Helping people with computers... one answer at a time.
One approach to disinfecting a drive is to install it into another machine for cleaning. It's common, reasonable even, but there are risks.
I occasionally help people with computer problems (avg 2-3/mo.) and a majority have to do with infections - popups, running slow, etc. I generally am successful running Adaware, House Call, Spybot and installing/running AVG along with defragging, emptying temp folder, reducing restore size from 12%, etc. Occasionally I have to format and reinstall everything.
I had a PC recently that was so infected and so slow it would not load or run any corrective software or even go on the internet. I thought I would have to format but before that, I removed the hard drive and installed it as a slave in another computer. There I was able to run the anti-virus/spyware/malware software. When I put it back in the original computer, most of the problems were gone, and I was able to complete the cleanup without any further problem.
My first question is, is this a safe and reasonable technique? And second, if it is, is there a way to use it on a laptop, other than by removing the hard drive, adding a laptop/EIDE adapter and using it as a slave like I did before?
•
Well, it's probably about 95% safe and reasonable. And also fairly common, since the alternative is to reformat and reinstall.
It's that 5% that should worry you.
Add yes, there are ways to do it for your laptop's drive as well.
•
For those not familiar with the technique, what's being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive - D: perhaps - rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.
Here's the part of the problem that concerns me, and should concern you:
Once your machine has been
infected,
it's not your machine any more.
This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.
Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can't know that you've actually been successful. There may still be something lurking that all your tools missed.
The only way to avoid it is to reformat and reinstall.
That's why I say that the approach you're taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won't.
In the worst of cases, you'll carry the virus to the other computer and infect it.
And you may, or may not, find out about it until after it's too late.
That's the 5% of worry.
And for the record, I have no idea what the real percentage of failure honestly is - could be 80/20, 95/5 as I'm using here, or 99.999/0.001. All I do know is that it's most assuredly not 100/0.
Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it's probably something I'd try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.
And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.
If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.
And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.
But regardless of what machine you install it in, or how, make sure
to take as many precautions as possible to protect that machine from
whatever is on that infected drive. You don't want to be part of that
5% 
Article C3683 - March 22, 2009 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
August 26, 2009 10:30 PM
I wouldn't just hook it up to my main regular use PC. For this purpose it's best have a "bare bones" basic utility machine that is equipped with a good backup solution, and updated with current win updates & current reputable AV, & any other anti-whatever tools required, and "recently backed up", preferably in the previous minutes to less than an hour before the connection of a possibly or actually infected HDD,
then connect the HDD, scan it, clean it, etc. for this type of scanning & virus etc. infection removal it's best to have an anti-whatever program that can load the registry from another OS install, in this case the registry on the "other HDD", if the registry can't be scanned then it could be an exercise in futility since the registry can contain keys that point to encrypted self-installers or internet retrieval calls for reinstalling or redownloading the virus, malware, etc. and then you've wasted all that time.
January 13, 2010 2:09 PM
I have done this...and I paid the price. Depending on the virus it indeed can infect the second computer INSTANTLY EVEN IF YOU HAVE GOOD ANTIVIRUS SOFTWARE!
The question is, do you feel lucky punk? Well do you?
January 19, 2010 4:58 AM
I HAD A VIRUS ON MY OLD COMPUTER THAT FILLED MY C DRIVE WITH IDX FILES AND CAUSED THE COMPUTER TO CRASH.PRIOR TO IT CRASHING,I HAD SAVED ALOT OF MY DATA TO A WESTERN DIGITAL MY BOOK(1TB)EXTERNAL DRIVE.IS IT SAFE TO CONNECT THE EXTERNAL DRIVE TO MY NEW COMPUTER AND RUN A VIRUS SCAN ON THE EXTERNAL DRIVE?
19-Jan-2010
February 22, 2012 9:03 AM
I have an infected HD in boot and pc won't start noteven with an original MS install cd booting from F12 boot cd/dvd i just won't read it. Can I refotmat HD in a deferent computer with an external enclosure and then reinstall windows program?
December 12, 2012 12:22 AM
I have done this for years as a tech in the PC field and can tell you I never had a problem doing this;
1)I boot up in "Safe Mode"
2)I have my anti-virus software active in "real time protection"
3)I use a USB caddie so I can install it after windows is running
4)I run it "Sand Boxed" in Sandboxie to so that nothing bleeds that I can't kill...
I suggest if anything at least run it under "safe mode" first, scan next, and finally back it up.
Once done... scrub, reformat, and fresh install. Thanks~
•
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.