Best practice for working on RAID-1 drive removed from system for Malware removal

Hello experts!

Thanks in advance for sharing your great wisdom.
:)

I frequently am asked to help people remove Malware from their computers’ hard drive.  I have used BART PE and that sort of thing, but have found that the best way (other than the obvious “ideal” way of reformatting and reinstalling) is for me to simply remove the hard drive from the compromised computer, and mount  it as a standalone drive off of my system, and then run the spyware, adware, virus removal utilities on it.

This works great, but I have never had to do this on a RAID-1 set of drives.

Can anyone tell me please the best way to accomplish this?  I am not really in a position to just reinstall Windows, because it is a friends system that has a lot of software that would be difficult to reinstall.

I wonder if I should remove one drive and break the mirror, and then run my scans and utilities on the single drive.  Then install it back in the other system and recreate a new RAID-1.  I am unsure and a little apprehensive.

Does anyone have any advice or tips, or warnings?  All off which would certainly be welcome!

Thanks very much!
- Joe
JOE-BULLITTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AustinComputerLabsCommented:
Is this software or hardware RAID?
Is there an add on card performing the RAID or using windows RAID?
0
JOE-BULLITTAuthor Commented:
This is an HP Laptop using the HP RAID software
Thanks for your help!
0
WolfhereCommented:
In a mirror, one drive is the mirror of the other. So to break the mirror, and scan each drive individually then rebuild would be pretty painful and could result in failure (dependent on whether software or hardware raid). That is failure as in starting over from scratch.
I would suggest keeping the drives in place and running unhackme and or malwarebytes. Both can be installed and run from safe mode and of course with free versions. I do not know the specific problem your friends machine is having, but scanning a raid1 is actually faster than a non-raid volume. And definitely faster than breaking, scanning individually and rebuilding.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JOE-BULLITTAuthor Commented:
Thanks for the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.