Backing up infected files

I'm pretty sure a horrific virus infected the hard drive on my wife's computer. We need to have some way to back up our information, and I'm wondering if a similar virus would infect an external hard drive.

- Stephen

This question was answered on December 24, 2009. Much of the information contained herein may have changed since posting.

---

Virus infections and backups are two of the more misunderstood processes in the world of computers and understandably fall into the ‘smoke and mirrors’ category for many.

I think I understand your question, which is “if I backup an infected computer, won’t the infection also be on the backup system?”

Most of today’s malicious code attacks the average computer in one of three main areas: The operating system, software programs or data files.

The Windows operating system is the most attacked because it is the most widely used, Internet Explorer, Mozilla’s Firefox and Adobe’s Reader programs are amongst the most widely attacked (at the moment) and Microsoft Office files tend to be the most targeted data types.

When you execute a typical backup, you only backup (or copy) the data files, so if your computer is infected with code that attacks a specific program, then the virus won’t transfer unless you are copying that program over as well.

Viruses that attack the operating system can include an element that will try to attach itself to any other data device, such as a hard drive or flash card In these cases, simply connecting and/or accessing any storage device can allow these strains to spread and infect those devices.

The good news is that these types of ‘boot sector’ viruses are much less prevalent in today’s computing.

Data infectors are also in the minority these days because most of the focus for the very sophisticated cyber-gangs is Internet based applications, such as browsers and operating systems that can spread their infection to other computers on the Internet.

The real focus should be on your data, which is actually what you care about; operating systems and programs can be reinstalled from the original disks but your data is unique to you.

The thing to keep in mind is that any backup, even an infected one, is better than no backup You can always disinfect the backed up files individually or an entire external hard drive, especially if you know what kind of infection that you may have.

Knowing how a specific virus infects and attempts to spread makes it much easier to know how best to go about disinfecting any data that you have backed up For instance, if you know that you have been infected by a file infector, you can simply scan and clean your external drive once you have disinfected your primary hard drive (usually the C: drive).

Up-to-date anti-virus and anti-spyware software are a critical part of this process so that you can automatically block any automated attempts to infect your computer from your backup If your anti-virus program has the ability to detect and clean a virus, then it will also have the ability to block any automatic attempts to infect you when you plug in your backup drive.

So, based on what little I know of your situation, here is a basic plan of attack:

Step #1 - Backup everything that you care about (data, pictures, music, video, favorites, address books, etc.) to an external hard drive or online backup service.

Step #2 – Disconnect the backup unit, then go through the disinfection process on your primary hard drive (the steps will vary based on what your system is infected with.)

Step #3 – Once you have verified that your primary drive is clean and that none of your critical data was corrupted as a result of the cleanup, you have two choices: run through the same cleanup procedure on the external drive or wipe it clean and do a new backup of your clean system (if you are using an online backup service, deleting the infected files from your backup and backing them up again is the most efficient.)

If program or operating system files become corrupted by the disinfection then reinstalling those items from your original disks will put you back in business, HOWEVER, if your data files become corrupted as a result of the disinfection, don’t perform the same cleanup on your backup drive (consult a professional!)

If all of this sounds too complicated, do yourself a favor and keep your security software up-to-date and keep a regular backup going with redundancy and validation If that sounds too complicated, consult a professional!

About the author

Posted by Ken Colburn of Data Doctors on December 24, 2009

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!