There are many types of malware. Some are easier to remove than others. Often, antivirus packages can sweep the drive, removing malicious files. But that doesn’t always work.
Sometimes, a complete system wipe is the only option. The potential for data loss is very high in that situation. You need a clean computer, but don’t want to lose your important documents.
So, here’s how you can safely copy files from an infected computer.
How Do You Clean An Infected Drive
There are two methods you can use to delete files from an infected drive. However, all of them involve cleaning the drive first before you start copying files from the source of the infection to a clean drive.
- Use an antivirus boot disk to scan and clean the drive before wiping
- Remove the drive and plug it into a second machine for cleaning and copying
You don’t want to start messing with a malware infection, or worse, ransomware. In theory, you can start copying inoperative system files to a clean disk. However, since malware can attack and hide in multiple locations, why risk re-infection after trying to copy everything?
Use Antivirus Boot Disk to Clean Your Drive
The antivirus boot disk is a complete antivirus package that comes in the form of a Live CD/USB. Live CD/USB is an environment where you can boot without using the host operating system. For example, your infected machine might be running Windows 10, but the antivirus boot disk doesn’t interact with Windows 10 in any way.
Since the antivirus boot disk does not interact with Windows or any other host operating system, it will not trigger any malicious files. Meanwhile, if you try to run an antivirus or antimalware suite from within an infected operating system, there is a good chance that malware will fight back.
Download and Create Bitdefender Rescue
First you need to download and create a bootable antivirus disk on a known clean system. You cannot complete this process on an infected machine as it may crash the process. I used the Bitdefender Rescue CD for this example.
Next, you need to burn the backup disc to a USB or CD. I’m using USB because that’s what I have to work with, and I’ll be using UNetbootin to burn the ISO to a USB.
- Open UNetbootin and insert the USB drive. Please note that this process will completely wipe your USB flash drive, so back up any important data before proceeding.
- choose Diskimage, then browse to Bitdefender Rescue ISO
- Select the USB flash drive you want to use, then press OK.
How to Scan and Clean Using Bitdefender Rescue
Once the process is complete, insert the Bitdefender Rescue USB into the infected system. Once you turn it on, press F11 or F12 to enter the boot menu. (Boot menu keys vary by machine.) Use the arrow keys to select the USB drive and boot to the Bitdefender Rescue drive.
Select Start Bitdefender Rescue CD in English and press Enter. You must agree to the EULA. Once approved, Bitdefender will automatically update, then start scanning for any local drives it finds. Bitdefender scan automatically quarantines and removes malicious files.
At this point, I’m going to run another scan to make sure nothing is flying under the radar. Once your scan confirms the drive you scanned is clean, you can copy it to another computer.
Thanks For Visit
Other Linux Live Rescue Disk
The Linux Live USB/CD is very similar to an antivirus rescue disc. You boot into an environment outside of your regular operating system, but you can still interact with your local files and folders. In this case, you can scan your local files before extracting them to a clean external system.
Remove the Drive for Cleaning
The second and less recommended option is to wipe the drive from the infected system. Once removed, you can connect the drive to an alternative system to scan. In theory, as long as you have a strong antivirus or antimalware suite installed on the second machine and, most importantly, you don’t interact with or execute any files on the removed drive, you can scan without causing problems.
There are a few things you’ll need for this approach to work.
Antivirus or Antimalware
The first is a strong and up-to-date antivirus or antimalware package. If you don’t have premium protection yet, I highly recommend Malwarebytes Premium.
Furthermore, I would also suggest using a sandbox tool during the data transfer process. The sandbox creates a temporary environment within your operating system. If there is a problem with data transfer, such as malware turning on, you can close the sandbox to delete everything in it. Therefore, Shadow Defender is a very good option.
You can use Shadow Defender for free for 30 days, which is ideal if you only have one system to transfer data to. Otherwise, a lifetime license will set you back about $35.
The idea with Shadow Defender is that you turn it on, creating a virtual restore point. From then on, you can play safe with anything on your system because once you restart your system, Shadow Defender will erase all system changes. If you trigger malware on an infected drive, a combination of antivirus/antimalware and rebooting to restore the sandbox tool will keep you safe.
There are Shadow Defender alternatives available for macOS and Linux:
The last thing to remember is to disconnect the clean machine from the internet before copying or scanning for malicious files. Any malware that requires a network connection will stop working. However, before disconnecting from the internet, make sure you have the latest virus definitions, ready to catch any malicious activity.
Infected System Checklist
So, to recap, you will need:
- Download, install and update the antimalware suite
- Download, install and update sandbox tool
- Unplug your system from the network
Then you can plug in a potentially infected external drive, scan it, clean it, and hopefully be free of malware.
Keeping Your System Clean
The most difficult thing with a malware infection is understanding whether the system is really clean. You can scan the system with several antivirus and antimalware tools, and they may still be missing something.
Fortunately, most of us “only” experience common forms of malware. You should keep your eyes open for phishing attempts and other drive-by malware attacks, but these are all generic types of malware. For the most part, only high-value targets need to worry about targeted malware attacks.
Thanks For Visit