A reader has a problem:
Hi Cyn, thank you for such great information. I have a problem. My wife was running an older PC with Windows 8. Recently, it was unable to run Windows. I was able to use DOS commands to run backup and reinstall windows. Since that happened, her bank accounts were locked, and passwords changed. She contacted fraud division of bank. They unlocked her account, and she changed the password and was back in. The next day she got a message that her new password was changed again and she was locked out. This time, we went to the bank and closed the accounts, and opened new ones with 2-factor security. Several thousand dollars were taken using Zelle. The money was replaced, and two days later, another bank contacted us that someone had opened an account in my wife’s name.
We think it’s under control. My issue is that I believe a key logger was installed on her PC. We’ve disconnected it and shut it down. I would like to retrieve some files off her hard drive. Do you think I risk infecting my laptop if I get files from her drive?
First, this serves as a cautionary tale for running unsupported versions of Windows. Support for Windows 8.1 ended back in January of 2023. That means the operating system was no longer protected from security threats. However, it’s too late to shut that barn door and it sounds like you’ve been through quite an ordeal, and it’s understandable to be cautious about retrieving files from your wife’s hard drive. The situation you described, with bank accounts being compromised, password changes happening without authorization, and money being stolen, definitely points to the possibility of malware or a keylogger being installed on her computer. Keyloggers record keystrokes, which could explain how someone was able to access sensitive information.
Here’s what you need to know:
1. Could the Hard Drive Be Infected?
Yes, if a keylogger or any other type of malware was installed on your wife’s computer, the files on the hard drive could be infected. Even if the malware is not in the files you want to retrieve, it might be lurking elsewhere on the drive, waiting to infect another device that connects to it.
2. Could Your Laptop Be Infected?
There is a risk that malware could transfer to your laptop if you connect the infected hard drive directly, especially if you’re not careful. Malware can spread in different ways, and simply opening a file or plugging in the hard drive could potentially cause problems.
3. What Can You Do to Minimize the Risk?
Here are a few steps you can take to safely retrieve files:
- Use a USB Adapter to Connect the Hard Drive: Instead of connecting it directly to your laptop, use an external USB adapter or docking station. This way, you can treat it like an external drive and avoid automatically running anything on the drive.
- Boot Your Laptop from a Linux Live USB or DVD: A safer option is to create a Linux Live USB or DVD. When you boot from Linux, you run a completely different operating system that won’t be affected by any Windows malware. From Linux, you can copy files without the risk of activating the malware.
- Scan the Hard Drive for Malware: If you do connect the hard drive to your laptop, make sure to run a full scan with up-to-date antivirus software before copying any files. Even better, use a malware removal tool that specializes in detecting keyloggers and advanced threats.
- Only Copy Files You Trust: Avoid copying executable files (like programs or .exe files), as these are more likely to carry malware. Stick to important documents, photos, and other non-executable files.
4. Wipe and Reinstall After Retrieving Files:
After you’ve backed up the important files, you should consider wiping the entire hard drive and reinstalling the operating system. This is the best way to ensure that the malware is completely gone.
Yes, there is a chance of infecting your laptop if the hard drive has malware. To reduce the risk, use a USB adapter, boot from a Linux Live USB, and scan the drive before copying files. Stick to non-executable files and consider wiping the hard drive after retrieving what you need. Taking these steps will help protect your devices while salvaging important files.