How do I browse a hard drive that has viruses?

security windows-7 virus external-hard-drive

Solution 1:

Using LiveCD is indeed the best and safest way. Here's why:

Effect of Autorun feature

If you're using Windows Vista or XP, you might need to disable Autorun feature, so your computer doesn't try to execute anything from the infected hard disk automatically. This Microsoft KB article says:

Starting with Windows XP SP2, AutoPlay is enabled for removable drives. This includes ZIP drives and some USB mass storage devices.

In Windows 7 this "feature" was disabled by default, and this fix was backported to Vista and XP, so if you're running Vista or earlier, you need to be fully updated or download and install this update manually. This is how Microsoft "tactfully" says that the malware from your USB disks will not run:

Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software.

Not running anything from infecting disk is not enough

If you don't execute or view or open anything (yes, including office files!) on your infected disk, the chance of infection is very small, but still non-zero. Here are some examples of how it could happen:

  1. Vulnerability in the thumbnail preview in Windows Explorer. For example, exploit Win32/CVE-2010-3970. Microsoft says:

    Exploitation can occur by simply browsing to a folder containing the malicious file - no further user interaction is required.

  2. Other vulnerabilities in Windows itself or in any of the Explorer extensions that you have installed. For example, some shell (explorer) extensions are still vulnerable to DLL Preloading remote attack.

  3. You must remember to disconnect it from your computer if you reboot, so your computer won't try to boot from the infected disk.

Conclusion

Because of the issues outlined above, I think the safest way is to use a bootable ("live") CD, scan the disk with an antivirus, then cherry-pick the files you need and copy them selectively to other media.

Solution 2:

Ubuntu or other non-windows LiveCD will give you a lot of protection, as it would have to be multi-OS malware, so the likelihood here is negligible, but...

Various forms of malware DO have the ability to hook into lower level activity and jump from your hard disk without you thinking you have executed, viewed or opened anything - if you are running Windows, as it tries very hard to be helpful.

The examples from comments below include Stuxnet and Autorun (which should be patched anyway, in an up to date Windows) but there are others.

Related

FTP server via command-line
Why can't I use my Bluetooth Headset with my laptop?
How do I trim Time Machine backup history?
Restore OS X Keychain
Emulating CP/M under Linux
What is device COM-MID1 in my router settings?
What is FB and VID usage in Asus GPU tweak
How can I print out 20 individual Word documents at once?
Replace a regular expression within vim with an output produced by a console command with the expression as its argument?
bash/readline for "move forward by whitespace-delimited word?"
In vim, how do I choose which window to load a quickfix item?
Does zsh support hash table as a built-in data type?