Friday, May 11, 2018

windows - Saving files safely from an infected computer


How can I save important files from a virus/malware infected computer and put them on another computer without spreading the infection further?


I have Windows machines.


Answer



First, prohibit the malicious code from executing


If your goal is to avoid spreading the infection, then you must keep it from executing. Therefore you must not boot into the infected Windows install.


When booted into the infected machine, you must assume the malicious code has complete control. This means it could infect any media you connect to the computer, making it unsafe to connect it to another computer later. For an excellent real life demonstration of this principle read about how the Stuxnet worm propagated itself.


Then copy and thoroughly scan for threats


Instead, boot into another OS, preferably by using a Live CD of a non-Windows based OS, such as Linux, before copying data off. This helps lessen the likelihood of accidentally triggering the malicious code while accessing the infected machine since the Windows code is harder to unintentionally execute or likely may not even work on another OS.


Failing that, you can the hard disk as a secondary drive to another Windows computer. I only recommend doing this when you have a high degree of certainty that the infection isn't using any zero-day exploits or other techniques whereby it could automatically deliver its payload via the simple act of navigating the file structure.


Be sure to use media that's never been connected to the infected machine to copy off the needed data. Then be sure to thoroughly scan for anything that might be infected. Using several different scanning engines is best.


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...