places, or it’s no longer a backup! Too often people delete files from their primary PC, assuming they are backed up or worse have their back ups located on the same hard drive on the same PC. A different partition of the same physical drive does NOT count. When hard drives fail they usually take the whole drive down including all partitions.
You data must exist in TWO, separate places at once or it is not a back up.
The simplest way is to purchase an external drive that you back up your data to by creating (and appending) disk images (see below for more) on a regular basis. I believe the most effective backups are Images(Clones).

Large external drives are very inexpensive these days. You can pick up a 1TB drive for around $100 or less just about anywhere.
But remember when backing up your data that you can’t delete it from your main system once it’s been backed up to an external drive. By doing that, you’ve left yourself with only a single copy of your important files, on an external drive that has just as much chance of dying as your internal PC hard drive.
So if you have only one external drive remember that.
Or you can go to my paranoid – but outrageously safe, route:
And use at least TWO external drives for image rotations.
I do.
I believe in the ‘grandfather/father/son’ method of backups.
[This is a method for storing previous generations of master file data that are continuously updated. The son is the current file (the one on your pc or data drive for home users), the father is a copy of the file from the previous cycle, and the grandfather is a copy of the file from the cycle before that one.]
I don’t want to be the guy who lost 25 years of family photo’s or my QuickBooks file with 15 years of business data because I didn’t want to spend a little money and time up front to be safe.

Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another (separate) internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone image to a new (replacement) drive and your are up and running.
Image software makes a full, exact copy of your hard drive— a mirror image of the operating system, software, data, file organization—everything.
Good description here.
The go to software for me is Acronis or Ghost
Both have home and enterprise solutions. I have used them for many years, and continue to use both of them extensively.
For the price it is inexcusable to not have this software and use it regularly in your back up strategy.
For OS X creating an image is very simple process that can be done without any 3rd party software although I do like using SuperDuper. I have covered that in a previous article here.

Some of you may be happy just having your ‘data’ backed up to an external or online storage solution like Dropbox, Mozy, iDrive or Carbonite. There are others search ’em out.
That is fine and good for immediate back ups or access to current documents while traveling. I sometimes do this to between my image/back up schedule or when I am traveling and I know I will not be able to use a secure system.
I also use Microsoft’s SyncToy to mirror my working folders at home to one of my external drives and at work for my working documents and files. This tool has just been update to increase it’s speed and robustness, especially with network attached storage devices (NAS). You can find it here.
Well that’s all for now.
Please people save some grief and back up your data then back that up!

Portable tools for Procuctivity and System Recovery

I have a few custom bootable USB recovery sticks containing Hiren’s Boot CD, UBCD4Win and ERD that have recovery consoles along with a WinPE (Mini XP) environment that I use to recover and repair all sorts of Windows issues.
On my USB drive I have loaded hundreds of applications; some for use in the WinPE/Recovery mode (AV/Antispyware system and Troubleshooting apps) and many, many more for use in ‘tweaking/setting up’ a proper secure system.
I also use both of these two tools listed below; sometimes in the PE environment and also in Windows.

Even if you don’t have (need or want) a bootable USB recovery stick, these two utilities – Liberkey and NirLauncher – are fantastic tools to have on a USB drive.

Both give you tons of ‘portable applications’ you can bring with you to any Windows machine. Just plug in your USB drive and you can access loads of portable applications.
Nirsoft Download and integration information:

To creat a bootable USB drive with Hirens:
UBCD4Win to USB:;=10411

Please note if you are going to create and use Hiren’s or UBCD4Win and create a bootable USB drive you must read and follow the directions from Hiren’s and/or UBCD4 Win’s sites.
The have listed the how to’s now in great detail. And there is plenty more info available by just checking their forums and of couse Google.
If you don’t understand all of what is required or just ‘can’t do it’ – do not even attempt it.
You may end up doing something real silly like formating your hard drive or worse some one else’s!!
Also beware if you are not sure what you are doing or are not COMPLETELY versed in all of the the recovery and system tweaking applications listed you may also kill your macine or someone else’s.
If you do hose something DO NOT CRY TO ME!

Let’s Kill Some Spyware!!

I recently had to help some people remove some serious spyware/malware/virii.
No normally if I can’t ‘kill’ the bad stuff fairly quickly. I will simply get the persons ‘data’ – documents, pics, music etc. – off the machine and then delete the partitions. wipe the drives, re-format and re-install the operatiing system clean.
But sometimes in a business situation this is not always possible.
Or sometimes all the needed applications are not available for ‘re-install’
For this you must try and ‘save’ your system without the ‘nuclear option’.
So here is one of the best methods I use on a ‘running’ active system.
Read all the instructions and download ALL of the suggested applications from a ‘non-infected’ machine 1st.
Then place them on a portable drive – usb or a directory on the infected system [c:\killmalwareapps or something]
Ok let’s start.
1st on the infected machine delete the ‘hosts’ and ‘lmhost’ files.
They will be located in the c:\windows\system32\drivers\etc folder.
[Possibly c:\winnt\system32\drivers\etc]
First try an online scan from Trend Micro.
To do this safely – using an ‘external non-infected browser’ you need to run ‘Firefox portable’ off USB drive.
This will allow a ‘clean run’ of a browser for a live malware/spyware scan:
How To:
The article here:
explains how to download the latest portable Firefox builds and how to correctly install it as a ‘portable app’ on a separate folder or usb drive. I ‘install’ it to a directory called ‘portablefirefox’ and then I copy that to my USB drive.

Then go to Trend Micro USING THE PORTABLE FIREFOX and run their housecall application and run a scan:
Make sure you do NOT use any browser installed on the infected system!!!
Use the ‘Firefox Portable’ application to get to the web.

Other tools to have on hand (on your usb drive) before starting.
From Sysinterals

Get the following apps. Download on clean system and transfer to usb.
Autoruns – Finds all the crap actually loading at startup.
You will finds all kinds of ‘crap’ that shouldn’t be there.
Extract and run this to show EVERYTHING that is loaded at start up.
This includes applications, scripts, drivers, active X controls, dll’s and more.

Process Explorer
This helps find unwanted running strigs and helps in there termination.
Run the application to see every currently running process/application on your system.

You will often need some or all of the following applications to ‘kill’ bad processes.
That is, malicious programs that are running ‘un-authorized’ processes.



file assassin

A great spyware finder:

spybot s&d;
I install this as my online scan is running (if possible).
Don’t confuse this application with other that are trading on the ‘Spybot’ name and are in and of themselves ACTUALLY spyware. The one and only original FREEWARE application is here.

Remember to have all these files already downloaded and copied to your portable drive.

And to assist in cleaning our all ‘temp’ type files:
Especially usefull if there is an ‘unseen’ internet app (ie or firefox) downloading malware in the background continually
I will run this over and over while running spybot scans.

Anyhow this is just a quick but I think fairly thorough way of cleaning an infected system if you don’t have a ‘Live’ type of utility or rescue disk available such as UBCD (ultimate boot cd), Hiren’s, or a custom Bart PE disk.