**Warning** Fake AV Viruses and "corrupt" .tib files?
If one of the current crop of nasty fake AV viruses strike they have a tendency to set "ALL" file attributes on every drive to "Hidden" not just system files but user files as well...
For instance a .tib file will "appear" corrupt if it's attributes flag has been set to "hidden" (certainly if you try to load and recover the .tib using the ATI recoverable media) ....
I didn't realise this until I tested one of the fake AV's virus that did indeed set "ALL" files on the PC to hidden!! I then I booted using the recovery media only to find that I could "see" the backup .tib but it wouldn't work (it was located on a separate partition and was reported by ATI Home as corrupt) Once I unchecked the "hidden" attribute on the file it was fine (but I could only set the attribute in a windows environment!!!... maybe this is an unknown bug with all ATI Homes?
I've activated the Startup Recovery Manager in ATI Home 2010 v7046 (my favourite version) and it's working fine.. but my question is this:- Will the hidden file attribute virus affect the loading of the ATI Startup Recovery Manager? as most, if not all programs will refuse to load if the hidden flag has been set on their program .exe files?
Steve
Hi Yana,
There's no need for screenshots.
Just choose any .tib file and in explorer right click to choose "Properties" then tick the "hidden" attribute.
Now open ATI Home (2010 or 2011) and choose the .tib file to recover - you will get a prompt that the archive file is corrupted....
This happens if you run ATI Home (any 2010 or 2011) either inside Windows or from the Startup Recovery Manager
It wouldn't be so much of a problem except that as I said above, some of the current crop of viruses "set" the hidden attribute so "ALL" files become hidden (even if you've got Windows to show hidden files they still won't work with ATI unless you untick the hidden attribute) ... which makes recovering a .tib file very difficult unless you know what's happening because you might just think it actually is corrupt....
It has the potential to be a big problem... I found this out as I was doing some experiments with viruses on a test PC and one of the viruses was a fake AV which amongst other things hid ALL the files on the PC, both system and user data. As soon I tried to reimage the system drive (with the Startup Recovery Manager) using my backup .tib (which was on a separate partition to the OS) it was reported as corrupt. I had to slave the drive to another PC and then untick the "hidden" attribute... Then it worked fine..
Steve
The same in TI 2012 - http://forum.acronis.com/forum/22825
Hmmm maybe one day a version of ATI Home will work with a hidden attributed .tib - maybe ATI Home 2022? ;-)
Until then I hope that not too many will suffer the fake AV with the "hidden file" payload.. they might be very surprised when they attempt a restore..
Steve