Summary: Mounting a disk drive on your system can expose you to various types of malware, most notably viruses. We'll look at steps to do so safely.
I have a hard drive that was diagnosed with a virus. I had it replaced but it contains many files (pictures, data, etc.) that I would like to recover. Would it be safe to connect it to my computer as a secondary drive and attempt to copy those files to my computer's primary drive?
•
I'm a tad concerned that there's more going on here than you've stated. There's no reason to replace a drive just because it contains a virus. Viruses don't harm the hardware in any way that would necessitate replacement.
That having been said, your question is a good one: does mounting any disk, be it a hard drive, DVD, CD-ROM or even a floppy, that contains a virus put your system at risk?
Yes, of course there's risk. But the risk is in what you do after you mount it.
•
The key to viruses that inhabit some kind of media is that they must be run. By that I mean that some program that contains the virus must actually be executed on your computer in order for the virus to infect you. As long as the virus isn't executed, its mere presence doesn't actually do anything. It simply lays in wait.
So, yes, you're quite safe to mount your hard drive and copy files off of it, as long as you don't copy or execute any file that is infected with a virus. Seems simple, right?
Things are rarely simple.
At issue is how to make certain that nothing on that infected hard drive is executed.
My actual recommendation is to run an up-to-date anti-virus scan of the drive once you've mounted it. Let the scanner actually delete or at least quarantine any of the files that it finds are infected. Scan again - and if your scanner reports no viruses, where it did before, you're likely clean, and can copy away to your hearts content. (I must emphasize that it's very important that your anti-virus program's database of viruses be up to date, to make sure to catch even the most recent threats.)
A common "gotcha" on removable media - meaning CDs, USB flash drives and the like - is "autorun". This rarely applies to hard disks (though I've heard reports that it can). As soon as you insert the media, Windows looks for, and then executes the autorun information on the media. That puts you at immediate risk if that media has been infected. If you suspect issues, I actually recommend turning of auto-run on all devices, at least until you have your situation recovered and cleaned up.
So after all that, the last remaining piece of advice? Don't run anything from the infected drive. That means, essentially, don't double click on anything. Copy off your pictures and other data, taking care to avoid any program files or other executables.
And then once you have everything you want saved off of the drive, format it. This will erase all its contents, including any malware, and give you lots of room to copy whatever you like back to it.
In a case like this, I often look at the extra drive as a candidate for an external USB enclosure. That way I can plug the now extra drive into any machine I might want to.
And as a closing reminder: if that drive was the only place you were keeping your data, you haven't been backing up. Now's also a good time to consider implementing a backup strategy. That extra, empty drive you now have might be just the thing to use.
Related:
-
Ask Leo! - How do I *really* disable auto-play in Windows XP?
-
Ask Leo! - What backup program should I use?
Article C2924 - February 6, 2007
I always suggest connecting such a drive to a MAC. Most Mac's can't get the same version of viruses as PCs so it's safe to collect your files AFTER you've run a thorough scan to be sure those files are not damaged. Then you can reformat the disc using the Mac to completely and utterly erase the problem. Then put it back into your PC and reformat again and you'll definitely be rid of the problem.
The whole reason we have kept my husband's 8 year old Mac is for problems like this
Posted by: Betty at February 7, 2007 1:28 PMA similar method to the one posted above is to attach the drive, and then access it via Linux, either through a live CD or a machine that actually has it installed. Same principle as the Mac; viruses for windows tend to not cross over much.
Posted by: mark at February 7, 2007 3:38 PMI think the best way is to have antivirus software monitor on the computer where you add/mount the drive with the virus. The antivirus software will block access to the infected file.
But you can add it too without antivirus software installed, if you know exactly what files are infected, if you don't execute them, the risk for your computer is minimal.
Posted by: Lucian at February 10, 2007 12:37 PMFour years ago I bought a HP at OfficeMax. Cost $799.99 plus tax and then I also wanted to be on the safe side and got the MaxAssurance.
Posted by: Sharon at February 12, 2007 8:45 AMWell, about a year and a half ago I started having small problems with my computer and they sent a person (I though he was certified, NOT) to my house to check out my computer and fix the problem.
The last time he came was about a week before my contract ran out.
I was having graphic problems, the screen was off set and it was only happening at start up.
They started to "fix" my problems and it wasn't working.
I believed then and do now that it was a program I put on my computer was at fault.
I didn't know what program it was so I let him "work his whatever".
They put in a "new" motherboard and set a "new"
monitor.
Neither fixed the problem and they said that I was on my own.
They refused to fix what was wrong with my computer and when they did that, my monitor was shipped to me with scratches on it and the computer was coming up with Compaq on the screen, off set.
I decided to just put the windows xp back on the computer to just get rid of all the problems. (they would not come back and fix what they had messed up and would not fix the problems with my computer because they said that my contract had run out!!)
When I tried to re-load my computer, I am now getting I can not get into the darn thing because I believe the motherboard is not the original one and the program will not load.
I am stuck with a computer I paid (with tax and insurance cost) $1000.00 and can't use!
Anyone help at all PLEASE
A few things I want to address: when opening folders(even the drive itself) would the display(thumbnails) be executing any files in order to display their visual snippets?
Posted by: snail at November 12, 2009 8:34 PMAlso as far as moving to a Unix OS to then inspect, especially on a system that contains your system(as in either the LiveBoot or DualBoot option used on the same system holding your hard drive with your OS(Windows or Mac or Linux), your risk of exposure is still present. For instance, suppose you downloaded a Linux virus, a Mac virus, and a Windows virus. How would you know, anyway? Well, by entering a system, any one of these viruses could passively infect any of your operating systems *(whether executed in a user-negligent action(copying all and pasting) or unforeseen dangers like embedded viruses within pictures)
*I'm not sure if a LiveCD/LiveFlashDrive OS would be susceptible to viruses because of its relatively fixed state of system ~employment.
Dual boot options are double the risk in that one file inadvertently may corrupt the other OS's you use.