Avatar of john8217

asked on 

Retrieving data from infected drive

Suppose I have a hard drive that's infected with serious malware (like a rootkit) and I need to retrieve some files off of it. Would it  be safe to plug it into another PC as a secondary drive? After all, if its not going to be the boot drive, the malware won't become active. Is that a correct assumption?
     P.S. this is just for future reference. I currently do not need to access anything off of an infected drive.
Anti-Virus AppsOS SecurityVulnerabilities

Avatar of undefined
Last Comment
Avatar of aadih
Flag of United States of America image

Yes. It is a working-safe assumption.
If it is a well coded root kit or virus I would not say this is safe at all.

I suggest this procedure:

- Install a working virus scanner on your Windows OS
- Boot your PC from any Linux live system.
- Make sure your local (windows) drive is not mounted
- mount the infected drive, copy over the files you need on a USB stick.
- wipe the partition table of the infected drive
- start your Windows again, scan plug in the Stick and scan it.

IMHO chances are really slim your virus/rootkit is on this USB stick in the first place; if so it was in one of the files you copied.
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of McKnife
Flag of Germany image

Of course it's inactive no matter how good it is coded. The only possible way to become infected now is to activate autorun-on-connect, but that is off by default.
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

or by opening an infected document that has scripting capabilities (such as pdf)
Avatar of john8217


Anti-Virus Apps
Anti-Virus Apps

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo