2

Let's say I know that there is a computer than is heavily infested with viruses (but I do not know which kind of viruses) and needs to be nuked from orbit. And on that computer is a very important picture, png format, that I absolutely must have and can not lose. Which one will give me least chance of catching a virus?

  1. Plug in USB and copy the picture. What would this option do? How can it infect another computer?

  2. Go to Starbucks, connect to wifi and put the picture on cloud storage, let's say Google drive or Dropbox under a throwaway account and go on another computer to retrieve it. Surely Dropbox or Google would scan the image and remove malicious code no? How would this option infect the computer?

  3. Look at the hex of the image, take a picture of hex piece by piece and then use OCR to reconstruct the hex on the other computer. Image hex can not be infected right?

Is there any way to safely retrieve a picture from infected computer?

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
Quillion
  • 1,134
  • 5
  • 16
  • 25
  • 1
    @ThoriumBR answer is a viable solution, a friend can help you create a something like Ubuntu bootable. However, if you encrypt your disk, then it will become harder : you need know how to load extra drivers to unlock the encrypted disk. Another way is to "get" the ahem.. Hiren bootcd, which interface is familiar to windows user. By the way, reading the hex code of image file is pretty funny : nobody know how soon the infected PC will render useless by the virus. – mootmoot Aug 31 '18 at 18:28
  • @mootmoot Remember that it's the _old_ version of Hiren's CD that you want, not the newer post-DMCA version. – forest Aug 31 '18 at 22:18

5 Answers5

6

I would recommend downloading a live Linux distribution (Ubuntu is great for this), create a bootable USB device on a clean computer, and booting your infected computer with this USB drive.

With Linux running, you can copy all pictures to another USB drive, without any Windows malware interfering.

Virus attaching themselves to PNG files are very unusual. Infected PNG files are usually made by hand, not something that gets executed and goes infecting other PNG files.

You don't have to, but if you want to really be sure, open the file manager on Linux, right click on each image, Open With GIMP (or any other image editor on the distribution you are using), save the file in another format, like JPG. But I really don't think you will need to do this.

Now, your methods:

Plug in USB and copy the picture.

Some malware can copy themselves to any plugged USB drive, and create a copy of itself with the picture of a folder. Opening this "folder" infects the next computer. Other ones rely on bugs to infect the computer when a link is seen (not opened) on Windows Explorer. Improbable, but possible.

Go to Starbucks, connect to wifi and put the picture on cloud storage

You don't need to go to Starbucks, you can use your own network connection. And I don't think Google/Dropbox/Microsoft would scan a PNG file for you.

Look at the hex of the image...

What? That would mean typing an encyclopedia by hand... Better pay someone to paint the picture to you on canvas, by hand. It would be faster...

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • What about the methods listed above? Would any of those cause problems? I will probably go with Linux route that you mentioned, but now I am curious about what the consequences of other methods would be – Quillion Aug 31 '18 at 17:44
2

The PNG file is unlikely to be maliciously modified in a way that would infect a patched computer. If the computers on your home network are up to date on their patches (and don't have open file shares, etc), it's unlikely that the infected computer will infect the others just from being connected to the network.

Go to Starbucks, connect to wifi and put the picture on cloud storage, let's say google drive or dropbox under a throwaway account and go on another computer to retrieve it.

The biggest risk is to all passwords stored on the infected computer and to any passwords you type on it now. Make sure the throwaway account is truly a throwaway account (it's not marked as the backup email address to your main address) and that it has a unique password (it doesn't have the same password as your main address). Though really it's probably overkill to set up new accounts just for this: you could use any free file upload site (MEGA, etc).

Plug in USB and copy the picture. What would this option do? How can it infect another computer?

A lot of malware is spread by auto-run executables being copied onto USB drives. Most operating systems prompt you before running any executables set up to auto-run executables, but it's easy to mess up (you might click the wrong thing in the prompt, or you might have changed your auto-run defaults in the past) so be careful. There's also the BadUSB attack, where malware can reprogram a flashdrive to present itself as a keyboard that auto-types malicious commands. It's hard to detect or protect against this situation, so I'd recommend against connecting a flash drive to the infected computer.

If you do want to connect a flash drive or external storage to your computer, then don't do it while the computer is booted into the infected OS. You could boot the computer from an OS on a flash drive (like an Ubuntu installer), and then copy files to an external device.

Look at the hex of the image, take a picture of hex piece by piece and then use image to text software to reconstruct the hex on the other computer. Image hex can not be infected right?

A hex editor is just another way of viewing the same file data. If the file were modified to be malicious, then this method will transcribe the same malicious data. You aren't protecting yourself at all by doing this.

Macil
  • 1,482
  • 9
  • 11
1

The best practices answer is "Always back up your data in an offline format." You should restore from that if possible.

I don't believe it would be very likely that the image itself would be an infection vector. The attacker would need to know what image viewing program would be used to load the image, and that image viewing program would need to have a security vulnerability.

Given that does not seem to be an option for you, I would recommend seeing if you can boot the system with some sort of live disc of another operating system, and seeing if you can copy the files from the drive that way.

Using a USB drive could potentially open you to getting viruses if infected items are copied to the drive, or if the virus is able to implement some sort of BadUSB attack. A BadUSB attack is not very likely.

Sending the picture to some sort of cloud service is a little safer, but you would need to assume the fact that the virus on the computer would be logging your keystrokes and stealing any passwords you used.

Copying the hex manually would not only be time consuming, but pointless. If the image had really and truly been compromised, the copied hex would contain the exact same issue.

Dan Landberg
  • 3,312
  • 12
  • 17
-1

Take a picture of the image on your screen with another device. 100% safe and works for any image format! This is one of the few ways that are 100% safe (unless your other device has a backdoor that makes it respond to commands encoded in camera input). Of course, this means that you are likely to lose image quality, though you can mitigate that a little by zooming in and taking multiple pictures that you later stitch together.

If you want a 100% safe lossless transfer, you can perhaps write your own image-processing program to translate the image into a new textual format of your own design, and take a picture of the text, and then use OCR on another computer to convert it back, and you need to also write a corresponding program to translate that textual format back to the original image format.

user21820
  • 623
  • 1
  • 6
  • 13
-1

It's very unlikely that the png image could be harmful. Remember that when visiting websites, our browsers automatically download and show us all the images that this website is sending us.

It should be safe to upload the image to an image hosting site and then retrieve it on the other device and should be overall safe.

I would not recommend attaching any sort of USB or other device to the infected computer.

Cillian Collins
  • 222
  • 1
  • 4