TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Microsoft > Windows XP

transferring files from infected drive.

Windows XP

 
 
Thread Tools Display Modes
Unread 27-08-2007, 05:47 PM   #1
Joseph O'Brien
Guest
 
Posts: n/a
transferring files from infected drive.

Hello, everyone. I have a computer that has been infected with a virus/
worm/trojan/whatever. I'm not completely sure which one, but my
computer does the automatic shutdown thing (initiated by NT Authority
\System).

I think I have the virus cleaned off, but the OS has been damaged. Can
someone who knows advise me on the plan below?

1) Remove suspect drive from PC. Replace with a new, store-bought
drive.
2) Install clean OS, updates programs, virus scan, etc.
3) Re-attach suspect drive as slave.
4) Copy necessary files over from suspect drive, leaving out Program
Files and anything in ~\Local Settings.

I do have backups, but they are most likely infected as well. I was
thinking that it might be easier to just pull the files directly off
the suspect drive, rather than transfer them to an external drive.
However, I want to be sure that whatever was on the suspect drive
doesn't "jump ship" to the good drive. I assume that, as long as the
MBR of the new drive is clean, and as long as I don't open an
executable that contains the virus, then I should be OK.

Is this a correct assumption?

Thanks.
Joseph

 
Unread 27-08-2007, 05:47 PM   #2
HeyBub
Guest
 
Posts: n/a
Re: transferring files from infected drive.

Joseph O'Brien wrote:
> Hello, everyone. I have a computer that has been infected with a
> virus/ worm/trojan/whatever. I'm not completely sure which one, but my
> computer does the automatic shutdown thing (initiated by NT Authority
> \System).
>
> I think I have the virus cleaned off, but the OS has been damaged. Can
> someone who knows advise me on the plan below?
>
> 1) Remove suspect drive from PC. Replace with a new, store-bought
> drive.
> 2) Install clean OS, updates programs, virus scan, etc.
> 3) Re-attach suspect drive as slave.
> 4) Copy necessary files over from suspect drive, leaving out Program
> Files and anything in ~\Local Settings.
>
> I do have backups, but they are most likely infected as well. I was
> thinking that it might be easier to just pull the files directly off
> the suspect drive, rather than transfer them to an external drive.
> However, I want to be sure that whatever was on the suspect drive
> doesn't "jump ship" to the good drive. I assume that, as long as the
> MBR of the new drive is clean, and as long as I don't open an
> executable that contains the virus, then I should be OK.
>
> Is this a correct assumption?


Possibly not. For example, I don't think virus detectors will catch the
movement of a virus via a COPY command. Further, virus vectors include stuff
other than EXE files. They're found in DOC files, JAVA applets,
god-knows-what.

I'd hit the "infected" drive with every malware sanitizer I could find
before I moved anything to the new drive.


 
Unread 27-08-2007, 05:47 PM   #3
nass
Guest
 
Posts: n/a
RE: transferring files from infected drive.



"Joseph O'Brien" wrote:

> Hello, everyone. I have a computer that has been infected with a virus/
> worm/trojan/whatever. I'm not completely sure which one, but my
> computer does the automatic shutdown thing (initiated by NT Authority
> \System).
>
> I think I have the virus cleaned off, but the OS has been damaged. Can
> someone who knows advise me on the plan below?
>
> 1) Remove suspect drive from PC. Replace with a new, store-bought
> drive.
> 2) Install clean OS, updates programs, virus scan, etc.
> 3) Re-attach suspect drive as slave.
> 4) Copy necessary files over from suspect drive, leaving out Program
> Files and anything in ~\Local Settings.
>
> I do have backups, but they are most likely infected as well. I was
> thinking that it might be easier to just pull the files directly off
> the suspect drive, rather than transfer them to an external drive.
> However, I want to be sure that whatever was on the suspect drive
> doesn't "jump ship" to the good drive. I assume that, as long as the
> MBR of the new drive is clean, and as long as I don't open an
> executable that contains the virus, then I should be OK.
>
> Is this a correct assumption?
>
> Thanks.
> Joseph


Hi Joseph,
I will scan this Hard drive/System from more than one vendor for both
Viruses and malware.
Then Hook this Hard Drive in another machine as Slave ( you will find a
diagram on the HDD on how to make this), Copy the Data into its own Folders,
say JoesData = the name of the folder and copy it to the Desktop.
Take back the damaged HDD to its case and perform your clean installation,
when you performed a successful installation of the Operating System Don't
connect to the Internet Yet install the Anti-Virus you have and an
anti-malware program then try to establish a connection to the internet (Set
up your Network), Update the AV,Anti-Malware and the System till SP2 pack,
then Copy the Folder on a Removable CD/DVD and Copy the Data to the desired
location (you can scan it first before open it or execute any file/Folder.
You can find detailed instructions here:
http://michaelstevenstech.com/cleanxpinstall.html
HTH.
nass
 
Unread 27-08-2007, 05:47 PM   #4
Pegasus \(MVP\)
Guest
 
Posts: n/a
Re: transferring files from infected drive.


"Joseph O'Brien" <obrien1984*************> wrote in message
news:1185894430.142692.256190@r34g2000hsd.googlegr oups.com...
> Hello, everyone. I have a computer that has been infected with a virus/
> worm/trojan/whatever. I'm not completely sure which one, but my
> computer does the automatic shutdown thing (initiated by NT Authority
> \System).
>
> I think I have the virus cleaned off, but the OS has been damaged. Can
> someone who knows advise me on the plan below?
>
> 1) Remove suspect drive from PC. Replace with a new, store-bought
> drive.
> 2) Install clean OS, updates programs, virus scan, etc.
> 3) Re-attach suspect drive as slave.
> 4) Copy necessary files over from suspect drive, leaving out Program
> Files and anything in ~\Local Settings.
>
> I do have backups, but they are most likely infected as well. I was
> thinking that it might be easier to just pull the files directly off
> the suspect drive, rather than transfer them to an external drive.
> However, I want to be sure that whatever was on the suspect drive
> doesn't "jump ship" to the good drive. I assume that, as long as the
> MBR of the new drive is clean, and as long as I don't open an
> executable that contains the virus, then I should be OK.
>
> Is this a correct assumption?
>
> Thanks.
> Joseph
>


There is not much I can add to the replies you received
from the other respondents but I wonder what's happened
to the noble art of backing up important files at regular
intervals, eg. once a week? Next time you might not be
so lucky - your disk might become unreadable.


 
Unread 27-08-2007, 05:48 PM   #5
Joseph O'Brien
Guest
 
Posts: n/a
Re: transferring files from infected drive.

On Jul 31, 12:40 pm, "Pegasus \(MVP\)" <I....@fly.com> wrote:
> "Joseph O'Brien" <obrien1...*************> wrote in message
>
> news:1185894430.142692.256190@r34g2000hsd.googlegr oups.com...
>
>
>
>
>
> > Hello, everyone. I have a computer that has been infected with a virus/
> > worm/trojan/whatever. I'm not completely sure which one, but my
> > computer does the automatic shutdown thing (initiated by NT Authority
> > \System).

>
> > I think I have the virus cleaned off, but the OS has been damaged. Can
> > someone who knows advise me on the plan below?

>
> > 1) Remove suspect drive from PC. Replace with a new, store-bought
> > drive.
> > 2) Install clean OS, updates programs, virus scan, etc.
> > 3) Re-attach suspect drive as slave.
> > 4) Copy necessary files over from suspect drive, leaving out Program
> > Files and anything in ~\Local Settings.

>
> > I do have backups, but they are most likely infected as well. I was
> > thinking that it might be easier to just pull the files directly off
> > the suspect drive, rather than transfer them to an external drive.
> > However, I want to be sure that whatever was on the suspect drive
> > doesn't "jump ship" to the good drive. I assume that, as long as the
> > MBR of the new drive is clean, and as long as I don't open an
> > executable that contains the virus, then I should be OK.

>
> > Is this a correct assumption?

>
> > Thanks.
> > Joseph

>
> There is not much I can add to the replies you received
> from the other respondents but I wonder what's happened
> to the noble art of backing up important files at regular
> intervals, eg. once a week? Next time you might not be
> so lucky - your disk might become unreadable.- Hide quoted text -
>
> - Show quoted text -


I actually have a few pretty good backups. Problem is, I don't trust
them. This is a long story, so I won't go into it, but I suspect that
this malware has been "hiding" latent on the drive for a while (maybe
as a rootkit?). I could restore the files from the backup, but I just
think it would be easier to go straight to the source and get the most
recent files, rather than worrying about restoring incremental
backups, etc. The data's there, and I could restore files from it if I
had to. You have a good point, though.

Thanks everyone.

Joseph

 
 

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem transferring WMV files in PowerPoint Bill Microsoft Office 0 28-08-2007 09:09 AM
Transferring files TonyPH Windows XP 5 27-08-2007 05:55 PM
Transferring Files Andy Windows Vista All 0 17-08-2007 09:42 AM
How to transfer setting from an infected drive JohnF Windows XP 2 16-08-2007 11:47 AM
Transferring files from a Mac to an external drive jon.mckeown@gmail.com Windows XP 2 16-08-2007 09:03 AM


< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 06:57 AM.


vBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2013, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional