Connecting a Potentially Malware-infested HDD to a Clean PC?

Discussion in 'malware problems & news' started by java dude, Sep 12, 2012.

Thread Status:
Not open for further replies.
  1. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    Hey guys! A friend of mine has a couple of hard drives that are most likely infected with who-knows-how-much malware. I think he got hit by a Java exploit awhile back (maybe a year ago) which ultimately rendered Windows XP (on drive A) unbootable. Drive B is a drive with his music/movie collection. These drives contain a LOT of data, so DBAN is a last resort.

    I was thinking about using SBIE to force programs in E: to run sandboxed, to prevent any kind of possibility of the malware jumping to my clean laptop. Then use the usual tools to scan both drives and clean them as best I can. Then remove my current drive to prevent a possible infection, and boot from drive A, fix the boot problem and get his OS usable again.

    Is this a good plan? I'm concerned about 2 things:

    1) Malware jumping from an infected drive onto my current (clean) drive. I don't have a spare computer to work with, and this is my work PC.

    2) A rootkit jumping from Drive A and installing over my BIOS when I boot from it. Obviously SBIE can't help here. Is this even an issue to be concerned about?

    Thanks in advance!
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    The whole exercise is fraught with risk.

    The idea of using sandboxie is good BUT you don't want to do this on your work computer.

    Why can't you do this "work" on his PC?


    Take it to the geek squad or local computer service guys and let them wreak their setups. Or rent a PC for a week and do it that way.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Normally a live CD is the safer option. That said, I have slaved a few drives onto my PC for cleaning and data recovery before. I have a separate image I created for such tasks, very stripped down, default-deny policy, loaded with tools. Do not attempt such a task if you employ a default-permit based security policy.
     
  4. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423

    1. it's possible if it's a worm otherwise you should be safe, you sure you don't have access to another PC except your work? I wouldn't touch it if it was my work PC.

    2. BIOS malware is rare in the wild, I wouldn't worry about it. If you do get a BIOS rootkit someone is really after you.

    My advice use Kaspersky Removal Tool or Rescure CD on your friend's PC. Bitdefender rescue CD or Panda SafeCD are two other options.
     
  5. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    Thanks for your replies everyone!

    His PSU is burned out. Another is on the way, but I wanted to get his HDDs sorted out before then so that he could get up and running ASAP. He doesn't live nearby either, so if I could get these things cleaned up from home, it'd really be nice.

    I suppose I could buy a cheap used PC for this kinda thing, but it seems like a waste. Maybe I'll just wait for the new PSU to arrive and fix the HDDs in his PC then. It just seems too risky.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Time bomb . . . Tick Tock Tick Tock. :D
    I would just wait until he receives the PSU as you said but if it is absolutely necessary or hes in a hurry just plug it in your PC. :rolleyes:
     
  7. guest

    guest Guest

    Just use a Image program and make sure you have a CLEAN IMAGE first, "cold image"
    then just re-image your computer after you are done even if you do not think you are infected.

    make sure all extra drives you may have are disconnected during this process,
    do not even turn them on until after you have re-imaged your system

    if your windows drive has more than one partition then image the complete drive and re-write the entire drive when you have finished
     
Loading...
Thread Status:
Not open for further replies.