Helping people with computers... one answer at a time.

Mounting a disk drive on your system can expose you to various types of malware, most notably viruses. We'll look at steps to do so safely.

I have a hard drive that was diagnosed with a virus. I had it replaced but it contains many files (pictures, data, etc.) that I would like to recover. Would it be safe to connect it to my computer as a secondary drive and attempt to copy those files to my computer's primary drive?

I'm a tad concerned that there's more going on here than you've stated. There's no reason to replace a drive just because it contains a virus. Viruses don't harm the hardware in any way that would necessitate replacement.

That having been said, your question is a good one: does mounting any disk, be it a hard drive, DVD, CD-ROM or even a floppy, that contains a virus put your system at risk?

Yes, of course there's risk. But the risk is in what you do after you mount it.

The key to viruses that inhabit some kind of media is that they must be run. By that I mean that some program that contains the virus must actually be executed on your computer in order for the virus to infect you. As long as the virus isn't executed, its mere presence doesn't actually do anything. It simply lays in wait.

So, yes, you're quite safe to mount your hard drive and copy files off of it, as long as you don't copy or execute any file that is infected with a virus. Seems simple, right?

Things are rarely simple.

At issue is how to make certain that nothing on that infected hard drive is executed.

My actual recommendation is to run an up-to-date anti-virus scan of the drive once you've mounted it. Let the scanner actually delete or at least quarantine any of the files that it finds are infected. Scan again - and if your scanner reports no viruses, where it did before, you're likely clean, and can copy away to your hearts content. (I must emphasize that it's very important that your anti-virus program's database of viruses be up to date, to make sure to catch even the most recent threats.)

"My actual recommendation is to run an up-to-date anti-virus scan of the drive once you've mounted it."

A common "gotcha" on removable media - meaning CDs, USB flash drives and the like - is "autorun". This rarely applies to hard disks (though I've heard reports that it can). As soon as you insert the media, Windows looks for, and then executes the autorun information on the media. That puts you at immediate risk if that media has been infected. If you suspect issues, I actually recommend turning of auto-run on all devices, at least until you have your situation recovered and cleaned up.

So after all that, the last remaining piece of advice? Don't run anything from the infected drive. That means, essentially, don't double click on anything. Copy off your pictures and other data, taking care to avoid any program files or other executables.

And then once you have everything you want saved off of the drive, format it. This will erase all its contents, including any malware, and give you lots of room to copy whatever you like back to it.

In a case like this, I often look at the extra drive as a candidate for an external USB enclosure. That way I can plug the now extra drive into any machine I might want to.

And as a closing reminder: if that drive was the only place you were keeping your data, you haven't been backing up. Now's also a good time to consider implementing a backup strategy. That extra, empty drive you now have might be just the thing to use.

Article C2924 - February 6, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Betty
February 7, 2007 1:28 PM

I always suggest connecting such a drive to a MAC. Most Mac's can't get the same version of viruses as PCs so it's safe to collect your files AFTER you've run a thorough scan to be sure those files are not damaged. Then you can reformat the disc using the Mac to completely and utterly erase the problem. Then put it back into your PC and reformat again and you'll definitely be rid of the problem.

The whole reason we have kept my husband's 8 year old Mac is for problems like this

mark
February 7, 2007 3:38 PM

A similar method to the one posted above is to attach the drive, and then access it via Linux, either through a live CD or a machine that actually has it installed. Same principle as the Mac; viruses for windows tend to not cross over much.

Lucian
February 10, 2007 12:37 PM

I think the best way is to have antivirus software monitor on the computer where you add/mount the drive with the virus. The antivirus software will block access to the infected file.

But you can add it too without antivirus software installed, if you know exactly what files are infected, if you don't execute them, the risk for your computer is minimal.

Sharon
February 12, 2007 8:45 AM

Four years ago I bought a HP at OfficeMax. Cost $799.99 plus tax and then I also wanted to be on the safe side and got the MaxAssurance.
Well, about a year and a half ago I started having small problems with my computer and they sent a person (I though he was certified, NOT) to my house to check out my computer and fix the problem.
The last time he came was about a week before my contract ran out.
I was having graphic problems, the screen was off set and it was only happening at start up.
They started to "fix" my problems and it wasn't working.
I believed then and do now that it was a program I put on my computer was at fault.
I didn't know what program it was so I let him "work his whatever".
They put in a "new" motherboard and set a "new"
monitor.
Neither fixed the problem and they said that I was on my own.
They refused to fix what was wrong with my computer and when they did that, my monitor was shipped to me with scratches on it and the computer was coming up with Compaq on the screen, off set.
I decided to just put the windows xp back on the computer to just get rid of all the problems. (they would not come back and fix what they had messed up and would not fix the problems with my computer because they said that my contract had run out!!)
When I tried to re-load my computer, I am now getting I can not get into the darn thing because I believe the motherboard is not the original one and the program will not load.
I am stuck with a computer I paid (with tax and insurance cost) $1000.00 and can't use!
Anyone help at all PLEASE

snail
November 12, 2009 8:34 PM

A few things I want to address: when opening folders(even the drive itself) would the display(thumbnails) be executing any files in order to display their visual snippets?
Also as far as moving to a Unix OS to then inspect, especially on a system that contains your system(as in either the LiveBoot or DualBoot option used on the same system holding your hard drive with your OS(Windows or Mac or Linux), your risk of exposure is still present. For instance, suppose you downloaded a Linux virus, a Mac virus, and a Windows virus. How would you know, anyway? Well, by entering a system, any one of these viruses could passively infect any of your operating systems *(whether executed in a user-negligent action(copying all and pasting) or unforeseen dangers like embedded viruses within pictures)
*I'm not sure if a LiveCD/LiveFlashDrive OS would be susceptible to viruses because of its relatively fixed state of system ~employment.
Dual boot options are double the risk in that one file inadvertently may corrupt the other OS's you use.

Rhett Taylor
September 1, 2010 8:17 PM

My 5 year old desktop was infected with something a few months ago. I have Process Explorer and can see a list of random looking letters and numbers listed as one of the DLLs under IE. It says it's located in the Temporary Internet Files and contains "Anti-Phishing", though I've looked in every way I know how to and cannot find this file. My Avast said my pc was clean, but it keeps re-directing my browser to some ad site or to random search pages. I've used Safe Mode with Networking to download another product that was highly rated, and still it keeps showing up in addition to the unbelievably slow performance. Recently, I bought a new laptop and I'd like to know if there is a way to scan the old computer using my anti-virus on the laptop prior to copying the files to some form of removable media; so that I can at least get pictures and necessary documents off without risking infection to the new laptop. Don't have a Mac and my technical skills are not going to be up to learing Linux. Just want to get some pictures, some necessary files, and then wipe the old computer clean--along with the nasty little whatever it is--preferably without infecting my new one.

Would sincerely appreciate the help.

Nathaniel Keaton
February 22, 2011 6:15 PM

This comment is for sharon even thought this thread is quite old, a lot of the malware/spyware thats out there can hijack your browser settings making it redirect to other things. A great program for this is hijackthis, there are tons of forums out there that you can post your log and they will tell you what is causing you problems. It is also great for other malware affecting your system not only your browser as it scans your whole computer, the registry everything that starts up and all the components loading into your browser. Hope this helps someone :)

VY
September 13, 2011 6:26 AM

My desktop computer was infected with a virus that cannot easily be removed. We are going to try the Power Eraser from Norton Internet Security. My question is: Will we be infected with the virus if we copy the photos and program files before running the Power Eraser Scan? Thanks for your help!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.