Safe virus recovery?
July 6, 2010 2:52 PM Subscribe
My computer was infected with Virtumonde a few months ago, and after a lot of failed attempts at removing the infection, I ended up buying a new hard drive and taking the opportunity to upgrade to Windows 7 with a fresh install. Here's where things get a bit worrisome:
After getting the "new" computer up and running, I was able to take my old, uninfected secondary hard drive and install it with no problems. However, I'm at a loss as to how to make sure I safely recover the information from my old primary hard drive. I have an external enclosure I can use to treat it as removable storage, and I'm fairly sure I should be able to remove the virus without putting my computer at risk- I've turned off Autoplay, I've made sure my definitions are up to date, and the characteristics of the virus don't seem like they would be a problem (not destructive of data, only infects Windows system files). But how do I make absolutely sure I'm not risking reinfection? Are there any other steps or precautions I should take? There's a lot of very important data on that drive (including an obscene amount of music it would take years to re-rip) so I want to make sure I do everything possible to ensure this works out. I have backed up my current build so I can recover in case anything goes wrong.
After getting the "new" computer up and running, I was able to take my old, uninfected secondary hard drive and install it with no problems. However, I'm at a loss as to how to make sure I safely recover the information from my old primary hard drive. I have an external enclosure I can use to treat it as removable storage, and I'm fairly sure I should be able to remove the virus without putting my computer at risk- I've turned off Autoplay, I've made sure my definitions are up to date, and the characteristics of the virus don't seem like they would be a problem (not destructive of data, only infects Windows system files). But how do I make absolutely sure I'm not risking reinfection? Are there any other steps or precautions I should take? There's a lot of very important data on that drive (including an obscene amount of music it would take years to re-rip) so I want to make sure I do everything possible to ensure this works out. I have backed up my current build so I can recover in case anything goes wrong.
I think that copying your data should be okay (I had a VirtuMonde infection a few years ago and it took incredible effort to get rid of it, but the infection was in the windows directory), but you would also do well to run a virus scanner now. VirtuMonde defeats many virus scanners if it is active, but since the malicious little pest is dormant right now it should be possible to scrub all your data.
Windows 7 is also a lot fussier about letting random files write to the system folder and its much maligned UAC actually helps you here. BTW if you have disabled UAC then please enable it pronto.
posted by It's Never Lurgi at 3:42 PM on July 6, 2010
Windows 7 is also a lot fussier about letting random files write to the system folder and its much maligned UAC actually helps you here. BTW if you have disabled UAC then please enable it pronto.
posted by It's Never Lurgi at 3:42 PM on July 6, 2010
You could scan it from a non-Windows OS. Avast is available for Linux.
posted by NortonDC at 5:16 PM on July 6, 2010
posted by NortonDC at 5:16 PM on July 6, 2010
Install Security Essentials on your new computer, don't bother with junk like McAfee, Norton, or AVG. Do a scan of your USB drive with it. The only way 7 runs executables from a USB disk is via autoplay and even then it asks you. After the scan just start copying your items.
posted by damn dirty ape at 7:41 PM on July 6, 2010
posted by damn dirty ape at 7:41 PM on July 6, 2010
If you're especially paranoid, make a new user account, make this a "standard user" not an administrator. Log in as this user. Now attach your drive and do you scan. As a limited user, its nearly impossible to get infected in system areas you don't have rights to.
posted by damn dirty ape at 7:47 PM on July 6, 2010 [1 favorite]
posted by damn dirty ape at 7:47 PM on July 6, 2010 [1 favorite]
@damn dirty ape has excellent advise. Beyond that, an up to date version of malwarebytes, spybot S&D, combofix, javacool's spyware blaster and hijackthis will give you piece of mind.
And, seriously...we have no confirmed idea what apps the guy relies on, the format his critical data is in, what environment makes his world work, but there's always some fanboi who condescends "just dump windows and load linux and your problems are solved". Some people will never get out of the parents basement.
posted by kjs3 at 9:00 PM on July 6, 2010
And, seriously...we have no confirmed idea what apps the guy relies on, the format his critical data is in, what environment makes his world work, but there's always some fanboi who condescends "just dump windows and load linux and your problems are solved". Some people will never get out of the parents basement.
posted by kjs3 at 9:00 PM on July 6, 2010
To clarify, Merzbau and kjs3, I'm not suggesting replacing Windows with Linux. I'm suggesting a one-time use of Linux so that you don't have to expose the OS you want to protect to the unknown threat. Doing the scanning and any remediation from Linux means you don't have to worry about infecting the OS you really value while you're handling the threat. I'm not any sort of Linux zealot, I just think it's a bit of a folly to rely on self reporting from the running copy of the OS, at least as much in the age of rootkits as in back in the DOS era.
The practice I'm suggesting is called offline scanning, and there are plenty of free tools to accomplish it. See here for more explanation and a list of free tools for doing it.
posted by NortonDC at 6:58 AM on July 7, 2010
The practice I'm suggesting is called offline scanning, and there are plenty of free tools to accomplish it. See here for more explanation and a list of free tools for doing it.
posted by NortonDC at 6:58 AM on July 7, 2010
@NortonDC: I was not referring to you. You're suggestion was quite clear, and valuable. My apologies if I lumped you in an unflattering pile.
posted by kjs3 at 10:57 AM on July 7, 2010
posted by kjs3 at 10:57 AM on July 7, 2010
This thread is closed to new comments.
Wubi is a point and click way of installing ubuntu, no linux knowledge required, and ubuntu is more or less as easy to use as windows.
posted by a womble is an active kind of sloth at 3:12 PM on July 6, 2010