Removing Malware/Virus from HDD from another PC

[EAPTCB]

Hello everyone.

A friend of mine has been infected with malware and or viruses. I tried to help remotely, but his internet access is blocked, his antivirus software has been disabled, windows firewall is off and previous tools which I put on there ages ago for him, like Malwarebytes have disappeared. The laptop boots up very slowly and he can even boot up in safe mode with or without networking. Oh, and he never 'got round to' creating any restore disks or backups/images to revert back to and the icing on the cake, all restore points have been deleted too.

He doesn't want to go down the reformat route because he has 2 expensive DJ/music editing applications which were installed for him by a friend who kindly gave him a spare licence, who has now moved abroad and has lost contact with.

I have asked him to send me the HDD to see if I can help him out (he lives miles away) my thinking was, that I could connect the drive via my Caddy/dock and run various tools to eradicate the offending blighters. However, I remember reading somewhere that it is not good practice to run malware removal tools from a harddrive which is docked, unless it is absolutley, necessary. Is this the case?

Would it make sense to set up Oracle VM and use the offending drive (which will be docked via USB) as the main drive for Virtual Box machine and then run the malware tools that way?

Some help would be appreciated, as intially, this looked pretty straight forward, dock it, scan it, repair it, job done. But on hindsight, it's not that simple!

[Compton]

just connect the hard drive to your computer

this video should be a good guideline

[Timster]

Best case would be to have him send you the entire computer (assuming it is a laptop). If you get just the hard drive you have no way of knowing if any damage is done to the operating system.

[EAPTCB]

Thanks for the help and ideas thus far. I should be receiving the HDD over the weekend.

I forgot about repairing the OS should it be damaged. Surely there must be a way of doing that with all the tools and apps available today to be able to access the operating system in a virtual environment, or something similar so I can 'run windows' off a docked drive?

[Britec]

You can use a USB hard drive dock and scan in that if he sends you the hard drive. Its not the ideal way, but it is possible. Be careful not to delete any windows files or the system will not boot.

[Compton]

scan the hard drive with resource disk then hook the hard drive up to your computer boot into safe

[EAPTCB]

I appreciate the help guys. I'll let you all know the outcome!

[EAPTCB]

Hi guys,

I managed to sort out the problem with my friend's hard drive, it's up and running and completely clean! Here's the steps I took, hopefully, anyone else in a simialar situation may find it useful.

1) Safety first - I created a system image of my computer, backed up my user data using Fab's Autobackup and then after removing my external drive from my computer, I created a restore point. (overkill, I know, but hey, better safe than sorry!)

2) After docking the offending drive, I booted my computer using Kaspesky's Rescue Disk and let it run the course. After a while, Kaspersky found 2 viruses, 29 Trojans and a Rootkit! After letting Kaspersky do its thing and following the 'reccomended' actions, I restarted my PC.

3) With the drive still docked, I scanned the drive with Avast! Antivirus. it found a further 2 Trojans and some tracking cookies. It was difficult to run many other utilities, since the docked drive was just a glorified USB drive whilst docked, so I knew that I would have to connect it to my PC if I was going to run other tools.

4) After opening up my case and connecting the drive to my PC, I ran Superantispyware. It found 897 'threats' ! (although most of these were tracking cookies, PUPs and other non-critical stuff) I also gave it another quick scan with Kaspersky's TDSS Killer- nothing found.

5) I ran an online scan with Eset's online scanner, a further 3 Trojans were found and 17 PUPs

6) I ran a scan with ADW Cleaner and got rid of several browser plugins and toolbars and more cookies.

7) I finished off with Hitman Pro (which came up clean, apart from cookies) and a scan with Malwarebytes which found 3 'suspicious' files which turned out to be OK.

8) I removed the drive from my PC and then ran Hitman Pro, Malwarebytes Premium and a full system scan with ESET online scanner on my PC just to be sure - everything was clean (phew!)

I then sent the drive back to my friend, and after he connected it, I made a remote connection to his PC with Teamviewer, I uninstalled all the crap that his son had download, using Revo Unintaller at which point my friend told me that his son admitted to him that he was downloading 'lots of things' from uTorrent, and because the firewall and antivirus kept 'annoying' him he thought he would turn it off, as it was 'interfering' with the downloads!!!

I then installed and ran Tweaking.com's Windows repair tools and applied various fixes for internet connectivity and file/folder permissions, among other things. Finally, I scanned his system with CCleaner and everything was working like it should.

So there you have it folks, if my friend had remembered the three most important things with computers, Backup, Backup, Backup, all it would have taken was a reformat and fresh install on Windows to sort out the problem, instead, (and very luckily) I was able to weed out the nasties bit by stubborn bit.

I must admit it felt quite rewarding 'winning' against the Malware.

[Timster]

Good job EAPTCB

[Britec]

Good job EAPTCB. Beating Malware and not reformatting a computer is a great feeling, also its a sign of a good tech who knows how to fix and repair a computer without formatting the machine.