Reply to: Read infected disk safely?

To do this properly you need:
1. A screwdriver
2. Iron filings
3. Magnifying glass

Not a prob for me anyway because the problem is to read from it, in order to save the data without saving the nasties. But thanks for the comment.

It was a Linux Boot Util I was thinking of - and it does let you write to an NTFS partition. If I can find it I'll PM you the link to it.

Nice Idea Dr Evil, unless the disk partion is NTFS, then then LINUX app. will not be able to WRITE to it.

Yup, that was it

Going on to the net without an AV wouldn't be a problem in itself. It's the not having a patched system and no firewall which gets you infected without doing anything.

Most virus/trojan problems are the result of people opening something, whether it's an attachment or downloading some .exe or visiting a page which loads some object or another.

Problem is 90% of non-tech people I know seem to have no idea about what can happen, e.g. someone sending a Xmas greeting they just found on some site to 20-30 people even though it's an .exe, and god knows how many just clicking on it...

According to SANS the current survival time is 30 mins. Thats 30 mins from going on the net with an unprotected system to being probed and consequently compromised.

They keep a history as well which makes for interesting reading

No, just the net. I've heard that 20 seconds is the average time till infection if you connect to broadband without an AV.

P.S. Did he go onto Kazaa? - I think I got that particular case of clap a while ago.

To be honest Safe Mode is belt and braces really, so long as your original OS is the one being booted into and no exe are run - it's all good. The HDD is harldly going to jump up and try and throttle you!!! (well they haven't in my experience - but it was a while ago!). So long as you see the offending disk - that's the important thing, USB \ IDE whatever and you are protected by AV on your machine's OS. Usual common sense safeguards apply remove network cable, don't login as admin unless you have to. Treat the HDD as a slightly dodgy guest!!!

Only possible problem (and I haven't ever had to try it yet) is that you may not be able to add a USB connected drive in Safe Mode - but I could be wrong there. PM me if you need some off board machine specific help.

Thanks, That's what I thought. Update AVG and run it on PC, reboot in safe mode, plug in drive, run AVG on it, then copy data files to CD-R.

Thanks.

I reckon that if I'm in Linux then I can do without the AV (could be wrong there). I just have trouble seeing the disk. This is Mandrake, maybe another distro could be the lazy man's way of getting to it?

I've got a laptop and a small-box desktop here so I can't connect the disk IDE to either (unless I use the offender as the only disk in the desktop, hmm).

But using Safe Mode is a good idea (I think).

Just so long as you don't boot from the infected drive or run any of the executables you should be able to scan it from Windoze using AVG etc.

There are a couple of Linux based boot utils I know of which will definitely read a locally mounted drive as it can be mounted and the data contained therein. Problem is then running an AV - so forget that I think.

Plan B - install the drive as a second IDE locally to your machine and sweep with an AV from Linux.

Plan C - install as USB \ local (IDE?) boot into Win XX safe mode and sweep the infected drive from there.

Standard Disclaimer: Obviously ensure that you are bang up to date with AV pattern files etc, set it to check files upon access etc. This product may contain nuts, and your home is at risk if you cannot keep up repayments on a loan or mortgage taken out on it etc etc.