Malware - can I add new OS onto new HD and then access files on infected HD?

[Chevy-SS]

My current OS (Windows XP Professional) hard drive has a hijacker/malware. It shows up as an extension (called toparcadehits) in Mozilla Firefox. It snuck in piggybacked onto a screen saver from CNET's Download.com (so BEWARE OF THAT SITE!!!). I have tried almost everything listed under "Captain Colonoscopy's" sticky (How-to Guide for Virus/Trojan/Malware Removal), but no luck.

It's time to upgrade to Windows 7 anyway, and I was going to also buy a new SSD (solid state) HD, for faster boots and usage.

If I install Windows 7 onto the new SSD, is it then safe to plug in an additional SATA connector to the infected HD and access files/programs that are located on the infected HD?

Many thanks for some help with this, Dave F. in Rhode Island

-

 

[mr.erik]

just make sure everything is up to date on the new system before hooking up the infected drive. I would also recommend creating a back up image of your system before hand, just in case.

 

[teh_chem]

No, it's not safe; depending on the type, it could just infect the next system if you simply plug it in to an open port. You should not try to recover files in a Windows environment. Try a Linux live boot disk.

 

[socK]

I think I've removed this from someone's machine at work...

Boot into safe mode, check add / remove programs, I think you can "uninstall" it there. Clean up with Malware bytes or something then nuke the browser profile.

 

[Chevy-SS]

I think I've removed this from someone's machine at work...

Boot into safe mode, check add / remove programs, I think you can "uninstall" it there. Clean up with Malware bytes or something then nuke the browser profile.

Yep, yep, I did all this and much, much more - all to no avail. I even used a regedit search for every key that contained anything named 'toparcadehits' and removed a bunch of entries.

The malware did show on scans (Malwarebytes) but after I deleted the Malwarebytes infected files and cleaned the registry, there is nothing detected.

I also totally removed Firefox using Rivo Uninstaller, and again went through the entire system and registry, removing anything that was associated with Mozilla or Firefox. And yet, when I reinstalled a brand new Firefox, there was the extension again - it had installed itself. I worry that it is stealing my information.

I'm guessing this is buried in the root or something? But I'm now all that familiar with how a rootkit works.

Thanks

 

[Chevy-SS]

No, it's not safe; depending on the type, it could just infect the next system if you simply plug it in to an open port. You should not try to recover files in a Windows environment. Try a Linux live boot disk.

This is an interesting idea, thanks. I've never used Linux, but I may give it a shot.

If I try to recover files, could the malware actually be contained in one of my original files, or would the malware be in its own file?

Thanks

 

[devman]

Honestly, once a machine has been compromised, no matter how well you clean it you can't ever really be sure you got it all. So generally I have to nuke it from orbit to be sure.

I usually boot a live Linux like PartedMagic or Knoppix and copy the data I want to save and blow away the drive and then reinstall Windows. This process works even better if you have an image to restore from, this is why whenever I do a fresh install of Windows I make sure I have a disk image once I do all the Windows updates and install the programs I want, that way if I ever have to nuke the system I can just restore the image and copy back any user data (either from backups or what was saved before the 'nuking').

 

[Chevy-SS]

Honestly, once a machine has been compromised, no matter how well you clean it you can't ever really be sure you got it all. So generally I have to nuke it from orbit to be sure. .......

Yes, I unfortunately concur. Thank you very much for the tips....