topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 3:11 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Help me back up a virus infected CD (!)  (Read 7276 times)

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Help me back up a virus infected CD (!)
« on: March 02, 2009, 11:19 PM »
a friend has an old cd from which he intended to retrieve some stuff but unfortunately his anti-virus scanner's spider sense was working and it displayed this error message (see pic). i told him to turn off his anti-virus temporarily and get his stuff, later he can run a full scan on his PC. at the same time, i'm thinking how can he back up this CD minus the infected file(s)? hopefully fellow DC'ers could come up with some solutions.. :)

ws-got-virus-1.png


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #1 on: March 02, 2009, 11:33 PM »
as you say the best thing to do would be to
1) scan the cd with the antivirus tool and make note of all infected files.
2) *VERY* CAREFULLY: disable the antivirus program and COPY the non-infected files from cd to hard disk folder
3) re-enable the antivirus and scan copied files to double check

You *REALLY* have to be super careful with step 2 -- if you accidentally double clicked on one of the infected files while you were copying them with the antivirus off and launched it, you could infect your pc.

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #2 on: March 02, 2009, 11:55 PM »
I assume that the advisory you received is just that, an advisory, ie a 'virus' was found in one of the files on the CD, rather than in  running process...

I'm no expert, but it seems to me you shouldn't really need to disable your AV to do this

you should be able to copy ALL the files without problem, just so long as you don't run anything

once you've got everything in a (quarantine) folder, rescan it and you should expect your AV software will do it's thing and delete/clean/whatever any nasties that may be lurking (it may well be worthwhile checking with a couple of alternative scanners though, just to be sure)


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #3 on: March 03, 2009, 12:11 AM »
Target may be right, as long as you avoid trying to copy those bad files your antivirus should let you copy the good ones.

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #4 on: March 03, 2009, 12:14 AM »
Though not really needed in this case, I think a virtual machine is a must-have these days for numerous reasons, MS Virtual PC is free, fast and supports hardware virtualization.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #5 on: March 03, 2009, 02:24 AM »
Disable the antivirus temporarily, copy the CD to harddrive, re-enable antivirus and scan the copied files, either deleting or quarantining the infected files - done :)
- carpe noctem

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #6 on: March 03, 2009, 04:19 AM »
I would add to be wary of autorun from the cd possibly infecting your PC when the anti-virus is disabled. To be safe also disable autorun, (it really should be disabled anyway in my opinion).

If the cd is just a backup it's probably an unlikely thing to happen.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #7 on: March 03, 2009, 04:58 AM »
Holding down shift while external drives (USB and CDs as far as I know) stops autorun from functioning.

Just copying an infected file to your hard disc shouldn't cause a problem - its only if you run an infected application that you have issues.

Crush

  • Member
  • Joined in 2006
  • **
  • Posts: 402
  • Hello dude!
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #8 on: March 03, 2009, 08:16 AM »
Attention! CIH is the most brutal virus existing that can delete your system-bios and your harddisc directly!

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #9 on: March 03, 2009, 08:36 AM »
It can also shut off your cable modem's fan and cause it to overheat while stealing your cat and making your teeth and air conditioner act up!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #10 on: March 03, 2009, 09:08 AM »
Dunno if CIH is the most brutal virus, but some versions did indeed erase your flash-bios - only works on Win9x afaik, though. And as for "erase your harddisk directly", it doesn't get more direct than what anybody with normal administrative privileges can do :)
- carpe noctem

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,169
    • View Profile
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #11 on: March 05, 2009, 12:26 PM »
In addition to the suggestion Nosh made (about a virtualization software) it is a good idea to have a "lab computer" for testing these kinds of things in isolation from the regular computer. With a pretty simple to make SATA power switch we can turn one computer into two. See this: http://lifehacker.co...your-own-sata-switch . This is of course a bit overkill for the case at hand but worth mentioning anyway.

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Help me back up a virus infected CD (!)
« Reply #12 on: March 05, 2009, 12:53 PM »
What I've done in a couple cases is using TeraCopy to copy the CD to the HDD, while leaving the AV enabled. You might get a lot of popups, but the non-infected files will be copied :)