is it safe to remove virii this way?

[evident]

Uncle sent me his kid's virii'ed computer.

i'm hooking up his hd to my pc via external enclosure. making sure not to run any EXE's from his HD and just firing up avira, doing a complete scan, save his pictures and media files then gonna format

is my system going to be at risk?


Moved from Software For Windows to Security.

AnandTech Moderator
mechBgon

 

[funkymatt]

Any time you have viruses on a drive your system is at some risk. What does this kid need off the drive that you can't just format it?

 

[Fardringle]

It's a small risk, but there is a chance that the Windows auto run feature could transfer the virus from the infected hard drive to your computer. I wouldn't personally do it unless you don't have other options. If you don't want to take the risk, try using a bootable recovery CD such as Bart PE or Ultimate Boot CD on the uncle's computer and run the virus scans from within the bootable operating system on the CD. You can also use the bootable system to copy any files that need to be backed up before you format the drive.

 

[mechBgon]

I'd suggest disabling AutoPlay, at a minimum. how to disable AutoPlay

If your version of Windows is capable of Software Restriction Policy, then make a non-Admin user account and set up a Software Restriction Policy as shown here.

As Fardringle says, you might also want to try scanning from a bootable CD. F-Secure's Rescue CD Download the Zip file, burn the .ISO to a CD, and boot the infected computer from the CD. If the computer has an Internet connection available, it will even download fresh antivirus signatures before it runs the scan.

moar security suggestions to help prevent future infections

 

[evident]

Originally posted by: funkymatt
Any time you have viruses on a drive your system is at some risk. What does this kid need off the drive that you can't just format it?

just some homework assignments and pictures. so docx's and jpgs and thats it. he told me i can wipe out everything else on the disk.

he says he's infected with AV2009 and a bunch of trojans. thanks for all your suggestions.

 

[SagaLore]

Burn a Knoppix CD. Connect the external hd while shutoff, then bootup into Linux. Transfer from external drive to internal drive. Disconnect before booting back up into Windows.

Then you'll want to heavily scan the files you just copied over.

 

[Red Squirrel]

pretty much safe as long as you don't execute any executable that could be infected. Just be sure your PC is already on when you plug the drive, do your stuff, then unplug. Don't reboot your pc or what not while it's plugged in. Just in case for whatever reason drive letters get scrabled and it starts booting off it or partially /(I've seen this, gets really messy - c:\windows executed from one drive d:\program files from an other, etc)

Some people think that if a usb stick has a virus you can "Transfer" it to the pc just by plugging it in but this is false, it's just a file you still have to execute it. If it was a CD, you could force execute it with an autorun.inf but USB keys, HDDs etc don't support that.

 

[RebateMonger]

As noted, AutoPlay is probably the biggest risk.

 

[nordloewelabs]

Originally posted by: RedSquirrelIf it was a CD, you could force execute it with an autorun.inf but USB keys, HDDs etc don't support that.

i believe the Autorun.inf can lead to execution of files on any USB device seen as "mass storage". even digital picture frames can infect a PC via USB.

disable Autorun for all device types. i did it using a Registry hack: http://www.computerperformance...a_registry_autorun.htm. the trick works on XP and 2K as well.

 

[mechBgon]

Originally posted by: nordloewelabs

Originally posted by: RedSquirrelIf it was a CD, you could force execute it with an autorun.inf but USB keys, HDDs etc don't support that.

i believe the Autorun.inf can lead to execution of files on any USB device seen as "mass storage". even digital picture frames can infect a PC via USB.

disable Autorun for all device types. i did it using a Registry hack: http://www.computerperformance...a_registry_autorun.htm. the trick works on XP and 2K as well.

There are also GUI options, here's those: http://www.mechbgon.com/build/autoplay.html

 

[Gamingphreek]

Download an Ubuntu or equivalent Linux LiveCD distro. Once booted into Linux, hit CTRL + ALT + F2 to get to the CLI. From there use command line to grab the files that you need.

With the LiveCD loaded onto a RAM Drive, without you clicking on and mounting your HDD, and with you running the CLI, there isn't a way that I can see that the virus can infect the system (Provided you don't run anything questionable and the files you are getting are not infected). I would not trust doing this through windows even a little bit (Not intended to be a knock on Windows in the slightest)

-Kevin

 

[nordloewelabs]

Originally posted by: mechBgon

Originally posted by: nordloewelabs

Originally posted by: RedSquirrelIf it was a CD, you could force execute it with an autorun.inf but USB keys, HDDs etc don't support that.

i believe the Autorun.inf can lead to execution of files on any USB device seen as "mass storage". even digital picture frames can infect a PC via USB.

disable Autorun for all device types. i did it using a Registry hack: http://www.computerperformance...a_registry_autorun.htm. the trick works on XP and 2K as well.

There are also GUI options, here's those: http://www.mechbgon.com/build/autoplay.html

most of the methods mentioned on your page appear to be equivalent to the Registry tweak "NoDriveTypeAutorun". however, i'm not sure about the method that employs TweakUI. is "disabling all drive letters" equivalent to "disabling all drive types"?

not all devices gain a drive letter when connected to Windows, right? examples are MP3 Players, and Digicams. on the other hand, "Autorun" might only execute from devices which have been given a drive letter....(?) not sure, just wondering...

 

[evident]

I ran fsecure on the disk, got rid of virii that i could, then disabled autorun and plugged it into my pc, took off his homework crap, and did a complete reformat. knowing how his dad likes to download everything in the world, i put avira, windows defender, and peer guardian on the system again, but im sure he'll be coming back to me in a year. thanks for all your suggestions guys. i know now what threats there are if i plug in an external drive to my pc :thumbsup:

 

[nordloewelabs]

Originally posted by: evidenti know now what threats there are if i plug in an external drive to my pc :thumbsup:

if you need to plug an USB drive (or digital picture frame) to a computer and you are concerned that:

1) the device might have an Autorun routine,
2) Windows will execute the routine.

you can force Windows to ignore the Autorun by holding down the SHIFT key while you plug the USB device. it's better to disable Autorun altogether, though....