Helping people with computers... one answer at a time.

One approach to disinfecting a drive is to install it into another machine for cleaning. It's common, reasonable even, but there are risks.

I occasionally help people with computer problems (avg 2-3/mo.) and a majority have to do with infections - popups, running slow, etc. I generally am successful running Adaware, House Call, Spybot and installing/running AVG along with defragging, emptying temp folder, reducing restore size from 12%, etc. Occasionally I have to format and reinstall everything.

I had a PC recently that was so infected and so slow it would not load or run any corrective software or even go on the internet. I thought I would have to format but before that, I removed the hard drive and installed it as a slave in another computer. There I was able to run the anti-virus/spyware/malware software. When I put it back in the original computer, most of the problems were gone, and I was able to complete the cleanup without any further problem.

My first question is, is this a safe and reasonable technique? And second, if it is, is there a way to use it on a laptop, other than by removing the hard drive, adding a laptop/EIDE adapter and using it as a slave like I did before?

Well, it's probably about 95% safe and reasonable. And also fairly common, since the alternative is to reformat and reinstall.

It's that 5% that should worry you.

Add yes, there are ways to do it for your laptop's drive as well.

For those not familiar with the technique, what's being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive - D: perhaps - rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.

Here's the part of the problem that concerns me, and should concern you:

Once your machine has been infected,
it's not your machine any more.

This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.

"In the worst of cases you'll carry the virus to the other computer and infect it."

Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can't know that you've actually been successful. There may still be something lurking that all your tools missed.

The only way to avoid it is to reformat and reinstall.

That's why I say that the approach you're taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won't.

In the worst of cases, you'll carry the virus to the other computer and infect it.

And you may, or may not, find out about it until after it's too late.

That's the 5% of worry.

And for the record, I have no idea what the real percentage of failure honestly is - could be 80/20, 95/5 as I'm using here, or 99.999/0.001. All I do know is that it's most assuredly not 100/0.

Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it's probably something I'd try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.

And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.

If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.

And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.

But regardless of what machine you install it in, or how, make sure to take as many precautions as possible to protect that machine from whatever is on that infected drive. You don't want to be part of that 5% Smile

Article C3683 - March 22, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

17 Comments
Mark
March 24, 2009 3:45 AM

I use Avira Antivirus. It's totally free and has the option of running a virus check before windows is loaded thus giving it the ability of removing files containing viruses that would be locked and protected from deletion when windows is running. I've cleaned a few stubborn viruses and trojans that way and is a good alternative in many cases to putting a bad disk into a good computer. If this doesn't work try booting from a live Bart PE and running an AV from that. That is probably just as effective and much safer than putting a bad disk into a good computer. If you don't know how to create and run a PE disk than you really should think twice about putting an infected disk into your machine.

Mikhail
March 24, 2009 8:24 AM

In a case like the one described above there is more simple solution (imho) - special live cd. Many antivirus vendors have such live cd's. Look for example at DrWeb Live CD - http://www.freedrweb.com/livecd?lng=en

Andrew
March 24, 2009 9:32 AM

I keep an old XP machine around for just such an occurance. It has all the programs and install files I use. Thus, if that 5% becomes more than a statistic, who cares!

Charles c.
March 24, 2009 3:02 PM

Hears my take on this. my engine in my van had a knocking noise in it. then i discovered I am really low on oil. i put oil in and it stills knocks. the damage is already done. like an operating system the registry files are corrupted and can't be repaired. first thing is reformat and partition your drive. this way xp will see it as two drives and you can reformat and not loose all your programs. first and foremost buy a good anti virus and a firewall. if you can spend good money on a computer then protect it. I use sunbelt software vipre and their firewall. I have never had a problem because it stops all the bad guys at the door. it the best i have found and it is not a resource hog either.now the last thing buy a second drive and backup all your important files. by the time you fool around switching drives you can do it the right way format and start new.

Fahad
March 24, 2009 3:08 PM

I'm doing the same all the time, just make sure your anti virus/spyware are updated and dont load windows normally... attach the infected HD and load the windows in "SAFE MODE". Windows will recognize the new HD, just start your Antivirus and do full scan for it.
I think this will make it 99.9% safe to do this as I've never seen a virus that can start it's job in SAFE MODE.

Frank C.
March 25, 2009 10:57 AM

I don't get the comment by Leo "an alternative is to get a USB interface or external hard drive enclosure (specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.)" I understand this to mean you just use an external drive to hook up to the USB port of the infected computer or take the infected drive and put IT into a usb drive enclosure?
Also I cannot subscribe to this topic with an RSS Feed-I get an error message. Frank C.

Put the suspect drive into an external USB enclosure.
- Leo
26-Mar-2009

Frank C.
March 25, 2009 11:01 AM

What's the difference between installing the infective drive as a slave and either hooking up a good drive by USB or hooking up the infected drive by USB?

For most folks it's just easier to deal with an external USB interface than to have to crack open the PC and install the drive internally as a slave.
- Leo
26-Mar-2009

Frank C.
March 25, 2009 11:12 AM

What is a live Bart PE?
Frank C.

BartPE is a tool that you can use to make a bootable CD from your Windows CD. It's fairly geeky to set up. More on it here: How do I make a Windows XP boot disk?
- Leo
26-Mar-2009

Frank C.
March 25, 2009 11:18 AM

If you handle this problem by using an old XP computer and this supposedly good, old XP computer runs into this 5% liability what are you going to do, have a stack of good, old XP computers to take its place?

The point is that the old computer wouldn't have any important data on it. So after experiencing the 5% problem you could reformat and reinstall it without any major trauma.
- Leo
26-Mar-2009

Frank C.
March 25, 2009 11:35 AM

Fahad's comment about starting the good computer in safe mode with the attached infected drive hooked up by USB seems the best primary way to go.
But I'm a single user, at best probably involved with a computer problem with my family every 2 years. I'd have to keep a computer around for an event that might never come up. Frank C.

Patrick
March 27, 2009 2:00 AM

If I have a computer that I suspect is infected, would it be safe to back up the documents and settings files to a place like MOZI online backup or could a virus go along with even one of those files and when downloading later get it
back on my computer after reformatting?

It doesn't matter where you back the up to, if they're infected, they're infected. Take great care restoring only those files that you need.
- Leo
27-Mar-2009

Bruce Harris
March 27, 2009 3:04 PM

There is a great product sold by Cyberguys.com that allows you to connect SATA and IDE drives (or both at the same time) to another computer using a USB cable. Item # 131 0852. It comes with all the cables for power and data, and makes scanning as well as formatting and pulling off data from non bootable drives a snap. I bought one for $40.00 and am very pleased with it.

Richard
August 26, 2009 10:30 PM

I wouldn't just hook it up to my main regular use PC. For this purpose it's best have a "bare bones" basic utility machine that is equipped with a good backup solution, and updated with current win updates & current reputable AV, & any other anti-whatever tools required, and "recently backed up", preferably in the previous minutes to less than an hour before the connection of a possibly or actually infected HDD,
then connect the HDD, scan it, clean it, etc. for this type of scanning & virus etc. infection removal it's best to have an anti-whatever program that can load the registry from another OS install, in this case the registry on the "other HDD", if the registry can't be scanned then it could be an exercise in futility since the registry can contain keys that point to encrypted self-installers or internet retrieval calls for reinstalling or redownloading the virus, malware, etc. and then you've wasted all that time.

Bay Area Jim
January 13, 2010 2:09 PM

I have done this...and I paid the price. Depending on the virus it indeed can infect the second computer INSTANTLY EVEN IF YOU HAVE GOOD ANTIVIRUS SOFTWARE!

The question is, do you feel lucky punk? Well do you?

ANDREW
January 19, 2010 4:58 AM

I HAD A VIRUS ON MY OLD COMPUTER THAT FILLED MY C DRIVE WITH IDX FILES AND CAUSED THE COMPUTER TO CRASH.PRIOR TO IT CRASHING,I HAD SAVED ALOT OF MY DATA TO A WESTERN DIGITAL MY BOOK(1TB)EXTERNAL DRIVE.IS IT SAFE TO CONNECT THE EXTERNAL DRIVE TO MY NEW COMPUTER AND RUN A VIRUS SCAN ON THE EXTERNAL DRIVE?

That's pretty much what the article you're commenting on discusses.
Leo
19-Jan-2010

Fernando
February 22, 2012 9:03 AM

I have an infected HD in boot and pc won't start noteven with an original MS install cd booting from F12 boot cd/dvd i just won't read it. Can I refotmat HD in a deferent computer with an external enclosure and then reinstall windows program?


oglilp2fo
December 12, 2012 12:22 AM

I have done this for years as a tech in the PC field and can tell you I never had a problem doing this;
1)I boot up in "Safe Mode"
2)I have my anti-virus software active in "real time protection"
3)I use a USB caddie so I can install it after windows is running
4)I run it "Sand Boxed" in Sandboxie to so that nothing bleeds that I can't kill...

I suggest if anything at least run it under "safe mode" first, scan next, and finally back it up.
Once done... scrub, reformat, and fresh install. Thanks~

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.