Avatar of john8217
john8217 asked on

Retrieving data from infected drive

Suppose I have a hard drive that's infected with serious malware (like a rootkit) and I need to retrieve some files off of it. Would it  be safe to plug it into another PC as a secondary drive? After all, if its not going to be the boot drive, the malware won't become active. Is that a correct assumption?
     P.S. this is just for future reference. I currently do not need to access anything off of an infected drive.
Anti-Virus AppsOS SecurityVulnerabilities

Avatar of undefined
Last Comment
john8217

8/22/2022 - Mon
aadih

Yes. It is a working-safe assumption.
Member_2_6582184

If it is a well coded root kit or virus I would not say this is safe at all.

I suggest this procedure:

- Install a working virus scanner on your Windows OS
- Boot your PC from any Linux live system.
- Make sure your local (windows) drive is not mounted
- mount the infected drive, copy over the files you need on a USB stick.
- wipe the partition table of the infected drive
- start your Windows again, scan plug in the Stick and scan it.

IMHO chances are really slim your virus/rootkit is on this USB stick in the first place; if so it was in one of the files you copied.
ASKER CERTIFIED SOLUTION
Dave Howe

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
McKnife

Of course it's inactive no matter how good it is coded. The only possible way to become infected now is to activate autorun-on-connect, but that is off by default.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Dave Howe

or by opening an infected document that has scripting capabilities (such as pdf)
ASKER
john8217

Thanks