Cleaning Malware: Slave Drive or Bootable CD?

Kent knows that you can better scan and clean an infected PC's hard drive by not booting from it. He asked the Antivirus & Security Software forum if it's better to boot from a Linux CD and run security software from that, or to remove the hard drive, and attach it as a secondary drive to another computer.

Booting the infected drive can be dangerous. Even if it's so isolated that it can infect no other machine, the malware on it may be able to control the boot and protect itself from your security software.

Therefore, it's best to boot from other media in order to clean the drive. One option is to download and burn something like the AVG Rescue CD, which gives you a bootable Linux environment with malware-hunting and -destroying tools. (There are plenty of others besides AVG.)

The other option is to remove the drive, and either install it as a secondary, or slave, drive in a desktop PC, or use a SATA-USB adapter to turn it temporarily into an external drive. Either way, you're able to access the infected drive in Windows without booting from it.

Which is best? Attaching the drive to another Windows computer gives you access to more security programs, but it has its dangers.

If you're not comfortable with removing an HDD from one PC and putting it in another one, this isn't the time to try it. Aside from the inherent hassle involved, a mistake could infect the PC you attach it to.

Therefore, I recommend against attaching the infected drive to another computer unless you're very experienced and very, very careful.

Read the original forum discussion.

Contributing Editor Lincoln Spector writes about technology and cinema. Email your tech questions to him at answer@pcworld.com, or post them to a community of helpful folks on the PCW Answer Line forum. Follow Lincoln on Twitter.

Subscribe to the Security Watch Newsletter

Comments