Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected HD question


  • Please log in to reply
9 replies to this topic

#1 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:09:23 AM

Posted 27 December 2017 - 08:41 AM

A friend removed and replaced a HD that he tried many things to clean up.  He is up and running but want to format the drive as it was fairly new.  What would be the right to format it, he is worried it may infect the new drive if connected to his system.


Honesty & Integrity Above All!


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:23 AM

Posted 27 December 2017 - 09:22 AM

Not sure I understand the question. In order to format the drive it must be connected to a computer. If it is going to be the system drive, it can be formatted during the installation of the OS. Once you boot to the desktop, an anti virus app should be installed and remain resident at all times.

 

As I said, your question is a bit unclear (at least to me), so if this doesn't answer your question please let us know.

 

EDIT: Sorry - after re-reading your post I get what you're asking. As is pointed out in the responses below, just connecting the drive as a second or third drive (NOT the system or boot drive)  and then formatting it is perfectly safe.


Edited by Allan, 27 December 2017 - 10:53 AM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:23 AM

Posted 27 December 2017 - 09:25 AM

My reasoning...

 

A boot drive...that is not used as a boot drive...does not have the power to infect anything.  It's just another container with a set of files on it, none of which have no power to do anything other than to sit in place while connected as a storage drive.

 

All .exe and other files (.dlls and drivers) which might trigger activity when associated with the O/S...have no association other than as data items when connected as a secondary drive.  The relationship with the infected O/S is of no consequence, in such case..since the infected O/S is not active as a secondary drive.

 

I have a triple boot (XP, Win 7, Win 10) and I have a home network with 2 other computers.  If my XP install became infected...it could conceivably pass said infection to other networked systems via the O/S relationships in a network...but it could not pass the infection to my Win 7 or Win 10 installs...since only one is operative at a single moment in time.

 

A drive connected as a non-boot drive...is just a storage container.

 

Louis


Edited by hamluis, 27 December 2017 - 09:33 AM.


#4 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:09:23 AM

Posted 27 December 2017 - 09:37 AM

Thanks to both for your responses, I will tell him to slave and fire away!


Honesty & Integrity Above All!


#5 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:09:23 AM

Posted 27 December 2017 - 10:13 AM

He is still not convinced!  He got the infection from a thumb drive, he thinks that plugging in or hooking up may have the same result.

 

Phil


Honesty & Integrity Above All!


#6 JohnC_21

JohnC_21

  • Members
  • 24,437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 27 December 2017 - 10:22 AM

If he is paranoid about it then pull the boot drive, attach the HD infected drive, and boot Parted Magic, a linux distro, which has a wipe function. If the computer was pre-installed with Windows 8 or 10 disable SecureBoot and enable Legacy or CSM boot.

 

http://www.afterdawn.com/software/system_tools/partitioning/parted_magic_cd.cfm

 

Edit: Use the External DD command on the disk. That's the safest. Also, if his boot disk is not detached make absolutely sure you are selecting the correct drive. You don't want to wipe the boot disk.

https://www.youtube.com/watch?v=g8t2ZXOMGKY

Edited by JohnC_21, 27 December 2017 - 10:26 AM.


#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,284 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:23 AM

Posted 27 December 2017 - 10:27 AM

So it goes...we are not in the business on convincing...we just offer opinions.

 

Perhaps you might ask him...what his considered opinions re his query...might be.

 

You might also let him know that...one of the most basic methods used by many on drives suspected of housing malware...is the very same technique of attaching said drive to a clean, protected system...and then running appropriate malware-removal tools.

 

Reading Material.

 

Louis



#8 jonuk76

jonuk76

  • Members
  • 2,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:02:23 PM

Posted 27 December 2017 - 10:47 AM

He is still not convinced!  He got the infection from a thumb drive, he thinks that plugging in or hooking up may have the same result.

 

Phil

 

It's possible for malware to take advantage of the auto run feature that Windows can invoke on removable media (USB flash drives, CD's, DVD's etc).  Old versions of Windows had very risky default behaviour that would automatically execute the autorun.inf script on removable media, which is a route by which malware could infect a computer just by inserting a removable drive.  He may wish to disable that feature if applicable.  Newer versions of Windows use a feature called auto play which basically asks you what you want to do when a removable drive is inserted.  If you choose "take no action" it will indeed take no action - no program will be automatically run which could trigger an infection.


7sbvuf-6.png


#9 mjd420nova

mjd420nova

  • Members
  • 1,846 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 27 December 2017 - 11:41 AM

Over the years I've recovered many drives that were infected.  The first is to isolate the system to be used to recover and clean/format the drive, no ethernet or wifi.  Then by adding as a slave or secondary drive, run a full virus scan and delete any files as directed.  Then you can sort the rest and copy files to another drive or removable media (DVD/CD).  Then using the current OS, format the drive.



#10 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:09:23 AM

Posted 27 December 2017 - 12:20 PM

I sent John's link and said read the post!  You all and I have done our part!

 

Thanks Guys!

 

Phil


Honesty & Integrity Above All!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users