It is and it isn’t.
When people think their machine is infected, I typically tell people to backup that machine. Yes, you are backing up a possible infection, but that’s actually okay. You’re never going to actually restore that infection simply because you know that it’s there.
So why backup?
Let’s walk through the scenario.
Become a Patron of Ask Leo! and go ad-free!
Why should I backup an infected machine?
When you backup, you’re preserving everything that you can. Like I said, the backup includes the malware, but it also has all of your data, your programs, everything. That means that no matter what havoc the malware – or removal attempts – might wreak, you always have a backup of your machine and your data.
Now, like I said, you should back up, but you must be careful not to restore the entire backup to your machine1. You’d use it only for pulling specific files and pieces of data that you know aren’t infected from that backup.
You can’t necessarily predict what files you’re going to want later, which is why you should back up the entire machine.
Backup, get rid of the malware, then backup again
Getting rid of malware sounds like it’s very simple to do. It may or may not be, but you need to do this if you suspect someone infected, hacked, or placed malware on your machine.
You’ll need to run your anti-malware tools – make sure that they’re up-to-date. Then, run an offline anti-malware tool. If you have additional malware tools, like Malwarebytes, run those until your machine comes up clean.
At that point, take another backup. Again, it’s a safety net. This says, “Okay, this is the machine after I did everything that I could to clean up the malware.” That way, you know that you’ve got a snapshot of that point in time as well.
Backup before you’re infected
Because you are doing backups, I need to throw out one additional option that may be easier than any of the above.
Restore your machine to an image backup that was taken immediately before the infection.
That way, the malware isn’t there yet. Moving forward, you know not to open that email or click on those links.
Backing up an infection does not infect the backup drive
One point that often confuses people is whether backing up an infected machine causes the backup drive to, itself, become infected.
Perhaps the best way to think of this is similar to the difference between a setup program, and the program that it sets up.
A setup program contains a program that you might want installed on your machine. But it’s not until you run the setup that the program is actually installed and ready to run.
Backing up malware works kind of in reverse: when malware is backed up its files are collected into the backup, but it’s not in any way that actually allows the malware to run. Now, once you restore the backup the malware may be able to do things, but as long as it’s just part of a backup somewhere it’s benign.
Infection versus hacking
Now, I have to throw out one additional caveat here. In your question, you said that you were hacked. Did you mean hacked, where someone gains access to your online email account? Or did you simply have malware infect your machine?
Malware on your machine is what we’ve been talking about here. That’s what anti-malware tools remove and why you could be originally concerned backing up the infection to your external hard drive.
On the other hand, if your account has been hacked – somebody other than you who isn’t supposed to have access to your account knows your account login name and password – that may have absolutely nothing to do with your machine. And in fact, it’s one of the things that can happen if you click the wrong link and login to what you think is a site that isn’t really the one that you think it is.
So, be sure that you understand the difference here before you get too concerned about the backup scenario.
If your account has been hacked, then I would point you to an article called, “Email hacked: 7 things you need to do right now.” That will walk you through the steps to recover and rescue your online account.