Video Screencast Help

Dangers of mounting the image of a drive infected with a virus?

Created: 22 Feb 2010 • Updated: 24 Aug 2010 | 2 comments

I have a computer here that is infected with mutliple viruses and what I believe to be at least one rootkit.
It is now so hosed up as to not be able to boot at all.

I am considering capturing a Ghost image of the drive to a USB hard drive
I would then mount the image on another computer and attempt to scavange the user data from within the image.
This is mostly family photographs that were (of course.......) not backed up.

While nothing is perfect, is it reasonable to "assume" the risk of transferring the infection to the host computer on which the image is mounted is minimal?

I would not be executing any programs, and I do understand that viruses could be injected into the image files or etc.

Is there a better approach?
If not, what additional precautions might be in order ... beyond of course running NAV with the latest signture updates on the host computer ;-)


Comments 2 CommentsJump to latest comment

djsamix's picture


What you describe dosen't seems efficient ;)
I suggest you to go to and download a iso that you would burn on a DVD.
After, you can boot the dvd on you computer and use Ubuntu, without installing anything. you will be able to connect to a network and navigate thru your files. There is even an antivirus, so you may be able to remove your viruses. There is plenty of documentation if you use search google, try "save data live cd ubuntu" :

Good Luck

NCHoser's picture

Alas, I'm all about INefficiency ............   ;-)

Seriously, thanks for the suggestion!  I like it....

I didn't say it, somewhere in my "thinking" I was considering the possibility that after I do the (initial) data extraction, reformat the drive and re-install Vista to the fresh empty drive that .... (with my luck) sometime about 3 months later the customer will come back, tears streaming down her face and blurt out something like:

"I can't find our only digital picture I had of great Aunt Sophie ... I had it saved in a special place on the hard drive ...  C:\windows  ... was where I put it ... because Aunt Sophie was looking out a window..."

And at at that point the image file might become pretty handy even if I had to "sacrifice" the host machine after extracting it....  ;-)