I occasionally help people with computer problems (avg 2-3/mo.) and
a majority have to do with infections – popups, running slow, etc. I
generally am successful running Adaware, House Call, Spybot and
installing/running AVG along with defragging, emptying temp folder,
reducing restore size from 12%, etc. Occasionally I have to format and
I had a PC recently that was so infected and so slow it would not
load or run any corrective software or even go on the internet. I
thought I would have to format but before that, I removed the hard
drive and installed it as a slave in another computer. There I was able
to run the anti-virus/spyware/malware software. When I put it back in
the original computer, most of the problems were gone, and I was able
to complete the cleanup without any further problem.
My first question is, is this a safe and reasonable technique? And
second, if it is, is there a way to use it on a laptop, other than by
removing the hard drive, adding a laptop/EIDE adapter and using it as a
slave like I did before?
Well, it’s probably about 95% safe and reasonable. And also fairly
common, since the alternative is to reformat and reinstall.
It’s that 5% that should worry you.
Add yes, there are ways to do it for your laptop’s drive as
For those not familiar with the technique, what’s being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive – D: perhaps – rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.
Here’s the part of the problem that concerns me, and should concern you:
Once your machine has been
it’s not your machine any more.
This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.
Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can’t know that you’ve actually been successful. There may still be something lurking that all your tools missed.
The only way to avoid it is to reformat and reinstall.
That’s why I say that the approach you’re taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won’t.
In the worst of cases, you’ll carry the virus to the other computer and infect it.
And you may, or may not, find out about it until after it’s too late.
That’s the 5% of worry.
And for the record, I have no idea what the real percentage of failure honestly is – could be 80/20, 95/5 as I’m using here, or 99.999/0.001. All I do know is that it’s most assuredly not 100/0.
Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it’s probably something I’d try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.
And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.
If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.
And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.
But regardless of what machine you install it in, or how, make sure to take as many precautions as possible to protect that machine from whatever is on that infected drive. You don’t want to be part of that 5%