News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?

    Posted on February 5th, 2019 at 06:50 admin Comment on the AskWoody Lounge

    Give them a double washing.

    More great advice from Fred Langa on his website.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?

    This topic contains 9 replies, has 8 voices, and was last updated by

     AlexEiffel 2 months, 2 weeks ago.

    • Author
      Posts
    • #321470 Reply

      admin
      Da Boss

      Give them a double washing. More great advice from Fred Langa on his website.
      [See the full post at: Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?]

      1 user thanked author for this post.
    • #321544 Reply

      anonymous

      I use a Linux Mint DVD/USB boot media. It reads NTFS out of the box and is uninfectable from Windows’ c***.

      • #321582 Reply

        rc primak
        AskWoody_MVP

        Actually, Linux is perfectly capable of becoming infected with Windows executables. They won’t damage the Linux OS, so they don’t interfere with Linux operations. But when exposed to an infected Linux computer, a Windows PC can pick up the Windows-targeted executables very easily, and the Windows PC then becomes infected.

        This is why there used to be a cottage industry in “Linux Antivirus”, which was really scanning almost exclusively for these transferable Windows-targeted malicious executables. But over time, folks didn’t take up these products in sufficient numbers, and they have fallen by the wayside.

        Moral is: when transferring files or data from a Linux installation into a Windows installation, scan every incoming file with Windows antivirus scanners before allowing anything onto the Windows PC.

        -- rc primak

        • This reply was modified 2 months, 2 weeks ago by
           rc primak.
        3 users thanked author for this post.
        • #321684 Reply

          AlexEiffel
          AskWoody_MVP

          I think we need to distinguish between being infected with and containing an infected file.

          The idea to use a write-protected Linux to retrieve the files might protect you from some type of malware that hide below the file level when reading the NTFS drive from Linux.

          Also, if Linux isn’t infected, it insn’t infected. Transferring tainted files doesn’t even mean Windows will be infected either if the file isn’t run in some cases, although yes, in specific contexts if the file was read and triggered a buffer overflow on a vulnerable app in Windows, then you could have the Windows PC infected. The vulnerable app could be an antivirus scanner, an image viewer, a pdf reader, Word, etc.

          So using Linux to retrieve data, using an antivirus Linux product, then copying the data back to a clean patched Windows drive and then mounting that up as a data drive only in a clean Windows with an up to date antivirus might be a good idea since you will have more chances to only copy files and avoid rootkit type issues or other Windows antivirus vulnerabilities at the first stage.

          Then, you make sure to not run those files or have them read by programs with vulnerabilities for a while. Your risk will still not be 0, but waiting a bit for antiviruses to catch up with the 0 days threats is not a bad idea and will lower your risk at well. That sounds like a lot, but being infected might not be always a minor issue that is easy to fix. And we always need to remember that antiviruses are not a panacea. They might not detect a lot of new or less common malware for a very long time.

          • This reply was modified 2 months, 2 weeks ago by
             AlexEiffel.
          1 user thanked author for this post.
    • #321573 Reply

      Cybertooth
      AskWoody Lounger

      No single antivirus software catches everything: I would run two different AV scanners from Live CD/USB media on the old laptop prior to the scan that Fred proposes after copying the files to the external HDD and plugging it into the new computer.

      Some may consider this overkill, but to my mind the extra step is well worth it if I have any reason to believe the old laptop might be infected.

       

      • This reply was modified 2 months, 2 weeks ago by
         Cybertooth.
      3 users thanked author for this post.
      • #321599 Reply

        GoneToPlaid
        AskWoody Plus

        I agree. I would also suggest running a rootkit scanner and removal tool.

        1 user thanked author for this post.
    • #321589 Reply

      rc primak
      AskWoody_MVP

      I would like to point out that many if not most of these stand-alone, bootable scanners have been abandoned by the major AV vendors, and are no longer supported.

      Some which are still supported include the ones from BitDefender, Kaspersky and Trend Micro.

      If you pretend you’re running Windows 8.1, you can follow those instructions to download and create a CD or USB Flash Drive version of Windows Defender Offline. This may be necessary if your system won’t boot fully into Windows, a common side-effect of an infection. On my Intel NUC with a dual-boot, I cannot get the built-in Windows 10 version of Windows Defender Offline to complete a scan and file its report. Whatever the cause of this abort and restart behavior, I would have to run WDO from bootable USB media. The last update of the bootable form of WDO used WinPE3, which is pretty far out of date.

      I concur with Cybertooth that running more than one offline scan is good insurance. Belt and suspenders, you know!

      To be honest, since I use system image backups and full data backups, as well as drivers and some configuration files, I’d rather just do a low-level disk reformat and reinstall Windows 10 from my backup image. Making sure of course that the image selected was from before the infection was suspected.  That’s the only way to make sure nothing survives the cleanup, unless hardware microcode or firmware got infected, which can happen these days.

      -- rc primak

      2 users thanked author for this post.
    • #321713 Reply

      OscarCP
      AskWoody Plus

      According to Alex Eiffel: ”  …yes, in specific contexts if the file was read and triggered a buffer overflow on a vulnerable app in Windows, then you could have the Windows PC infected. The vulnerable app could be an antivirus scanner, an image viewer, a pdf reader, Word, etc.

      To me, as written, and correct me if I am wrong, as I might well be, this suggests that scanning the copied files for viruses and other malware can trigger an infection, which would run contrary to the advice of scanning with antivirus also offered here and, to me again, seems like a logical precaution. Perhaps someone could explain this, as this is a topic of considerable interest, so others non-experts might not be left, on reading these entries, equally puzzled as I am.

      1 user thanked author for this post.
      • #321727 Reply

        woody
        Da Boss

        scanning the copied files for viruses and other malware can trigger an infection

        I’ve never seen that happen.

        2 users thanked author for this post.
        • #322001 Reply

          AlexEiffel
          AskWoody_MVP

          https://borncity.com/win/2017/06/30/stack-buffer-overflow-vulnerability-in-avast-antivirus/

          https://landave.io/2017/06/avast-antivirus-remote-stack-buffer-overflow-with-magic-numbers/

          Although you might not have seen it, antivirus are a great asset to compromise due to their low level access to the OS…

          So, Oscar, to respond to you and other users, yes, in theory, it would be safer although not very useful to just copy your files on Windows and let them sit there forever without ever opening them with an antivirus or anything else until you end up switching to Linux. 😉 And it would be safer to never use the Internet, or your computer.

          Jokes aside, this is a good question. One maybe reasonable compromise would be to let them sit a few days if possible so if any vulnerability that is not kept very secret by some dark organization or nation got out and was patched, your antivirus would not be vulnerable anymore. But, yes, this might not be a very high risk anyway since vulnerabilities known only to secret organizations might be used mostly to do targeted attacks, it’s just for the sake of being rigorous that I mentioned antiviruses among many other apps. Those things exists. Antivirus are complex products that read files so of course they are not immune to these type of vulnerabilities.

          But my suggestion to let files sit a bit was not just for antivirus vulnerabilities, but to give a bit of time for antivirus to catch up with the latest malware signatures so that a virus that had infected you on the other computer might now be recognized before you open it again with a vulnerable app, antivirus or another.

          1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Fred Langa: How do I safely transfer files from an old, possibly infected laptop to an external HDD?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: