How to work with possibly infected external USB hard drive?
My friends Windows 7 Home Premium computer was recently infected by malware. I know part of the infection was a browser hijacker and there may have been more malicious junk infecting the machine. We opted to do a reformat and reinstall of the OS.
We had an external iOmega 500gb USB hard drive along with Acronis True Image Home as her backup solution. I'm assuming that the iOmega drive is infected too since it was storing the backups for the computer.
My question is, how can I safely access the iOmega drive to reformat it to remove any infection and will reformatting it remove any infection? I am concerned about possible autorun.inf worms, etc reinfecting the system that we worked so hard to reinstall everything on. The precautions I can think of are to connect the drive while logged into a limited user account after having turned off auto play in the control panel (I can't use group policy editor because its W7 Home version). Then I'd delete the limited user account when done or would it be better to get a new drive?
CudniLa Merma - VigiladoPremium,MVM
Use Win7 either safe mode or boot disk and wipe it Dos
or use some bootable Linux distro and wipe it there
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13
|reply to Bluefish |
Another thought, could I boot the PC with a Linux Live CD or a Windows 7 CD and then reformat the iOmega drive from the command line? Would that take care of any infection on the drive and keep the PC from getting reinfected by the iOmega drive?
|reply to Cudni |
We must've been typing at the same time ... By wipe, do you mean reformat or actually writing 0's over the whole drive? Thanks
|reply to Bluefish |
Boot with something like gparted livecd and empty the partition table, or DBAN and zero wipe the drive. But these are slightly paranoid methods. The risk of being infected from connecting an external USB data drive just to format it is not high, it would have to involve autoplay/autorun. On the other hand I don't think anyone has ever increased their cross-section of risk exposure by being more paranoid than they needed to be.