Daxlinked Posted July 25, 2012 Share Posted July 25, 2012 I restored my computer and in the process broke-up the RAID 1 array when I got malware attacked. Now, I intend to recover one of the drives that use to be part of the array; recuva says 126,073 files exist on the volume I picked as it was never written to (the other array drive has been written to). That is a bit high but the virus probably replicated itself many times. So, here is the key question: If Recuva recovers the files, will the virus execute itself in the process? I have Norton Security Suite and Malwarebytes – both fully updated; accordingly, can I run them, before the recovery, inside the 126,073 files Recuva found - and if so how? Thank you! Link to comment Share on other sites More sharing options...
Moderators Augeas Posted July 25, 2012 Moderators Share Posted July 25, 2012 Are you recovering deleted or non-deleted files? At a wild guess, Recuva will copy the deleted files to your desired recovery area with no problems, it will not execute any of the files. I would hope that your anti-virus would complain bitterly when any infected files are written, or attempted to be written, by Recuva. If not then write to wherever and then scan that folder. Well, I'd do that anyway. Link to comment Share on other sites More sharing options...
Daxlinked Posted July 25, 2012 Author Share Posted July 25, 2012 Augeas - Technically, I'm not sure what happens when you break a RAID array - either the FAT is disassociated from the files or not - files are either formatted or deleted. In any case - as I noted, I see my 126,073 files with Recuva.... But the key question remains: will restoring my files with Recuva cause .exe and other executable files to launch? And, can I pre-scan the files for viruses inside of Recuva before recovery? And, thank you - of course, I am going to do all the security basics once the files are readable and writable. Thanx! Link to comment Share on other sites More sharing options...
Guest Keatah Posted July 26, 2012 Share Posted July 26, 2012 Well, Recuva isn't going to launch any of the recovered files. Link to comment Share on other sites More sharing options...
Alan_B Posted July 26, 2012 Share Posted July 26, 2012 Technically, I'm not sure what happens when you break a RAID array - either the FAT is disassociated from the files or not I have no experience of RAID, but I always assumed it used NTFS and not FAT or FAT32 Link to comment Share on other sites More sharing options...
TheWebAtom Posted July 26, 2012 Share Posted July 26, 2012 I have no experience of RAID, but I always assumed it used NTFS and not FAT or FAT32 It can be either. To answer the question; no: Recuva won't attempt to execute any files it recovers. I'm Shane. Link to comment Share on other sites More sharing options...
Daxlinked Posted July 26, 2012 Author Share Posted July 26, 2012 Shane - Thanx! I assume, since you didn’t speak about it, that I cannot somehow run Norton Anti-Virus or Malwarebytes scans inside the files Recuva found, and that Piriform does not have an anti-virus product that works hand-in-hand with Recuva. That is too bad. Thanx everyone for the help – we can close this thread. Dax Link to comment Share on other sites More sharing options...
Guest Keatah Posted July 26, 2012 Share Posted July 26, 2012 Before we close it. The way Recuva (and many other data recovery programs) works is to "undelete" and recover your files to a user-specified directory. Ok. Then after that is done, you use your mal-ware scanner anti-virus utility to look at those freshly recovered files. This is a common practice. IMO, to integrate a virus scanner and a recovery program such as Recuva would give marginal improvements/benefits at best, but at significant increase in user interface complexity. It is best to keep the two functions (recovery and virus scanning) separate. Always been this way. Furthermore, the folks the built Recuva are experts in retrieving files. Let them continue to work on that. The folks that built Microsoft Security Essentials are experts in scanning for viruses and mal-ware. Let them work on that exclusively too. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted July 26, 2012 Moderators Share Posted July 26, 2012 those files don't exist thus nothing can virus-scan them. The things you see in recuva are ghosts, the virus scanning will have to occur after recovery. was this striped raid or mirrored? ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now