Networking to a machine know to be infected with a virus

  • Thread starter Thread starter Philip Herlihy
  • Start date Start date
P

Philip Herlihy

Here's a puzzle: A friend has an old W98 machine which he is sure has a
virus infection. (Hardly surprising, he's never put an antivirus on it,
despite my pleading.) He's a good friend, so I (still) want to help him get
his data back, if possible.

Trouble is, the floppy doesn't work, nor does the CD drive. Network or
modem is the only way in or out.

I've considered asking him to do an online scan via Symantec or McAfee
websites, then download the specific removal tools. Alternatively I could
put an Antivirus, definitions-file and firewall on an FTP site and download
them from there onto the machine. However I don't think it's that
socially-responsible to allow his machine to spray more viruses at the world
while he's online. So, I've been considering connecting by cable to (gulp!)
my fully-patched XP Pro machine with the latest AV and definitions, and
scanning it as a mounted drive. I use a workgroup rather than a domain.

Is this madness? If not, what precautions should I take? I've thought of
running the W98 box as a user with low access rights on my XP box, and
setting the firewall to distrust that machine. Any comments?
 
In Philip Herlihy wrote:
| Here's a puzzle: A friend has an old W98 machine which he is sure
| has a virus infection. (Hardly surprising, he's never put an
| antivirus on it, despite my pleading.) He's a good friend, so I
| (still) want to help him get his data back, if possible.
|
| Trouble is, the floppy doesn't work, nor does the CD drive. Network
| or modem is the only way in or out.
|
| I've considered asking him to do an online scan via Symantec or McAfee
| websites, then download the specific removal tools. Alternatively I
| could put an Antivirus, definitions-file and firewall on an FTP site
| and download them from there onto the machine. However I don't think
| it's that socially-responsible to allow his machine to spray more
| viruses at the world while he's online. So, I've been considering
| connecting by cable to (gulp!) my fully-patched XP Pro machine with
| the latest AV and definitions, and scanning it as a mounted drive. I
| use a workgroup rather than a domain.
|
| Is this madness? If not, what precautions should I take? I've
| thought of running the W98 box as a user with low access rights on my
| XP box, and setting the firewall to distrust that machine. Any
| comments?

If all you want to do is scan his system and clean it up why not just
remove the hard drive and fit it in your machine?

There is no risk to your machine, unless for some reason it boots off
his drive (very unlikely, especially if you plug his drive into your
secondary disk controller).

That way you can scan it easily, and then copy across any anti-virus
software you want to give him (license limitations being observed of
course).

Put the disk back in his system and let him scan it again once he as
installed the a/v - just to be sure, and to make sure any registry
checks, boot sector checks etc, are made.

Mark
--
 
rob said:
You could burn a CD with Zonalarm on it, install zonalarm
[or another good firewall],
Click to expand...

No working CD drive! I have thoguht of FTP'ing down a firewall and then
antivirus package, but the machine is still propogating viruses while it's
online, and I'd prefer not to do that if I can avoid it. Thanks anyway :-)

Mark said:
If all you want to do is scan his system and clean it up why not just
remove the hard drive and fit it in your machine?
Click to expand...

Great idea. I didn't think of it, but that's because my XP box is a laptop!
(I should have said, sorry.). It's certainly food for thought - a secondary
disk hasn't booted so can't be running anything (unlike a networked
machine). Hmmm...

I'd still like to understand how the networking might be done safely, but
I'll see if I can borrow a suitable desktop, meanwhile. Thanks! (It's
great when someone spots that you've missed something obvious!)
 
Philip said:
Here's a puzzle: A friend has an old W98 machine which he is sure has a
virus infection. (Hardly surprising, he's never put an antivirus on it,
despite my pleading.) He's a good friend, so I (still) want to help him get
his data back, if possible.

Trouble is, the floppy doesn't work, nor does the CD drive. Network or
modem is the only way in or out.

I've considered asking him to do an online scan via Symantec or McAfee
websites, then download the specific removal tools. Alternatively I could
put an Antivirus, definitions-file and firewall on an FTP site and download
them from there onto the machine. However I don't think it's that
socially-responsible to allow his machine to spray more viruses at the world
while he's online. So, I've been considering connecting by cable to (gulp!)
my fully-patched XP Pro machine with the latest AV and definitions, and
scanning it as a mounted drive. I use a workgroup rather than a domain.

Is this madness? If not, what precautions should I take? I've thought of
running the W98 box as a user with low access rights on my XP box, and
setting the firewall to distrust that machine. Any comments?
Click to expand...

That should work. I know that eTrust and NAV are willing to scan mapped
net.drives, and IIRC McAfee did as well. You XP PC will not touch any
files on that net.drive until you tell it to, so virii cannot invade
your PC.
 
Your machine is connected to the Internet, right? How many tens of
thousands of machines just like your friend's machine are on the
Internet? It isn't any more dangerous to connect to your friend's
machine on a local network than have thousands like him bombarding you
on your Internet connection.

That said, if you access his machine via Microsoft Networking, bugs such
as Klez have an attack path that wouldn't normally be present on the
Internet. You might be vulnerable to infection via shared drives. Check
your anti-virus. I wouldn't do it for this reason and the one below.

If it was me, I'd have him (or I would) download and install Zone Alarm
or Kerio personal firewall and then get WinVNC. Zone Alarm will stop his
viruses from access (and tell him and you what is what) and VNC will
allow you to remotely connect and scan/fix his system. I don't see that
mounting his disk is sufficient to clean out his system. How are you
going to remove startup items from his registry? Best to use the console
to get rid of bugs.
 
Back
Top