Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is it safe to connect a drive infected with a virus to my computer?

Question:

I have a hard drive that was diagnosed with a virus. I had it replaced but
it contains many files (pictures, data, etc.) that I would like to recover.
Would it be safe to connect it to my computer as a secondary drive and attempt
to copy those files to my computer’s primary drive?

I’m a tad concerned that there’s more going on here than you’ve stated.
There’s no reason to replace a drive just because it contains a virus. Viruses
don’t harm the hardware in any way that would necessitate replacement.

That having been said, your question is a good one: does mounting any disk,
be it a hard drive, DVD, CD-ROM or even a floppy, that contains a virus put
your system at risk?

Yes, of course there’s risk. But the risk is in what you do after you mount
it.

Become a Patron of Ask Leo! and go ad-free!

The key to viruses that inhabit some kind of media is that they must be run.
By that I mean that some program that contains the virus must actually be
executed on your computer in order for the virus to infect you. As long as the
virus isn’t executed, its mere presence doesn’t actually do anything. It simply
lays in wait.

So, yes, you’re quite safe to mount your hard drive and copy files off of
it, as long as you don’t copy or execute any file that is infected with a
virus. Seems simple, right?

Things are rarely simple.

At issue is how to make certain that nothing on that infected hard drive is
executed.

My actual recommendation is to run an up-to-date anti-virus scan of the
drive once you’ve mounted it. Let the scanner actually delete or at least
quarantine any of the files that it finds are infected. Scan again – and if
your scanner reports no viruses, where it did before, you’re likely clean, and
can copy away to your hearts content. (I must emphasize that it’s very
important that your anti-virus program’s database of viruses be up to date, to
make sure to catch even the most recent threats.)

“My actual recommendation is to run an up-to-date
anti-virus scan of the drive once you’ve mounted it.”

A common “gotcha” on removable media – meaning CDs, USB flash drives and the
like – is “autorun”. This rarely applies to hard disks (though I’ve heard
reports that it can). As soon as you insert the media, Windows looks for, and
then executes the autorun information on the media. That puts you at
immediate risk if that media has been infected. If you suspect issues, I
actually recommend turning of auto-run on all devices, at least until you have
your situation recovered and cleaned up.

So after all that, the last remaining piece of advice? Don’t run anything
from the infected drive. That means, essentially, don’t double click
on anything. Copy off your pictures and other data, taking care to avoid any
program files or other executables.

And then once you have everything you want saved off of the drive, format
it. This will erase all its contents, including any malware, and give you lots
of room to copy whatever you like back to it.

In a case like this, I often look at the extra drive as a candidate for an
external USB enclosure. That way I can plug the now extra drive into any
machine I might want to.

And as a closing reminder: if that drive was the only place you were keeping
your data, you haven’t been backing up. Now’s also a good time to consider
implementing a backup strategy. That extra, empty drive you now have might be
just the thing to use.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “Is it safe to connect a drive infected with a virus to my computer?”

  1. I always suggest connecting such a drive to a MAC. Most Mac’s can’t get the same version of viruses as PCs so it’s safe to collect your files AFTER you’ve run a thorough scan to be sure those files are not damaged. Then you can reformat the disc using the Mac to completely and utterly erase the problem. Then put it back into your PC and reformat again and you’ll definitely be rid of the problem.

    The whole reason we have kept my husband’s 8 year old Mac is for problems like this

    Reply
  2. A similar method to the one posted above is to attach the drive, and then access it via Linux, either through a live CD or a machine that actually has it installed. Same principle as the Mac; viruses for windows tend to not cross over much.

    Reply
  3. I think the best way is to have antivirus software monitor on the computer where you add/mount the drive with the virus. The antivirus software will block access to the infected file.

    But you can add it too without antivirus software installed, if you know exactly what files are infected, if you don’t execute them, the risk for your computer is minimal.

    Reply
  4. Four years ago I bought a HP at OfficeMax. Cost $799.99 plus tax and then I also wanted to be on the safe side and got the MaxAssurance.
    Well, about a year and a half ago I started having small problems with my computer and they sent a person (I though he was certified, NOT) to my house to check out my computer and fix the problem.
    The last time he came was about a week before my contract ran out.
    I was having graphic problems, the screen was off set and it was only happening at start up.
    They started to “fix” my problems and it wasn’t working.
    I believed then and do now that it was a program I put on my computer was at fault.
    I didn’t know what program it was so I let him “work his whatever”.
    They put in a “new” motherboard and set a “new”
    monitor.
    Neither fixed the problem and they said that I was on my own.
    They refused to fix what was wrong with my computer and when they did that, my monitor was shipped to me with scratches on it and the computer was coming up with Compaq on the screen, off set.
    I decided to just put the windows xp back on the computer to just get rid of all the problems. (they would not come back and fix what they had messed up and would not fix the problems with my computer because they said that my contract had run out!!)
    When I tried to re-load my computer, I am now getting I can not get into the darn thing because I believe the motherboard is not the original one and the program will not load.
    I am stuck with a computer I paid (with tax and insurance cost) $1000.00 and can’t use!
    Anyone help at all PLEASE

    Reply
  5. A few things I want to address: when opening folders(even the drive itself) would the display(thumbnails) be executing any files in order to display their visual snippets?
    Also as far as moving to a Unix OS to then inspect, especially on a system that contains your system(as in either the LiveBoot or DualBoot option used on the same system holding your hard drive with your OS(Windows or Mac or Linux), your risk of exposure is still present. For instance, suppose you downloaded a Linux virus, a Mac virus, and a Windows virus. How would you know, anyway? Well, by entering a system, any one of these viruses could passively infect any of your operating systems *(whether executed in a user-negligent action(copying all and pasting) or unforeseen dangers like embedded viruses within pictures)
    *I’m not sure if a LiveCD/LiveFlashDrive OS would be susceptible to viruses because of its relatively fixed state of system ~employment.
    Dual boot options are double the risk in that one file inadvertently may corrupt the other OS’s you use.

    Reply
  6. My 5 year old desktop was infected with something a few months ago. I have Process Explorer and can see a list of random looking letters and numbers listed as one of the DLLs under IE. It says it’s located in the Temporary Internet Files and contains “Anti-Phishing”, though I’ve looked in every way I know how to and cannot find this file. My Avast said my pc was clean, but it keeps re-directing my browser to some ad site or to random search pages. I’ve used Safe Mode with Networking to download another product that was highly rated, and still it keeps showing up in addition to the unbelievably slow performance. Recently, I bought a new laptop and I’d like to know if there is a way to scan the old computer using my anti-virus on the laptop prior to copying the files to some form of removable media; so that I can at least get pictures and necessary documents off without risking infection to the new laptop. Don’t have a Mac and my technical skills are not going to be up to learing Linux. Just want to get some pictures, some necessary files, and then wipe the old computer clean–along with the nasty little whatever it is–preferably without infecting my new one.

    Would sincerely appreciate the help.

    Reply
  7. This comment is for sharon even thought this thread is quite old, a lot of the malware/spyware thats out there can hijack your browser settings making it redirect to other things. A great program for this is hijackthis, there are tons of forums out there that you can post your log and they will tell you what is causing you problems. It is also great for other malware affecting your system not only your browser as it scans your whole computer, the registry everything that starts up and all the components loading into your browser. Hope this helps someone :)

    Reply
  8. My desktop computer was infected with a virus that cannot easily be removed. We are going to try the Power Eraser from Norton Internet Security. My question is: Will we be infected with the virus if we copy the photos and program files before running the Power Eraser Scan? Thanks for your help!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.