Retrieving data from infected drive

Suppose I have a hard drive that's infected with serious malware (like a rootkit) and I need to retrieve some files off of it. Would it  be safe to plug it into another PC as a secondary drive? After all, if its not going to be the boot drive, the malware won't become active. Is that a correct assumption?
     P.S. this is just for future reference. I currently do not need to access anything off of an infected drive.
john8217Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aadihCommented:
Yes. It is a working-safe assumption.
0
Daniel HelgenbergerCommented:
If it is a well coded root kit or virus I would not say this is safe at all.

I suggest this procedure:

- Install a working virus scanner on your Windows OS
- Boot your PC from any Linux live system.
- Make sure your local (windows) drive is not mounted
- mount the infected drive, copy over the files you need on a USB stick.
- wipe the partition table of the infected drive
- start your Windows again, scan plug in the Stick and scan it.

IMHO chances are really slim your virus/rootkit is on this USB stick in the first place; if so it was in one of the files you copied.
0
Dave HoweSoftware and Hardware EngineerCommented:
Rootkits can't infect machines by being mounted as a secondary drive *BUT* that doesn't mean the drive doesn't have something else nasty on it that could autorun if mounted on a windows pc.

I usually recommend instead booting from a linux live-cd and copying to a freshly formatted usb stick, then disinfecting said stick on a machine with decent AV before looking at anything (or using viewers other than the standard; for example, using openoffice to read ms office documents, most linux live cds come with that already available)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

McKnifeCommented:
Of course it's inactive no matter how good it is coded. The only possible way to become infected now is to activate autorun-on-connect, but that is off by default.
0
Dave HoweSoftware and Hardware EngineerCommented:
or by opening an infected document that has scripting capabilities (such as pdf)
0
john8217Author Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.