Re: transferring files from infected drive.
- From: "HeyBub" <heybub@xxxxxxxxx>
- Date: Tue, 31 Jul 2007 11:07:32 -0500
Joseph O'Brien wrote:
Hello, everyone. I have a computer that has been infected with a
virus/ worm/trojan/whatever. I'm not completely sure which one, but my
computer does the automatic shutdown thing (initiated by NT Authority
\System).
I think I have the virus cleaned off, but the OS has been damaged. Can
someone who knows advise me on the plan below?
1) Remove suspect drive from PC. Replace with a new, store-bought
drive.
2) Install clean OS, updates programs, virus scan, etc.
3) Re-attach suspect drive as slave.
4) Copy necessary files over from suspect drive, leaving out Program
Files and anything in ~\Local Settings.
I do have backups, but they are most likely infected as well. I was
thinking that it might be easier to just pull the files directly off
the suspect drive, rather than transfer them to an external drive.
However, I want to be sure that whatever was on the suspect drive
doesn't "jump ship" to the good drive. I assume that, as long as the
MBR of the new drive is clean, and as long as I don't open an
executable that contains the virus, then I should be OK.
Is this a correct assumption?
Possibly not. For example, I don't think virus detectors will catch the
movement of a virus via a COPY command. Further, virus vectors include stuff
other than EXE files. They're found in DOC files, JAVA applets,
god-knows-what.
I'd hit the "infected" drive with every malware sanitizer I could find
before I moved anything to the new drive.
.
- References:
- transferring files from infected drive.
- From: Joseph O'Brien
- transferring files from infected drive.
- Prev by Date: Re: Upgraded from Win 2K to Win XP Home Edition : Apps Not Working
- Next by Date: Re: Xp Pro locks system up
- Previous by thread: transferring files from infected drive.
- Next by thread: Re: transferring files from infected drive.
- Index(es):
Relevant Pages
|
|
