Re: transferring files from infected drive.

On Jul 31, 12:40 pm, "Pegasus \(MVP\)" <I....@xxxxxxx> wrote:
"Joseph O'Brien" <obrien1...@xxxxxxxxxxx> wrote in message

news:1185894430.142692.256190@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





Hello, everyone. I have a computer that has been infected with a virus/
worm/trojan/whatever. I'm not completely sure which one, but my
computer does the automatic shutdown thing (initiated by NT Authority
\System).

I think I have the virus cleaned off, but the OS has been damaged. Can
someone who knows advise me on the plan below?

1) Remove suspect drive from PC. Replace with a new, store-bought
drive.
2) Install clean OS, updates programs, virus scan, etc.
3) Re-attach suspect drive as slave.
4) Copy necessary files over from suspect drive, leaving out Program
Files and anything in ~\Local Settings.

I do have backups, but they are most likely infected as well. I was
thinking that it might be easier to just pull the files directly off
the suspect drive, rather than transfer them to an external drive.
However, I want to be sure that whatever was on the suspect drive
doesn't "jump ship" to the good drive. I assume that, as long as the
MBR of the new drive is clean, and as long as I don't open an
executable that contains the virus, then I should be OK.

Is this a correct assumption?

Thanks.
Joseph

There is not much I can add to the replies you received
from the other respondents but I wonder what's happened
to the noble art of backing up important files at regular
intervals, eg. once a week? Next time you might not be
so lucky - your disk might become unreadable.- Hide quoted text -

- Show quoted text -

I actually have a few pretty good backups. Problem is, I don't trust
them. This is a long story, so I won't go into it, but I suspect that
this malware has been "hiding" latent on the drive for a while (maybe
as a rootkit?). I could restore the files from the backup, but I just
think it would be easier to go straight to the source and get the most
recent files, rather than worrying about restoring incremental
backups, etc. The data's there, and I could restore files from it if I
had to. You have a good point, though.

Thanks everyone.

Joseph

.

Relevant Pages

  • Re: Mailbox Backup
    ... The key point is number 12, the Recovery storage group. ... this allows you to restore your entire Exchange store to this special ... > Individual mailbox backups are not supported in ...
    (microsoft.public.windows.server.sbs)
  • Re: XP Home & hacktool
    ... virus in the restore point. ... > The infector is rendered impotent while in quarantine. ... > FireWall to allow it to download the needed AV vendor related files. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows Backup Utility Question
    ... Acronis True Image ... If you're just wanting to do backups of the user folders, ... We normally have Backup Plus run at night, backing up incrementally to DVD, ... It's important to periodically verify that you can restore ...
    (microsoft.public.windowsxp.general)
  • Re: How Safe are Backups?
    ... we do SQL backups as well. ... the STSADM backups are really only for document and ... restore our site to another box, I install everything and configure it ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: parallel backup and restore w onbar
    ... The reason I want to do it is for speeding up the backups and restores. ... parallel backup and restore w onbar ... Each table is a different dbspace ...
    (comp.databases.informix)