Summary: One approach to disinfecting a drive is to install it into another machine for cleaning. It's common, reasonable even, but there are risks.
I occasionally help people with computer problems (avg 2-3/mo.) and a majority have to do with infections - popups, running slow, etc. I generally am successful running Adaware, House Call, Spybot and installing/running AVG along with defragging, emptying temp folder, reducing restore size from 12%, etc. Occasionally I have to format and reinstall everything.
I had a PC recently that was so infected and so slow it would not load or run any corrective software or even go on the internet. I thought I would have to format but before that, I removed the hard drive and installed it as a slave in another computer. There I was able to run the anti-virus/spyware/malware software. When I put it back in the original computer, most of the problems were gone, and I was able to complete the cleanup without any further problem.
My first question is, is this a safe and reasonable technique? And second, if it is, is there a way to use it on a laptop, other than by removing the hard drive, adding a laptop/EIDE adapter and using it as a slave like I did before?
•
Well, it's probably about 95% safe and reasonable. And also fairly common, since the alternative is to reformat and reinstall.
It's that 5% that should worry you.
Add yes, there are ways to do it for your laptop's drive as well.
•
For those not familiar with the technique, what's being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive - D: perhaps - rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.
Here's the part of the problem that concerns me, and should concern you:
Once your machine has been
infected,
it's not your machine any more.
This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.
Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can't know that you've actually been successful. There may still be something lurking that all your tools missed.
The only way to avoid it is to reformat and reinstall.
That's why I say that the approach you're taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won't.
In the worst of cases, you'll carry the virus to the other computer and infect it.
And you may, or may not, find out about it until after it's too late.
That's the 5% of worry.
And for the record, I have no idea what the real percentage of failure honestly is - could be 80/20, 95/5 as I'm using here, or 99.999/0.001. All I do know is that it's most assuredly not 100/0.
Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it's probably something I'd try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.
And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.
If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.
And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.
But regardless of what machine you install it in, or how, make sure
to take as many precautions as possible to protect that machine from
whatever is on that infected drive. You don't want to be part of that
5% 
Related:
-
My anti-virus performed a virus removal but I still have a symptom, how do I get rid of it? Your anti-virus program may claim successful virus removal, but if symptoms remain then clearly the job's not really done.
-
Can I recover from a virus by just restoring my registry? Viruses and other malware often work in part by making changes to your registry, so it's tempting to think that's all that needs to be restored. It's not.
-
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Article C3683 - March 22, 2009
Hears my take on this. my engine in my van had a knocking noise in it. then i discovered I am really low on oil. i put oil in and it stills knocks. the damage is already done. like an operating system the registry files are corrupted and can't be repaired. first thing is reformat and partition your drive. this way xp will see it as two drives and you can reformat and not loose all your programs. first and foremost buy a good anti virus and a firewall. if you can spend good money on a computer then protect it. I use sunbelt software vipre and their firewall. I have never had a problem because it stops all the bad guys at the door. it the best i have found and it is not a resource hog either.now the last thing buy a second drive and backup all your important files. by the time you fool around switching drives you can do it the right way format and start new.
Posted by: Charles c. at March 24, 2009 3:02 PMI'm doing the same all the time, just make sure your anti virus/spyware are updated and dont load windows normally... attach the infected HD and load the windows in "SAFE MODE". Windows will recognize the new HD, just start your Antivirus and do full scan for it.
Posted by: Fahad at March 24, 2009 3:08 PMI think this will make it 99.9% safe to do this as I've never seen a virus that can start it's job in SAFE MODE.
I don't get the comment by Leo "an alternative is to get a USB interface or external hard drive enclosure (specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.)" I understand this to mean you just use an external drive to hook up to the USB port of the infected computer or take the infected drive and put IT into a usb drive enclosure?
Also I cannot subscribe to this topic with an RSS Feed-I get an error message. Frank C.
26-Mar-2009
What's the difference between installing the infective drive as a slave and either hooking up a good drive by USB or hooking up the infected drive by USB?
26-Mar-2009
What is a live Bart PE?
Frank C.
26-Mar-2009
If you handle this problem by using an old XP computer and this supposedly good, old XP computer runs into this 5% liability what are you going to do, have a stack of good, old XP computers to take its place?
26-Mar-2009
Fahad's comment about starting the good computer in safe mode with the attached infected drive hooked up by USB seems the best primary way to go.
Posted by: Frank C. at March 25, 2009 11:35 AMBut I'm a single user, at best probably involved with a computer problem with my family every 2 years. I'd have to keep a computer around for an event that might never come up. Frank C.
If I have a computer that I suspect is infected, would it be safe to back up the documents and settings files to a place like MOZI online backup or could a virus go along with even one of those files and when downloading later get it
back on my computer after reformatting?
27-Mar-2009
There is a great product sold by Cyberguys.com that allows you to connect SATA and IDE drives (or both at the same time) to another computer using a USB cable. Item # 131 0852. It comes with all the cables for power and data, and makes scanning as well as formatting and pulling off data from non bootable drives a snap. I bought one for $40.00 and am very pleased with it.
Posted by: Bruce Harris at March 27, 2009 3:04 PMI wouldn't just hook it up to my main regular use PC. For this purpose it's best have a "bare bones" basic utility machine that is equipped with a good backup solution, and updated with current win updates & current reputable AV, & any other anti-whatever tools required, and "recently backed up", preferably in the previous minutes to less than an hour before the connection of a possibly or actually infected HDD,
Posted by: Richard at August 26, 2009 10:30 PMthen connect the HDD, scan it, clean it, etc. for this type of scanning & virus etc. infection removal it's best to have an anti-whatever program that can load the registry from another OS install, in this case the registry on the "other HDD", if the registry can't be scanned then it could be an exercise in futility since the registry can contain keys that point to encrypted self-installers or internet retrieval calls for reinstalling or redownloading the virus, malware, etc. and then you've wasted all that time.