I am now running 7 and i am infected with something. How do i clean the external hard drive so that i can keep the data.
You need to clean the infected machine unless you plan on reformatting and doing a clean install. Without doing that you will only infect any external drives you plug into that machine.
External storage media and flash (usb, pen, thumb, jump) drives are prone to infections which involve malware that modifies and loads an autorun.inf
(text-based configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun
looks for autorun.inf and automatically executes the malicious file to run silently on your computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.Keeping Autorun enabled
on USB (pen, thumb, jump) and other removable drives has become a significant security risk
due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
You can hold down the Shift key
when inserting the drive into your computer until Windows detects it to keep autorun.inf from executing automatically. However, many security experts recommend you disable Autorun asap
as a method of prevention. Microsoft recommends doing the same
Microsoft Security Advisory (967940): Update for Windows AutorunNote: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful. Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. I strongly recommend you leave the autorun feature disabled and get into the habit of accessing your media devices manually.
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...
An easy way to disable Autorun on a specific drive is to download and use Microsoft Power Toy Tweak UI
and then follow these instructions
If using Windows XP Pro you can also use the Group Policy Editor
to disable the autorun for USB & CD-ROM devices. To do this, please refer to:
If using Windows Vista
, please refer to:
If using Windows 7
, please refer to:Note: For steps that require registry changes, always back up your registry before making any changes
However, disabling AutoRun is not enough
. See Scott Dunn's One quick trick prevents AutoRun attacks
. For most novice users, the easiest way to inoculate a USB Flash Drive is to create a Read-only
folder on the drive named autorun.inf and place a small file inside it. Do not delete this folder
...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
Alternatively, you can download and use Panda USB Vaccine
. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF
as protection against malicious code. The Panda Resarch Blog
advises that once USB drives have been vaccinated, they cannot be reversed except with a format
. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
Finally, always scan USB flash drives and any external storage media after they have been used in other computer systems, even your own. An easy way to do this is to download ClamWin Portable Antivirus
, put it on your USB Flash Drive, update its definition files and perform a scan.
You can also download and scan with:
- Norman Malware Cleaner. Be sure to print out the instructions provided on the same page. For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
- Dr.Web CureIt. Choose Custom Scan after the Express Scan has finished to add your usb drive to the scan.