Here is the reason for the subject question.
My primary machine was infected with the W32.Virut.CF virus. Norton detected the virus and began to quarantine some 60 files split between the registry and system folders. Two of the quarantined files I remember distinctly were winlogon.exe and userinit.exe. Even though these files were quarantined, the machine continued to work.
I went to the Symantec website for information on how to handle this virus. There was a link to download a tool to remove the virus. According to the instructions, the tool could only be run in SAFE mode. Of course, to get to safe mode you have to reboot the machine. I downloaded the removal tool and rebooted the machine. The machine would not boot past the Windows welcome/login screen. The machine does not have any login password so I did not understand why I was being presented with the login.
I was able to dig an old Win98 machine out of the closet and get on the internet for research on if and how the hard drive could be recovered. As such, I have the infected hard drive in what is a called a "hard drive enclosure" which is supposed to allow the internal drive to be used as an external drive via a USB connection. I was told that if another machine could recognize the drive and if I could see the files (data) on the drive, that I may be able to rescue the drive from the virus.
I was able to successfully connect the infected drive via the USB enclosure to another machine.
I was able to successfully see the files (data) on the infected drive.
However, after about 60 seconds, the Norton on the new machine presented a pop up box stating that it had found the W32.Virut.CF and was in the process of resolving it. Needless to say, I freaked OUT which brings me back to the subject question.
- When Norton on the new machine detected the virus, was it detecting the virus on the already infected hard drive?
- Or did the virus migrate (move) from the already infected hard drive to hard drive of the new machine when I connected it and verified that I could see the data? I did NOT open any files or folders on the infected drive. I just verified that I could see the data.
Checking quarantine, it shows 2 infected files both of which show the drive letter of the already infected machine. Does this mean that Norton only detected the virus on the already infected drive and that the virus did NOT mirgrate (move) to the new machine?
I am in the process of running a full system scan on the new machine to be sure that it is not infected.
But I also need to try and rescue the infected hard drive.
Back to my question, if Norton only detected the virus on the already infected hard drive,
- can I run a virus scan on the already infected drive using Norton on the new machine
- and if YES, do you think that will fix the virus problem on the already infected drive?
I hope that this is not too long.
I appreciate any comments or suggestions. If more information or details is needed from me, please let me know.
Thank you for your time.