Norton Ghost

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Many thanks Johan. I discovered that I had two disks in the box - Ghost 2003 and Ghost version 9. I had installed 2003 on the clean computer whereas the backup was done with 9.0 Got another problem now though  - when I try to view the backup I get the error message "EA39070A: the internal structure of the PQI file is invalid or unsupported". No I didn't verify the image when I did the backup (a lesson for next time!). Is there any way to recover the backup image? I have an earlier backup that I can read from a few weeks ago.

Thanks again

John

PS If it is irrecoverable I can get the files modified since the previous backup off the infected computer. Are they likely to be infected with the Trojan (Vundo) - they are all xls, doc and ppt files

The problem is the fact that Ghost 2003 cannot read Ghost 9 files.  This is because 2003 is the older technology of the two and is a file base backup whereas Ghost 9 is sector based.  Also, all versions of Ghost since 9 are also sector based and should be able to open the .pqi (with one exception Ghost 14 dropped support for one compression type that we found customers were not using).  Because Ghost 2003 knows nothing of the way Ghost 9 backs up files, it can't read the .pqi file Ghost 9 produced.  So, if you boot to the Ghost 9 CD you should be able to read the .pqi and get files out of it with the browser.

 

I may not have been clear in the last post with the verify.  I was asking you to try to verify it through the browser.  This is different than checking the verify on creation of the backup.  It is a way of verifying the image after the fact.

 

As to the Vondo trojan, this is not in my area of expertise.  I would suggest looking at the following page for more information on it: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=1

 

Hi. I have managed to infect my main computer with am irritating trojan. The machine works OK but I want to reformat the disk to get rid of it. I did a backup with Norton Ghost 9.0 a few days ago (before the infection) to an external drive and I just want to check the the data on the back up before reformatting the disk. However I am reluctant to use the infected computer to check the external drive in case the latter becomes infected and have installed Ghost 9.0 (using the ancient, original disk) on another clean computer. However when I try to view the image backup in Ghost explorer on the clean computer, I can see my back up file (v2i format) but I can't see the file contents - Ghost just tells me that the file is not a "ghost image" file. I have tried a live update with no luck. Any ideas?

 

Many thanks

Try booting up with the Ghost CD (or SRD - System Recovery Disk).  Then use the Recovery Point Browser (Explore My Computer) to look at the v2i file.  Does it give an error?  Can you Verify the image?