I occasionally help people with computer problems (avg 2-3/mo.) and
a majority have to do with infections – popups, running slow, etc. I
generally am successful running Adaware, House Call, Spybot and
installing/running AVG along with defragging, emptying temp folder,
reducing restore size from 12%, etc. Occasionally I have to format and
I had a PC recently that was so infected and so slow it would not
load or run any corrective software or even go on the internet. I
thought I would have to format but before that, I removed the hard
drive and installed it as a slave in another computer. There I was able
to run the anti-virus/spyware/malware software. When I put it back in
the original computer, most of the problems were gone, and I was able
to complete the cleanup without any further problem.
My first question is, is this a safe and reasonable technique? And
second, if it is, is there a way to use it on a laptop, other than by
removing the hard drive, adding a laptop/EIDE adapter and using it as a
slave like I did before?
Well, it’s probably about 95% safe and reasonable. And also fairly
common, since the alternative is to reformat and reinstall.
It’s that 5% that should worry you.
Add yes, there are ways to do it for your laptop’s drive as
For those not familiar with the technique, what’s being proposed is simply this: take the hard drive out of the infected machine, and install it as a 2nd hard drive in another working machine. There it will simply appear as another drive – D: perhaps – rather than as the system drive. The operating system will boot from the presumably clean primary drive, and then diagnostic tools can then be run against that second drive to clean it up.
Here’s the part of the problem that concerns me, and should concern you:
Once your machine has been
it’s not your machine any more.
This is independent of how infected your machine is, or how difficult it appears to be to clean it up. Once infected, you can never really trust it again.
Now, most of the time you can, indeed, clean it up through varying degrees of effort, and have a working machine. But you simply can’t know that you’ve actually been successful. There may still be something lurking that all your tools missed.
The only way to avoid it is to reformat and reinstall.
That’s why I say that the approach you’re taking is 95% safe and reasonable. Usually, it will work just fine. On the other hand, sometimes it won’t.
In the worst of cases, you’ll carry the virus to the other computer and infect it.
And you may, or may not, find out about it until after it’s too late.
That’s the 5% of worry.
And for the record, I have no idea what the real percentage of failure honestly is – could be 80/20, 95/5 as I’m using here, or 99.999/0.001. All I do know is that it’s most assuredly not 100/0.
Most people are willing to take the risk to avoid the reformat/reinstall scenario. Certainly if you have a sacrificial machine with nothing important on it, perhaps not even connected to the network, to use as the temporary host for the drive it’s probably something I’d try myself depending on the circumstances. It can be a great way to get data off of an un-backed-up drive if nothing else.
And yes, you can do this with laptop drives as well. The issue becomes one of cabling in the second machine, as not all desktops come equipped with the right kind of cables for the drives used in laptops.
If this is something you might to often, an alternative is to get a USB interface or external hard drive enclosure specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.
And if this is something you expect to do a lot, then I believe that there are even external interfaces where you can simply insert the drive without all the cabling work.
But regardless of what machine you install it in, or how, make sure to take as many precautions as possible to protect that machine from whatever is on that infected drive. You don’t want to be part of that 5%
16 comments on “Is it safe to install an infected drive into a working machine to clean it?”
I use Avira Antivirus. It’s totally free and has the option of running a virus check before windows is loaded thus giving it the ability of removing files containing viruses that would be locked and protected from deletion when windows is running. I’ve cleaned a few stubborn viruses and trojans that way and is a good alternative in many cases to putting a bad disk into a good computer. If this doesn’t work try booting from a live Bart PE and running an AV from that. That is probably just as effective and much safer than putting a bad disk into a good computer. If you don’t know how to create and run a PE disk than you really should think twice about putting an infected disk into your machine.
In a case like the one described above there is more simple solution (imho) – special live cd. Many antivirus vendors have such live cd’s. Look for example at DrWeb Live CD – http://www.freedrweb.com/livecd?lng=en
I keep an old XP machine around for just such an occurance. It has all the programs and install files I use. Thus, if that 5% becomes more than a statistic, who cares!
Hears my take on this. my engine in my van had a knocking noise in it. then i discovered I am really low on oil. i put oil in and it stills knocks. the damage is already done. like an operating system the registry files are corrupted and can’t be repaired. first thing is reformat and partition your drive. this way xp will see it as two drives and you can reformat and not loose all your programs. first and foremost buy a good anti virus and a firewall. if you can spend good money on a computer then protect it. I use sunbelt software vipre and their firewall. I have never had a problem because it stops all the bad guys at the door. it the best i have found and it is not a resource hog either.now the last thing buy a second drive and backup all your important files. by the time you fool around switching drives you can do it the right way format and start new.
I’m doing the same all the time, just make sure your anti virus/spyware are updated and dont load windows normally… attach the infected HD and load the windows in “SAFE MODE”. Windows will recognize the new HD, just start your Antivirus and do full scan for it.
I think this will make it 99.9% safe to do this as I’ve never seen a virus that can start it’s job in SAFE MODE.
I don’t get the comment by Leo “an alternative is to get a USB interface or external hard drive enclosure (specifically for this size of hard drive, and then perform the repair work with it installed as an external drive.)” I understand this to mean you just use an external drive to hook up to the USB port of the infected computer or take the infected drive and put IT into a usb drive enclosure?
Also I cannot subscribe to this topic with an RSS Feed-I get an error message. Frank C.
What’s the difference between installing the infective drive as a slave and either hooking up a good drive by USB or hooking up the infected drive by USB?
What is a live Bart PE?
If you handle this problem by using an old XP computer and this supposedly good, old XP computer runs into this 5% liability what are you going to do, have a stack of good, old XP computers to take its place?
Fahad’s comment about starting the good computer in safe mode with the attached infected drive hooked up by USB seems the best primary way to go.
But I’m a single user, at best probably involved with a computer problem with my family every 2 years. I’d have to keep a computer around for an event that might never come up. Frank C.
If I have a computer that I suspect is infected, would it be safe to back up the documents and settings files to a place like MOZI online backup or could a virus go along with even one of those files and when downloading later get it
back on my computer after reformatting?
There is a great product sold by Cyberguys.com that allows you to connect SATA and IDE drives (or both at the same time) to another computer using a USB cable. Item # 131 0852. It comes with all the cables for power and data, and makes scanning as well as formatting and pulling off data from non bootable drives a snap. I bought one for $40.00 and am very pleased with it.
I wouldn’t just hook it up to my main regular use PC. For this purpose it’s best have a “bare bones” basic utility machine that is equipped with a good backup solution, and updated with current win updates & current reputable AV, & any other anti-whatever tools required, and “recently backed up”, preferably in the previous minutes to less than an hour before the connection of a possibly or actually infected HDD,
then connect the HDD, scan it, clean it, etc. for this type of scanning & virus etc. infection removal it’s best to have an anti-whatever program that can load the registry from another OS install, in this case the registry on the “other HDD”, if the registry can’t be scanned then it could be an exercise in futility since the registry can contain keys that point to encrypted self-installers or internet retrieval calls for reinstalling or redownloading the virus, malware, etc. and then you’ve wasted all that time.
I have done this…and I paid the price. Depending on the virus it indeed can infect the second computer INSTANTLY EVEN IF YOU HAVE GOOD ANTIVIRUS SOFTWARE!
The question is, do you feel lucky punk? Well do you?
I have an infected HD in boot and pc won’t start noteven with an original MS install cd booting from F12 boot cd/dvd i just won’t read it. Can I refotmat HD in a deferent computer with an external enclosure and then reinstall windows program?
I have done this for years as a tech in the PC field and can tell you I never had a problem doing this;
1)I boot up in “Safe Mode”
2)I have my anti-virus software active in “real time protection”
3)I use a USB caddie so I can install it after windows is running
4)I run it “Sand Boxed” in Sandboxie to so that nothing bleeds that I can’t kill…
I suggest if anything at least run it under “safe mode” first, scan next, and finally back it up.
Once done… scrub, reformat, and fresh install. Thanks~