Very quick question on Trojan

[Andeh13]

A mate of mine has got a nasty Trojan on his computer(he knows what folder it is in and how it got there) that causes it to BSOD every time he turns it on. Even starting up in safe mode causes it to BSOD. He has some work on there he needs to get off.

If I plug his HDD into my computer, and copy & paste the work file off before formatting the HDD (so he can reinstall windows xp), will i risk infecting my computer?


Thanks guys, and sorry its in the wrong forum, just want to get a response ASAP before i do it.

[GoNz0]

plug it in and scan it 1st, see if it will boot afterward

[Whiternoise]

Why not just get a Linux live disk (Ubuntu should do) and then go and nuke the folder? Or use a windows live disk that has AV software installed on it..?

After you've done that just boot from a normal windows install cd and perform a repair if you need to (shouldn't do anything to your files).

I suspect it's done something else if it's blue screening on boot - like it's hijacked some registry settings, so running a scan from your computer should do the job. Something Spybot S/D will sort out any registry problems that a straight antivirus program won't.

I've just finished getting rid of Win32.Sality/NAR from my boot camp partition. Absolute nightmare. It blocked all the major AV websites, killed all running AV services and stopped task manager. I finally got rid of it by installing Nod32 (install file passed through from OS X) and immediately doing a scan. I tried that before and it would only open (while the virus was still rampant) once after the install. But yeah, infects just about EVERY .exe file on the hard drive, spreads to USB sticks, etc. etc. The infect count was about 500 from one virus!

I say this because you should be aware (and probably are) that some viruses infect a lot more than just one folder so if it's a similar trojan, it's possible. If you've got up to date antivirus/antispyware on your PC you should be fine, but it's always worth taking precautions.

[kalniel]

A mate of mine has got a nasty Trojan on his computer(he knows what folder it is in and how it got there) that causes it to BSOD every time he turns it on. Even starting up in safe mode causes it to BSOD. He has some work on there he needs to get off.

If I plug his HDD into my computer, and copy & paste the work file off before formatting the HDD (so he can reinstall windows xp), will i risk infecting my computer?

Yes, if by doing so you touch the infected file at all (eg caching etc.) chances are quite low though.

But better would be to boot off the XP disc into the repair console and manually delete the folder.

[smargh]

It's fine to plug in another drive as long as you have autorun/autoplay disabled completely, and if you do get any "do you want to play/explore/run...?" prompts be sure to just cancel the window, as they are often easily faked with XP.

Whether the BSOD is caused by the malware depends on what the BSOD text actually says.

To avoid potential re-infection, be wary of the content of his & your USB sticks if they have been plugged in to his PC.

[Saracen]

Personally, I'm a fan of the scorched earth approach to removing nasty virii and trojii.

So, worst case, I end up doing a format, including MBR etc, and then re-installing apps etc, from a known uninfected disc image, manually patching an updating, and then reloading data files. It tkaes a couple of hours and is a pain, but I get peace of mind from knowing the infectious little beggars aren't still lurking anywhere.

Of course, it's easier to do that without losing a truckload of stuff if you take regular backups, especially of essential data, etc, and if you take the precaution of doing regular Ghost/TrueImage type backups.

As such, it might not help your mate now, buy does perhaps hint at the road to take in the future.

[shaithis]

Personally, I'm a fan of the scorched earth approach to removing nasty virii and trojii.

like this ?

[Andeh13]

Many thanks for the response guys. We decided it was safer just to format it and start again, he found a copy of the work he'd done on a memory stick!


Ironically enough, now my PC wont start up (his HDD was only plugged in once it was formatted). It freezes during the 'welcome' screen of Windows 7. Time to download a repair disc

[CrazyMonkey]

Why dont you just delete the infected files outside of windows? Regain access and then scan? or run further scans from outside windows too..

[scaryjim]

Many thanks for the response guys. We decided it was safer just to format it and start again, he found a copy of the work he'd done on a memory stick!

I take it you made sure the memory stick was scanned prior to being used?

[Andeh13]

I take it you made sure the memory stick was scanned prior to being used?

Yeh, double checked that. Fixed my computer, dodgy DVD was in the drive which wasn't letting the PC start for some reason!

[Behemoth]

Personally, I'm a fan of the scorched earth approach to removing nasty virii and trojii.

So, worst case, I end up doing a format, including MBR etc, and then re-installing apps etc, from a known uninfected disc image, manually patching an updating, and then reloading data files. It tkaes a couple of hours and is a pain, but I get peace of mind from knowing the infectious little beggars aren't still lurking anywhere.

Of course, it's easier to do that without losing a truckload of stuff if you take regular backups, especially of essential data, etc, and if you take the precaution of doing regular Ghost/TrueImage type backups.

As such, it might not help your mate now, buy does perhaps hint at the road to take in the future.

Thats exactly what I do. After you've had a virus and you have been lucky enough to have been able to disinfect your system I always find things don't work properly after, or it comes back again. That said it would help if the people I help out used a decent security package like Kaspersky in the first place.

I know re-installing everythng from scratch can be a right pain in the gentlemen veg but I'd rather sepnd hours doing it right the first time, than spending hours doing yet another disinfection of the problem which you thought you cured only some days before.

[golwg]

Full format etc seems the safest bet.