Jump to content

Recovering images from a 2005-ish possibly virus infected desktop pc

ronfouchier
By ronfouchier
in Operating Systems
 Share
Posted

Hi there,

 

a friend of mine approached me regarding images stored on a 2005-ish desktop pc supposedly running Windows Xp or Windows Vista.

 

The machine spent the last 15 years in various basements and hasn't been turned on ever since.

 

My friend does not own a monitor with a VGA connection so I was considering getting a cheap IDE to USB adapter to be able to transfer the images directly from the harddrive to another system.

 

In addition to the hardware shortcomings he also mentioned to me that the system might have a virus on it.

 

I thought about setting up a Bootcamp partition on a MacBook to transfer the data, run malware bytes and similar software on the files, transfer them to his computer and erase the partition afterwards.

 

Any ideas/ comments, if this is an advisable course of action?

 

Thanks y'all

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
12 minutes ago, ronfouchier said:

My friend does not own a monitor with a VGA connection so I was considering getting a cheap IDE to USB adapter to be able to transfer the images directly from the harddrive to another system.

Keep in mind you'll still need power for the drive (Molex 4-pin).

 

12 minutes ago, ronfouchier said:

Any ideas/ comments, if this is an advisable course of action?

I would boot a Ubuntu live image from a flash drive and use that to copy everything, as it will have a much lower chance of something nefarious being ran accidentally.

Main System (Byarlant): Ryzen 7 5800X | Asus B550-Creator ProArt | EK 240mm Basic AIO | 16GB G.Skill DDR4 3200MT/s CAS-14 | XFX Speedster SWFT 210 RX 6600 | Samsung 990 PRO 2TB / Samsung 960 PRO 512GB / 4× Crucial MX500 2TB (RAID-0) | Corsair RM750X | Mellanox ConnectX-3 10G NIC | Inateck USB 3.0 Card | Hyte Y60 Case | Dell U3415W Monitor | Keychron K4 Brown (white backlight)

 

Laptop (Narrative): Lenovo Flex 5 81X20005US | Ryzen 5 4500U | 16GB RAM (soldered) | Vega 6 Graphics | SKHynix P31 1TB NVMe SSD | Intel AX200 Wifi (all-around awesome machine)

 

Proxmox Server (Veda): Ryzen 7 3800XT | AsRock Rack X470D4U | Corsair H80i v2 | 64GB Micron DDR4 ECC 3200MT/s | 4x 10TB WD Whites / 4x 14TB Seagate Exos / 2× Samsung PM963a 960GB SSD | Seasonic Prime Fanless 500W | Intel X540-T2 10G NIC | LSI 9207-8i HBA | Fractal Design Node 804 Case (side panels swapped to show off drives) | VMs: TrueNAS Scale; Ubuntu Server (PiHole/PiVPN/NGINX?); Windows 10 Pro; Ubuntu Server (Apache/MySQL)


Media Center/Video Capture (Jesta Cannon): Ryzen 5 1600X | ASRock B450M Pro4 R2.0 | Noctua NH-L12S | 16GB Crucial DDR4 3200MT/s CAS-22 | EVGA GTX750Ti SC | UMIS NVMe SSD 256GB / Seagate 1.5TB HDD | Corsair CX450M | Viewcast Osprey 260e Video Capture | Mellanox ConnectX-2 10G NIC | LG UH12NS30 BD-ROM | Silverstone Sugo SG-11 Case | Sony XR65A80K

 

Camera: Sony ɑ7II w/ Meike Grip | Sony SEL24240 | Samyang 35mm ƒ/2.8 | Sony SEL50F18F | Sony SEL2870 (kit lens) | PNY Elite Perfomance 512GB SDXC card

 

Network:

Spoiler 
                           ┌─────────────── Office/Rack ────────────────────────────────────────────────────────────────────────────┐
Google Fiber Webpass ────── UniFi Security Gateway ─── UniFi Switch 8-60W ─┬─ UniFi Switch Flex XG ═╦═ Veda (Proxmox Virtual Switch)
(500Mbps↑/500Mbps↓)                             UniFi CloudKey Gen2 (PoE) ─┴─ Veda (IPMI)           ╠═ Veda-NAS (HW Passthrough NIC)
╔═══════════════════════════════════════════════════════════════════════════════════════════════════╩═ Narrative (Asus USB 2.5G NIC)
║ ┌────── Closet ──────┐   ┌─────────────── Bedroom ──────────────────────────────────────────────────────┐
╚═ UniFi Switch Flex XG ═╤═ UniFi Switch Flex XG ═╦═ Byarlant
   (PoE)                 │                        ╠═ Narrative (Cable Matters USB-PD 2.5G Ethernet Dongle)
                         │                        ╚═ Jesta Cannon*
                         │ ┌─────────────── Media Center ──────────────────────────────────┐
Notes:                   └─ UniFi Switch 8 ─────────┬─ UniFi Access Point nanoHD (PoE)
═══ is Multi-Gigabit                                ├─ Sony Playstation 4 
─── is Gigabit                                      ├─ Pioneer VSX-S520
* = cable passed to Bedroom from Media Center       ├─ Sony XR65A80K (Google TV)
** = cable passed from Media Center to Bedroom      └─ Work Laptop** (Startech USB-PD Dock)

 

Retired/Other:

Spoiler

Laptop (Rozen-Zulu): Sony VAIO VPCF13WFX | Core i7-740QM | 8GB Patriot DDR3 | GT 425M | Samsung 850EVO 250GB SSD | Blu-ray Drive | Intel 7260 Wifi (lived a good life, retired with honor)

Testbed/Old Desktop (Kshatriya): Xeon X5470 @ 4.0GHz | ZALMAN CNPS9500 | Gigabyte EP45-UD3L | 8GB Nanya DDR2 400MHz | XFX HD6870 DD | OCZ Vertex 3 Max-IOPS 120GB | Corsair CX430M | HooToo USB 3.0 PCIe Card | Osprey 230 Video Capture | NZXT H230 Case

TrueNAS Server (La Vie en Rose): Xeon E3-1241v3 | Supermicro X10SLL-F | Corsair H60 | 32GB Micron DDR3L ECC 1600MHz | 1x Kingston 16GB SSD / Crucial MX500 500GB

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Hi @AbydosOne,

 

thanks for your feedback. The adapter does include power for the drive, so no worries there :).

 

I'll look into live images to see, which one would work best in this case.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

you don't have to do anything regarding if the drive has a virus

a windows xp era virus from 15 years ago needs the OS the actually be running to migrate. you aren't running the OS so just plug the drive in and copy the photos over.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
28 minutes ago, ronfouchier said:

The adapter does include power for the drive, so no worries there :).

The adapter you linked does not supply power to a desktop drive. 

Phobos: AMD Ryzen 7 2700, 16GB 3000MHz DDR4, ASRock B450 Steel Legend, 8GB Nvidia GeForce RTX 2070, 2GB Nvidia GeForce GT 1030, 1TB Samsung SSD 980, 450W Corsair CXM, Corsair Carbide 175R, Windows 10 Pro

 

Polaris: Intel Xeon E5-2697 v2, 32GB 1600MHz DDR3, ASRock X79 Extreme6, 12GB Nvidia GeForce RTX 3080, 6GB Nvidia GeForce GTX 1660 Ti, 1TB Crucial MX500, 750W Corsair RM750, Antec SX635, Windows 10 Pro

 

Pluto: Intel Core i7-2600, 32GB 1600MHz DDR3, ASUS P8Z68-V, 4GB XFX AMD Radeon RX 570, 8GB ASUS AMD Radeon RX 570, 1TB Samsung 860 EVO, 3TB Seagate BarraCuda, 750W EVGA BQ, Fractal Design Focus G, Windows 10 Pro for Workstations

 

York (NAS): Intel Core i5-2400, 16GB 1600MHz DDR3, HP Compaq OEM, 240GB Kingston V300 (boot), 3x2TB Seagate BarraCuda, 320W HP PSU, HP Compaq 6200 Pro, TrueNAS CORE (12.0)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, ronfouchier said:

@BondiBlueYou are correct. I found a different adapter in the meantime, but did not adjust the link.

I see. That adapter will work just fine. I use a similar adapter all the time, and it's very handy. Good luck getting your images!

Phobos: AMD Ryzen 7 2700, 16GB 3000MHz DDR4, ASRock B450 Steel Legend, 8GB Nvidia GeForce RTX 2070, 2GB Nvidia GeForce GT 1030, 1TB Samsung SSD 980, 450W Corsair CXM, Corsair Carbide 175R, Windows 10 Pro

 

Polaris: Intel Xeon E5-2697 v2, 32GB 1600MHz DDR3, ASRock X79 Extreme6, 12GB Nvidia GeForce RTX 3080, 6GB Nvidia GeForce GTX 1660 Ti, 1TB Crucial MX500, 750W Corsair RM750, Antec SX635, Windows 10 Pro

 

Pluto: Intel Core i7-2600, 32GB 1600MHz DDR3, ASUS P8Z68-V, 4GB XFX AMD Radeon RX 570, 8GB ASUS AMD Radeon RX 570, 1TB Samsung 860 EVO, 3TB Seagate BarraCuda, 750W EVGA BQ, Fractal Design Focus G, Windows 10 Pro for Workstations

 

York (NAS): Intel Core i5-2400, 16GB 1600MHz DDR3, HP Compaq OEM, 240GB Kingston V300 (boot), 3x2TB Seagate BarraCuda, 320W HP PSU, HP Compaq 6200 Pro, TrueNAS CORE (12.0)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Personally, I'd probably use a Live USB with another flash drive to transfer photos. But the adapter approach also works. Hopefully all works out.

My Classifieds Thread

 

Link to comment
Share on other sites
Link to post
Share on other sites
  • 2 weeks later...
Posted

Live cd is good idea because it can't be infected by windows virus (usually). Windows XP era virus can still run on Windows 11, just like you can run old games from that era.

 

Windows 11 uses NT kernel, which Windows XP also uses. Of course the kernel has revisions, but they are pretty much backward compatible.

Maybe not from Windows 98. 98 is different kernel. The Win32 API is also pretty backward compatible.

 

Although, Windows nowadays has Windows defender included. Albeit weak, it should be good enough to cope with any virus from that era.

 

Yet, I won't take that risk to access the disk on my personal computer.

 

How do you access those images in future? They may contain virus. Until properly cleaned, you need an isolated system.

 

I suggest:

1. Make a full disk image using dd in Linux. Then disconnect the disk.

2. Start a virtual machine, install Windows. You can use any hypervisor you like, such as VirtualBox or Hyper-V. Windows doesn't need to be activated.

3. Install antivirus software. Any virus from that era should be well understood by now. So antivirus software should be able to detect them. Make sure you update the database of the antivirus software.

4. Reconfigure the virtual machine, remove the virtual network adapter. Add a virtual disk, mapped to the extracted image.

5. Scan for virus then retrieve the data.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Operating Systems

×