I hope whoever is reading this is doing well. I'll try to be brief, but I want to be sure to include all of the important details. Forgive me if I use incorrect terminology. I have posted this to both the XP Forum and the Howdecrypt topic in General Security as I was not sure which was more suitable. If crossposting is not allowed, please let me know and I'll correct it.
I have an XP desktop machine that has sat dormant for about 8 months. It has four drives in it; An OS drive with XP Home (I think it's Home) and three data drives. I cranked it up and XP booted and recognized two of the data drives. One of the data drives gives me a "this drive needs to be formatted" error. I have a plan for trying to fix that drive and access those important files and I have removed that drive from the system. Otherwise, it booted, but things look different than the last time it was running. I have reason to believe that someone was looking for something on it and possibly used system restore. I'm afraid that this may have introduced a problem.
This system was previously a victim of the "how to decrypt" virus. I worked with Emsisoft, but ultimately had to pay the ransom. After that, I was able to decrypt all of my files except for several very large multi gig files including an irresponsibly large Outlook archive file. So, I shut it down 8 months ago to postpone working with those large files and to postpone the post decryption cleanup of the machine. I had successfully decrypted the majority of the data and removed the essential data, but other priorities called and I had not yet cleaned the system.
Once I booted the system recently, there were some strange things happening that make me think that a secondary ransomware had been triggered, so I shut down quickly. What I would like to do now is remove all of these drives, take note of the SATA connection location/number of each drive (which may be unnecessary), install a new SSD drive and install Windows 10 on the new drive. However, once I am organized in a week or so, I would like to remove the new SSD drive and physically reinstall into the machine the old C drive and possibly the data drives (I will be careful with this to avoid further infection) and explore the shadow copies (if I have any,) the registry, etc. to determine what damage there is.
So, my question is basically: Will removing the current configuration of drives and installing Windows 10 on a new SSD drive cause any change to the shadow copies located on the current C drive (and possibly the data drives) and/or cause any other potential problem with any of the drives regarding data access/recovery in the future. Will I be able to reinstall the current C drive back into the machine as the OS/boot drive in the near future to explore the damage to that system and expect that it will look and behave exactly as before it was removed, as if it had not been removed at all. I will, of course, remove the new Windows 10 SSD before using any of the old system.
I hope I've not been too confusing or used too much incorrect terminology.