Tinkerhell

ok this is probably a noobish question but I don't know the answer and I figure some of the DH (err HWH?....) gang will know the most accurate answer.

If I yank a master harddrive out from one PC, slap it in an external drive enclosure & plug it up via USB and scan it with a second rig running a battery of AV will that catch everything? Assuming of course that whatever is infecting the HD is something that the various AV profiles know how to find?

I guess what I am specifically asking is are there any types of ad/mal/virus that only show up as such if the master drive & the resident OS is "engaged" rather than it just being an external set of files.

Am I being clear with my question?

Thanks for the help gang.

__________________
Stupidity should be painful if not terminal.
Darwin for Sainthood!!

MythicaL

I'm pretty sure it doesn't matter. AVs should detect infected content regardless of whether or not the drive is "actively" in use by the OS.

__________________


Always knew I didn't belong in this world. I wasn't made for this. But I'll never forget those who betrayed me, and those who never failed my trust.

BlueMak

I am confused about the words battery and engaged and what you mean by them in this question.

If the drive is connected through USB and you set your antivirus to search that drive, then it will search and depending if it is any good program, it will find the virus.
Just plugging in the drive will not automaticaly detect most viruses. You need to set it to search for them.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

charm_quark

well i would advice you to use an antivirus that lets you read the logs, such as the old kaspersky 7. the reason i'm saying so i that depending on the sophistication of the virus and the anti removal precautions taken by it, it may or may not you delete it regardless of the machine / type of scan.

the advantage of using the logs is that it will specify which folder are accessible and which folders are not!

have a look at this (acls), some thing i wrote when i got here!
this i can say anti virus are not foolproof, meaning that regardless of how you scan the AV will not pick it up, because it cannot access the folder of infection.

no there is none to my knowledge, AV do not differentiate between types of drives

PS: hope i have helped

__________________
Three quarks for Muster Mark!
Sure he has not got much of a bark
And sure any he has it's all beside the mark.
—James Joyce, Finnegans Wake

RoyBatty

Yes it will work like this, just like you would scan another folder on your main drive. It doesn't matter what type the drive is, as the guys above said.

The Avira Antivir generates a full report too. I just used it today to remove a trojan (which ClamWin didn't detect at all) from a computer at work. The virus file was locked, so Avira wiped it after reboot.

Edit:
BlueMak> I think that with "battery" Tinkerhell means several different AVs.
And I overlooked the last question - I've never heard of any malware that would behave like that.

BlueMak

Oh, you must never run more than one anti virus programs at the same time. That's what I follow for years.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

Tinkerhell

Thanks for the answers guys. Some were a little... confusing but I think I know the answer now & it is what I expected - the OS doesn't have to be up & running on a master drive to pick up & remove any infection that might be present.

BlueMak - Roy is right, by battery I mean running a series of different AV programs (in succession, not all at the same time). In my case, I have Avast Pro and Malwarebytes on my machine and then I swapped the external drive over to my wife's where I checked it out with Norton (I hate norton...).

I've stripped about 60 different nasties off this guy's master drive. It was all hosed up. Hopefully that will straighten him out. I've given the owner grief about not having an AV up & running on his box....

__________________
Stupidity should be painful if not terminal.
Darwin for Sainthood!!

Tipstaff

The only downside to doing a scan this way that this will only scan files, but the operating systems registry won't get scanned. It can also screw things up OS wise, in particular, files you delete could be tied into functions of the OS (rootkits love to do this), or rather called by the OS first which then get passed onto the real file in question (like Explorer.exe). Deleting those files can make the OS useless after that. Also, the AV software may not pickup on files that are part of a virus/trojan/rootkit that are responsible for "keeping" the system infected, so once you bootup the system, or the first time you go on the Internet the system could get infected again. I normally clone the drive before doing a scan like this unless I know that all I'm doing is scanning files with the intention of backing them up (to what I call a "safe system" that I don't care if it I get a virus on it or not), and doing a full format of the drive for reinstallation.

Anyways, once you've done your scan you'll still need to do a scan once the drive is back up and running on his system (if that's the intention). That, along with scans using other software, such as Malwarebytes Antimalware, or SUPERAntispyware, will help to clean up things the AV software will have missed. At the very least you'll get things to a point that he can either back things up, or maybe, if he's lucky, to a point where the system is "clean" or in working order.

__________________

Judas

There is a turning point where a proper cleanup will result in the master drives files and os software turns into "swiss cheese" and or it's just quicker, easier, and overall a better idea just to backup necessary files (making sure they are scanned) and doing a quick or normal low level format on the drive just to make sure.... reinstall the os and necessary stuff and your good to go.

Alot of these viruses are getting quite nasty even preventing the use of SFC and critical components of windows without doing a repair install and EVEN then, still not allowing things to work quite right even though everything is cleaned up..

__________________