It looks like a big part of my business is going to be virus and spy-ware removal. Although this is mainly a time consuming, tedious job, there is a certain element of risk of corrupting the data on the affected machine. I have been looking for an easy way to back up a windows partition before I attempt any removal of infection, and I think I finally have a method that is both easy and effective.
Firstly, normally I can not actually get into the windows running on the machine by the time I get to work on it, and if I can it is severely crippled by the infection. To get round this I boot from an Ubuntu Live disk. My system of choice for this is Ubuntu 9.04, as this is what I already have on a CD as it is the OS of my entertainment PC in the lounge. Ubuntu 9.04 has some advantages. Firstly it can see all windows partitions from boot up, including NTFS. Secondly, built into it is a cool feature to automatically create a ‘USB drive’ version, which I used to put a full Live version of Ubuntu 9.04 onto a USB key, which I can use to boot netbooks and the like which don’t have optical drives.
Secondly, I needed a hard drive to write the partitions too. Our local Harvey Norman had a sale on recently, and were selling 640GiB Western Digital Elements USB external hard drives for NZ$104, which seemed quite reasonable, so I bought one of them. Inside is a normal 640GiB WD Sata drive, so if i need to upgrade, its an easy job. To prepare it for use, it needs to have a chunk of unallocated space at least as big as the partition you are copying, so you may need to use Gparted below to delete or resize and existing partitions on the drive you are using.
Thirdly, I needed a simple, GUI method of backing up partitions. After some thought and research, it became apparent that Gparted, the partition manager built into the standard live Ubuntu image, has this capability built into it. Even with a GUI there are some pitfalls. Gparted does not show error messages when it fails, and just ‘hangs’. If you want to see error messages, you have to start in from a terminal window. Inside the terminal just type ‘sudo gparted’, and gparted starts up as normal, but any errors appear in the terminal window. One of the main reason for failures is non existent drives. If your machine does not have a floppy, ubuntu may still load a floppy at start up, and this can cause errors in gparted, similarly, I have one machine with a USB connection to a multifunction printer, which also has a DVD writer, a USB socket and a bunch of card readers. This appears as a bunch of drives on the Ubuntu system. So, simplify your machine, unplug anything not required for this job.
So with a working partition manager on Ubuntu, and a hard drive to copy it to, the actual process is quite easy. Start up partition manager, and using the drop down in the top right of the screen, select the partition(s) you want to back up, right click on each one and select copy from the menu, or from the task bar at the top of the screen. Then select the drive you want to copy the partition(s) to from the drop down at the top right, and right click in the ‘unallocated’ part of the device, and select paste. When you are ABSOLUTELY CERTAIN that you have it the right way round, and you ARE NOT going to overwrite a client’s masters thesis or similar, click apply. Read the warnings carefully, and click apply again to get it going. Sit back and wait, it could take a while! So long as no error messages appear, it is probably OK, so hang in there.
Theoretically, recovering a saved partition is simply a reversal of the process. Firstly, delete the original partition of the disk, leaving an unallocated space, secondly copy the backed up partition from the back up drive, and thirdly, paste it into the unallocated space. Sounds easy doesn’t it, sounds bloody scary to me and I hope I never have to do it!