[SOLVED] How to safely recover backups from a virus infected drive?

hihiip201

Distinguished
Dec 30, 2012
283
0
18,780
I had a SSD, and a HDD, windows 10 on SSD and HDD was secondary drive.
Last week I downloaded a program on my HDD, ran it, go infected / trojan that removed all my antivirus program.
So I reset my windows 10 on my SSD, created backup files from both ssd and hdd into one single backup folder, downloaded DBAN and made a DBAN bootable usb and wiped hdd.
I virus scan the backup folder with the reset windows 10, then imported my backup folder on my HDD, formatted my SSD and reinstalled windows on it with a windows 10 usb drive that I created long time ago (Which I have connected to my system before so not sure if it got infected either).

So now I have a relatively safe copy of windows 10 installed on my SSD in my system (my HDD is currently disconnected for safety reason).
I'm concern that A. My windows 10 usb drive may have been infected, and the formatting may not have completetly wiped the virus on my SSD, so right now my SSD is still not secure imo, B. I really want to retrieve the backup files in my HDD, they are my school notes which I really need for this quarter.



Question:
How can I further secure my computer (SSD, HDD clean windows 10) AND safely retrieve my backup files currently stored on my HDD without being infected again by potentially virus infected files in my backup folder?



Resources:
1 1 x DBAN usb drive which was created from the virus infected computer after reset.
  1. 1 x usb drive which was the windows 10 usb that I have now formatted cleanly with my macbook with the most secure option.
  2. My macbook, which I believe should be virus free since I have only connected the two usb drives to it but never transferred any files from the usb drive to the macbook.
  3. Friend's computer with windows 10 that I can use to safely create bootable usb drives.
  4. A new SSD that has just arrived in my mail yesterday.
  5. I can get another usb drive if needed.


Sorry about the long post, I figure the only way to get help is to be as clear as possible about my situation.
Thank You so much for your help in advance!!
 
Solution
My favorite go to tool for infections is the free Kaspersky Rescue Disk 18, which is bootable from USB or optical drive and it cleans rootkits, viruses and trojans out well. You usually do need to do a registry repair or reinstall after because of the malware effects on the registry keys. It can at least allow you to safely remove a lot of data after it is run before the fresh install.

RealBeast

Titan
Moderator
My favorite go to tool for infections is the free Kaspersky Rescue Disk 18, which is bootable from USB or optical drive and it cleans rootkits, viruses and trojans out well. You usually do need to do a registry repair or reinstall after because of the malware effects on the registry keys. It can at least allow you to safely remove a lot of data after it is run before the fresh install.
 
Solution

hihiip201

Distinguished
Dec 30, 2012
283
0
18,780
My favorite go to tool for infections is the free Kaspersky Rescue Disk 18, which is bootable from USB or optical drive and it cleans rootkits, viruses and trojans out well. You usually do need to do a registry repair or reinstall after because of the malware effects on the registry keys. It can at least allow you to safely remove a lot of data after it is run before the fresh install.

So I actually don't really care about the health of the drive (it was a secondary drive), I am okay with nuking it as long as I can retrieve the back up folder before - which only consist of simple files like txt , notepads, word documents, pdf and imgs. Would you still recommend this tool ? One of the response I got from a friend was that I could consider uploading this to a virtual machine for scanning, is that feasible?
Wasn't there some kind of concern with Kaspersky Resuce Disk regarding they are potentially spying on their users?
 

RealBeast

Titan
Moderator
So I actually don't really care about the health of the drive (it was a secondary drive), I am okay with nuking it as long as I can retrieve the back up folder before - which only consist of simple files like txt , notepads, word documents, pdf and imgs. Would you still recommend this tool ? One of the response I got from a friend was that I could consider uploading this to a virtual machine for scanning, is that feasible?
Wasn't there some kind of concern with Kaspersky Resuce Disk regarding they are potentially spying on their users?
Not with KRD 18, but essentially every antivirus daily program has potential backdoors for somebody. KRD 18 is never installed and runs as a standalone and you generally would do a clean install after retrieving your data. VM scanning is a waste of time if you don't care about the data. A simple zero write, like DBAN or a diskpart clean all command would eliminate anything on the disk.