Malware Removal - Attach Infected Hard Drive to a Clean PC

Discussion in 'malware problems & news' started by TheKid7, Jul 22, 2011.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have periodically noticed some statements in this forum that the best way to clean an infected PC is to attach the infected hard drive to a Clean PC and then clean the infected hard drive from the Clean PC using Malware Removal Tools.

    What has been your experiences with this method of Malware Removal? Is this method better than using an Antivirus Rescue CD? What are the risk(s) of Malware "jumping" from the infected hard drive to the Clean PC?

    Thanks in Advance.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's no better than a live CD or anything else. The main advantage is that none of the files on the hard drive will be in use and therefor all of them can be scanned.

    In fact I'd rather use a LiveCD because of the fact that malware can possibly jump to your computer.
     
  3. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    How exactly is malware going to jump PC's when you never even run anything from the second drive? It doesn't work by magic, you or the computer has to execute something.

    When you add a drive, all it does is assign it a drive letter... As long as you don't double click on anything, or fall victim to something like the .lnk exploit, you will be fine. Even with the .lnk exploit, you have to bring up an explorer window to the directory that hosted the malicious .lnk.

    The benefit over a rescue CD is usually performance related. CD's are slow. Personally, I started using a USB HD that boots to windows 7 from a snapshotted VHD. Works very well for this type of thing.
     
  4. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    1. Clean out all the junk and temp folders.
    Patch up the exploits and enable your firewall
    Update Java and Adobe after removing older versions.
    Run the removal tools in a windows running in normal mode.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Autorun, etc. Faulty hardware may damage motherboard and PSU, or itself. Human (including others) stupidity and mistakes.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you transfer it to a PC running XP autorun should allow the malware to transfer. Removing a hard drive is a little bit extreme when you can simply insert a CD. Not to mention that it can void warranties.
     
  7. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    AFAIK, autorun is disabled on hard drives by default..

    As far as other things like inadvertent damage to the hardware, and lack of simplicity... I do agree.. but I was mainly arguing with whether an infection could be passed on. The only practical way I see this as happening as if you actually entered and explored the file system on the drive, which is 100% unnecessary for a virus cleaning..
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  9. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    No offense, but literally anyone can write an entry in wikipedia... I'm pretty sure MSFT patched it so that you can't autorun a hard drive... only removable devices can autorun.

    In Windows 7, I believe you are simply limited to autoplay, which of course requires user interaction..
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The wikipedia quote was sourced twice, here's one:

    http://www.channelregister.co.uk/2007/11/12/maxtor_infected_hdd_updated/

    I'm talking about Windows XP. Win7 doesn't have this issue.

    edit: Maybe it's been patched since then. I don't know. Either way, removing a drive seems a bit more extreme than inserting a CD and you negate any possibility however unlikely that malware will cross over.

    edit2: http://www.net-security.org/malware_news.php?id=1444 25% of new worms in 2010 designed to cross over USB devices.
     
  11. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Removable devices (including removable devices) can be allowed to autorun. For instance, most USB key's are considered removable devices to Windows, while USB HDD's are typically not. Its why you can't partition them, because they have the removable media bit set.

    I'm sure the articles are sourced, but I'm 99% sure an HD won't autorun anything (only autoplay, with the #1 option being to view files). I very much trust my brain over wikipedia articles.

    I do agree that its easier to boot a removable device (CD, USB device) and clean that way.. its what I do... but you'd need to do something dumb to get infected by putting the drive in another machine.

    Not trying to be a jerk about it, but I'd like to try and prevent a common misconception from spreading.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't think you're being a jerk. I'm not sure that users would be infected by a HDD either, USB flash drives are definitely different and the source from Wikipedia is from 2007.
     
  13. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Also known as Nuke and Pave...;)
     
Loading...
Thread Status:
Not open for further replies.