PDA

View Full Version : Re: How to truly check for malware a WinXP System Disk connectedthrough USB to another computer



shpcannon
11-07-08, 02:16 PM
Juan I. Cahis wrote:
> Dear Gerard & friends:
>
> bok118@zonnet.nl (Gerard Bok) wrote:
>
>> On Tue, 04 Nov 2008 11:38:14 -0300, Juan I. Cahis
>> <jiclbchSINBASURA@attglobal.net> wrote:
>>
>>> How to truly check for malware a WinXP System Disk connected through
>>> USB to another computer?
>>>
>>> I want to check for malware (keylogger or spyware) a hard disk that it
>>> is the system disk of a computer with WinXP, but that I unmounted it,
>>> and I connected to another clean computer through an USB port in order
>>> to test it.
>>>
>>> My question is if the Anti-Spyware-Virus-Malware product installed in
>>> the System Drive of the *clean* computer will be clever enough to
>>> detect that the hard disk I want to check *is* also a System Disk (a
>>> passive one in that moment, indeed), and that it will check all the
>>> critical issues (Registry, Boot Sector, for example) that you should
>>> *not* expect to exist in an external USB connected hard disk.
>> Although I am not in the business of writing malware (well, not
>> intentionally, anyway :-) I could very well figure out ways to
>> hide malware in such a way that it would defy detection when the
>> disk is mounted as an external disk in an USB enclosure.
>
> Yes, and that is a problem. And also, if you boot from the infected
> disk in order to do the check, most probably, the running malware will
> also disable the needed detection capabilities of the
> Anti-Spyware-Virus-Malware checking utility.
>
> So, which is the best solution?
>
>
> Thanks
> Juan I. Cahis
> Santiago de Chile (South America)
> Note: Please forgive me for my bad English, I am trying to improve it!

I would think that using the usb enclosure would be the best. Although
there is never going to be a sure way.