Removing trojans and viruses from disk without booting into Windows

[debugger]

Trojans and viruses wil prevent you from performing most cleanup attempts when you are in the windows enviroment.

One technique I use is to:
1. remove the hard disk from its original PC.
2. Use an external USB enclosure and attach the Disk to that enclosure.
3. Connect the USB enclosure to another pc which has all the utilities such as Malwarebytes or AVG etc..
4. Run the cleanup utilities on the disk in the external enclosure.

Being that you are not booting from the external disk, the Parasites cannot "see"
the native Opsys,

This technique can also be used to back-up your data from a failing drive.

Nuff Said.

 

[Route44]

What USB external enclosure do you like to use?

 

[gbhall]

Usually, newish PC's have two drives, both SATA, so it is often just a case of disconnecting the optical drive and using that connector. Problems begin when the drive is coming from a laptop.

Two possibilities - the drive is IDE, you would possibly need a small IDE to 'standard' IDE adapter - very cheap. But if the donor PC does not have IDE drives, there is almost always an IDE connector on the motherboard although you might have to aquire an IDE cable.

Second possibility - When the laptop drive is sata, I don't know what you do, sorry. Already there are several combinations, and few will have all the necessary connectors to hand. Hence the question about a portable external USB enclosure is relevant, since all PC's support USB.

What you can't do is push a SATA drive into an IDE connector or vice-versa.

 

[bbearren]

If there isn't another PC handy, or if your friend doesn't want an infected drive in his computer, you can also use a paralled installation of Windows to do the same things.

Also, Vantec makes a drive caddy (both USB and eSATA, and a couple that are both) that accepts a drive like putting a slice of toast in a toaster. They range from US$40 - 60. Do your cleanup, turn off the drive and pop it up like a piece of toast; very handy.

 

[Teranius]

Another possibility that works is to start in safe mode and then run ComboFix, an effective freeware virus removal tool.

Link: http://www.combofix.org/

 

[LittleGreyCat]

Another option - AVG offers a stand alone rescue disc.
free.avg.com/ww-en/226162

You can burn a CD or it will make a USB stick bootable and then install on there - without wiping the contents!

You then boot into a cut down Linux which has loads of utilities including virus/malware cleaners.

For me, the USB stick seems a good option because you can keep updating the virus database in slow time without having to burn a new CD or connect a potentially vulnerable PC to the network to get your updates whilst fighting an infection.

Cheers

LGC

 

[Teranius]

Looks interesting, I'm downloading it now.
Thanks for the link.