Helping people with computers... one answer at a time.
One approach to disinfecting a drive is to install it into another machine for cleaning. It's common, reasonable even, but there are risks.
I occasionally help people with computer problems (avg 2-3/mo.) and a majority have to do with infections - popups, running slow, etc. I generally am successful running Adaware, House Call, Spybot and installing/running AVG along with defragging, emptying temp folder, reducing restore size from 12%, etc. Occasionally I have to format and reinstall everything.
I had a PC recently that was so infected and so slow it would not load or run any corrective software or even go on the internet. I thought I would have to format but before that, I removed the hard drive and installed it as a slave in another computer. There I was able to run the anti-virus/spyware/malware software. When I put it back in the original computer, most of the problems were gone, and I was able to complete the cleanup without any further problem.
My first question is, is this a safe and reasonable technique? And second, if it is, is there a way to use it on a laptop, other than by removing the hard drive, adding a laptop/EIDE adapter and using it as a slave like I did before?
•
Well, it's probably about 95% safe and reasonable. And also fairly common, since the alternative is to reformat and reinstall.
It's that 5% that should worry you.
Add yes, there are ways to do it for your laptop's drive as well.
•
For those not familiar with the technique, what's being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive - D: perhaps - rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.
Here's the part of the problem that concerns me, and should concern you:
Once your machine has been
infected,
it's not your machine any more.
This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.
Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can't know that you've actually been successful. There may still be something lurking that all your tools missed.
The only way to avoid it is to reformat and reinstall.
That's why I say that the approach you're taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won't.
In the worst of cases, you'll carry the virus to the other computer and infect it.
And you may, or may not, find out about it until after it's too late.
That's the 5% of worry.
And for the record, I have no idea what the real percentage of failure honestly is - could be 80/20, 95/5 as I'm using here, or 99.999/0.001. All I do know is that it's most assuredly not 100/0.
Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it's probably something I'd try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.
And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.
If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.
And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.
But regardless of what machine you install it in, or how, make sure
to take as many precautions as possible to protect that machine from
whatever is on that infected drive. You don't want to be part of that
5% 
Article C3683 - March 22, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
If I have a computer that I suspect is infected, would it be safe to back up the documents and settings files to a place like MOZI online backup or could a virus go along with even one of those files and when downloading later get it
back on my computer after reformatting?
27-Mar-2009
There is a great product sold by Cyberguys.com that allows you to connect SATA and IDE drives (or both at the same time) to another computer using a USB cable. Item # 131 0852. It comes with all the cables for power and data, and makes scanning as well as formatting and pulling off data from non bootable drives a snap. I bought one for $40.00 and am very pleased with it.
Posted by: Bruce Harris at March 27, 2009 3:04 PMI wouldn't just hook it up to my main regular use PC. For this purpose it's best have a "bare bones" basic utility machine that is equipped with a good backup solution, and updated with current win updates & current reputable AV, & any other anti-whatever tools required, and "recently backed up", preferably in the previous minutes to less than an hour before the connection of a possibly or actually infected HDD,
Posted by: Richard at August 26, 2009 10:30 PMthen connect the HDD, scan it, clean it, etc. for this type of scanning & virus etc. infection removal it's best to have an anti-whatever program that can load the registry from another OS install, in this case the registry on the "other HDD", if the registry can't be scanned then it could be an exercise in futility since the registry can contain keys that point to encrypted self-installers or internet retrieval calls for reinstalling or redownloading the virus, malware, etc. and then you've wasted all that time.
I have done this...and I paid the price. Depending on the virus it indeed can infect the second computer INSTANTLY EVEN IF YOU HAVE GOOD ANTIVIRUS SOFTWARE!
The question is, do you feel lucky punk? Well do you?
Posted by: Bay Area Jim at January 13, 2010 2:09 PMI HAD A VIRUS ON MY OLD COMPUTER THAT FILLED MY C DRIVE WITH IDX FILES AND CAUSED THE COMPUTER TO CRASH.PRIOR TO IT CRASHING,I HAD SAVED ALOT OF MY DATA TO A WESTERN DIGITAL MY BOOK(1TB)EXTERNAL DRIVE.IS IT SAFE TO CONNECT THE EXTERNAL DRIVE TO MY NEW COMPUTER AND RUN A VIRUS SCAN ON THE EXTERNAL DRIVE?
19-Jan-2010
Posted by: ANDREW at January 19, 2010 4:58 AM