dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
630
share rss forum feed


Bluefish
Premium
join:2010-02-23

1 recommendation

How to work with possibly infected external USB hard drive?

My friends Windows 7 Home Premium computer was recently infected by malware. I know part of the infection was a browser hijacker and there may have been more malicious junk infecting the machine. We opted to do a reformat and reinstall of the OS.

We had an external iOmega 500gb USB hard drive along with Acronis True Image Home as her backup solution. I'm assuming that the iOmega drive is infected too since it was storing the backups for the computer.

My question is, how can I safely access the iOmega drive to reformat it to remove any infection and will reformatting it remove any infection? I am concerned about possible autorun.inf worms, etc reinfecting the system that we worked so hard to reinstall everything on. The precautions I can think of are to connect the drive while logged into a limited user account after having turned off auto play in the control panel (I can't use group policy editor because its W7 Home version). Then I'd delete the limited user account when done or would it be better to get a new drive?

TIA



Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13

Use Win7 either safe mode or boot disk and wipe it Dos
»www.sevenforums.com/tutorials/68···tup.html

or use some bootable Linux distro and wipe it there

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13



Bluefish
Premium
join:2010-02-23
reply to Bluefish

Another thought, could I boot the PC with a Linux Live CD or a Windows 7 CD and then reformat the iOmega drive from the command line? Would that take care of any infection on the drive and keep the PC from getting reinfected by the iOmega drive?



Bluefish
Premium
join:2010-02-23
reply to Cudni

We must've been typing at the same time ... By wipe, do you mean reformat or actually writing 0's over the whole drive? Thanks



sbconslt

join:2009-07-28
Los Angeles, CA
reply to Bluefish

Boot with something like gparted livecd and empty the partition table, or DBAN and zero wipe the drive. But these are slightly paranoid methods. The risk of being infected from connecting an external USB data drive just to format it is not high, it would have to involve autoplay/autorun. On the other hand I don't think anyone has ever increased their cross-section of risk exposure by being more paranoid than they needed to be.