Need to get into hard disk, but risk picking up a virus

bwarren97

Posts: 60   +1
Hello. I have a couple hard drives that my uncle was using previously, but he was recently hacked and got a really elusive virus on all of them. I have a USB hard disk adapter to connect to the hard drives externally, but if I connect any one of these hard drives to Windows, I risk picking up the virus automatically. I do have Ubuntu, but I am having trouble getting to the information on the other partitions.
How do I prevent Windows from automatically reading and executing infectious programs when I insert removable media?
 
Well, go into Windows and set your antivirus to automatically scan external drives. Make sure you turn off the external drive via a power button or just the power plug. Keep the USB in the PC, and then power on the external drive. The antivirus should automatically scan it.
 
How does one do that with Microsoft Security Essentials? Also, it might be helpful to point out that while this virus was active on my uncle's computer, his antivirus was unable to see it. I don't know if that would be the case with external drives.
 
Try using a boot disk like Kapersky Rescue CD, PartedMagic or Ubuntu Live CD/DVD. All three should be free to download. Disconnect your system drive(s) and boot with just the CD, then you can explore your uncle's HDD without worrying about your system drive being infected. This avoids any viruses from loading (especially since Windows isn't running) and lets you explore/recover folders and files. You can even try to clean the viruses off the drive using one of those rescue CDs, but success depends on how bad the infection is.
 
Using an alternative OS is a great approach. If the external hd was used in windows, then attempt to access it with OS X or Linux systems as the infections can't run on the alternative OS.

Be aware however, virus' can be trojans by hiding within specific file types,
eg: Microsoft *.doc, *xls macros and *.ppt files, screen savers, even animated gifs.

So when recovering files, it would be wise to copy them into a new folder (eg: RecoveredData) on a portable media device first. Then when you move the portable device to the PC, you can scan this folder with your Windows A/V product before you relocate them to their final destination.
 
There is a setting in MSE that allows for automatic scanning of an external drive. I think jobeard can better help you though.
 
Ok, let me clarify some things:
1. I have Ubuntu, but can't access some of the Hard disk's partitions with it. (there is supposed to be some program I can install, but I couldn't install it for whatever reason)
2. The person who did this was a HACKER, and, according to my uncle, he was able to get into both Windows AND Ubuntu. So, who's to say this hacker put code and stuff for all OS's in the virus?
 
Using Ubuntu as the primary OS? ok.

Determine the exact type of each partition.
That will help decipher which ones should be accessible and those not.

See this for what I mean.

The column heading ID is the partition type.

Get a screen shot of the FDISK output and paste into your follow-up
 
If you're trying to delete/format the drive then a live Linux disk can do that safely (Kapersky, Ubuntu or about a million others).

If you're trying to just get some information or salvage some files, you can safely do that with a live Linux disk. Linux isn't going to arbitrarily run things that you don't tell it to. Plus, you'll be able to run some virus scanners on the files you try to recover. Kapersky and PartedMagic are specifically geared for these sorts of missions. Generally, you can mount any drives that you need to access without issues. Multiple partitions shouldn't be a problem.

"Hacker" can mean a lot of things. Sometimes, you can still salvage the data/drive if you know what you want to do.
 
Back