Posted 12 October 2010 - 10:05 AM
I have a Windows XP machine that was pretty close to state of the art in 2004. It has been showing its age, so it was already time for a fresh, clean OS install. Recently, it got infected with some kind of a Trojan. Between Malwarebytes' Antimalware and McAffee Total Security I have removed almost 100 instances of many different Trojans. I want to get it as clean as possible, but I have decided that now is as good a time as any to buy a new computer. I will probably order that tonight.
One or more of the identified Trojans were of the IRC bot variety. So I definitely want to wipe and start fresh, but I also need data off the computer first. Here's what I have to work with:
1) I have an external USB hard drive with older backup data. That is my fallback plan. This has not been plugged in recently, so I am reasonably sure it is safe, but that also means the backups are out of date. I also have my most critical recent data backed up on a USB key that was purchased AFTER the machine was infected.
2) I have ordered an additional USB hard drive which will be my new backup medium.
3) I am ordering the new computer that I have selected.
4) The infected machine is turned off and unplugged from the network. I will be working with someone here to disinfect it, but as all the disclaimers on here state, once you have had a backdoor Trojan, you are better off with a clean OS install.
My basic plan is as follows:
1) Get the infected machine as clean as possible. (See my other thread, if you are interested.)
2) Plug the new external drive into the old computer, copy all (some? most?) of the data onto the external drive.
3) Plug the external drive into some computer (which one?) and run as many scans on it as I can find without executing anything.
4) Plug in the external drive on the new computer and copy all (some? most?) of the data from the external drive to the new computer.
5) When I am sure I have everything that I want/need from the old computer, I will wipe it and start with a fresh install.
So, my specific questions:
On step 2... what can I / can't I safely move? Or what parts are the least safe to move?
On step 3, which computer should I use to scan the external drive? The old computer, which is partially disinfected now, and might be better, but is unknown? Or the new computer? Will I risk infecting it? Or yet another computer?
Do you have any other advice about restoring as much of my data as possible, as safely as possible?