Is it safe to extract file from potentially infected disk

I have a hard drive used for years, there are windows and many personal files on it. What I called "files" are images, musics, documents (pdf or docx), but not programs. All the "files" were not initially infected. As I said in the title, the hard drive may be infected by malware (I did not safely use it).

My question is : can I extract these personal files on a safe computer without risk of contamination ? In other words, may these files be infected and spread malware ?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?I want to run pcap malware to test snort in my cloud server.I want to know on doing so if it will affect my local machine.

Checking potentially infected photos for stegonography

A friend of mine has an old family PC with a bunch of important photos on it. Unfortunately, from what he told me, it seems like they have fallen victim to a tech support scam some five years ago, during which the scammer had remote access to their machine. They haven’t used this PC ever since that incident, because they were afraid that the scammer might have put some sort of malware onto their system. Since they aren’t super tech-savvy, my friend asked if I could help him safely recover their photos.

My idea would be to connect his HDD to my laptop using a SATA-to-USB adapter, boot into a Linux live environment, mount the HDD there, and copy the photos to either an external HDD or to my NAS. I see one problem with this, however. I’m by no means a security professional, but form what I’ve learned, it’s rather easy to embed a malicious payload into an image file (or at least a file that looks like an image; "steganography", "stegosploit"). So, it seems entirely possible that someone with remote access could have either copied an infected image to their hard drive, or run some sort of malware that infected their own photos. I think it’s unlikely that a tech support scammer would do this sort of thing, but the last thing I want to do is recover their photos and at the same time infect their current devices with malware.

Is there a reliable way for me to check their image files for such embedded malicious payloads (ideally from a Linux system)? My best guess would be to scan these files using an AV program such as ClamAV – do you think that would be good enough? Other than that, all I found were research papers looking into methods for detecting steganography, which leads me to believe that this is still a rather difficult problem to solve…

Edit: I have played around with OpenCV a while ago, which lets you read an image file into a Numpy array. So, theoretically, I could write a Python script that reads each of their photos into a Numpy array and exports it as a completely new image file, for a more of a "sanitizing" approach, rather than a "scanning" one. Do you think this is a good idea (especially of done by someone who’s not a security expert)?

Can a Logitech wireless headphone usb receiver be infected?

So I think they call them “dongles”? The usb wireless receiver that’s plugged into your computer? Can they get virus from a computer that has been infected? I imagine it’s no more vulnerable than say a usb mouse is?

But since these Logitech usb devices like your mouse or headphone receivers do contain some firmwares, I imagine they can be infected though uncommon?

How can your BIOS be infected or hacked and Can a BIOS virus be used to “steal data”?

I know that BIOS can get virus but it’s very rare, but it seems to me it’s pretty impossible or improbable for a virus to creep into your BIOS via normal computer use. Let’s say I’m using windows 10, even if I go as far as downloading a malware on my windows 10, it would seem that the worst damage it can do it to my windows 10 itself, not the BIOS, is that accurate? (Or at least, it’s incredibly difficult). If I don’t deliberately take a usb drive, and go into BIOS to m-flash it, how can I possibly infect a BIOS? So similarly, since your network would only work in the OS level, how can anyone possibly modify your BIOS by hacking your operating system?

And in the other direction, Supposed by some means my BIOS was infected with some virus, how can anyone possibly steal information on an operating system using the BIOS when the BIOS itself cannot be connected to the internet?

It seems to me the damage a BIOS can do is very local.

How to quickly find out what the threat nature of a password protected archive without getting infected?

I have recently received an e-mail from an existing support group e-mail box with the following characteristics:

  • written in the language used in company’s HQ (different from English which is the primary communication language)
  • had a zip attachment
  • provides a clear password for the attachment
  • is a reply of a legitimate e-mail I have received from a colleague a few months ago

This seems to be similar to what is described here, so there is very high chance to have received an infected file. After a couple of hours, our security department sent an e-mail related to similar cases happening inside the company.

I am wondering about how to find out the exact nature of the threat in a secure way. I have tried the following (only the first step inside the company, the rest within a VM):

  • checked on VirusTotal, but received 0% detection which makes sense since the engines cannot scan the encrypted archive
  • Checked with the Nanoav which boast about scanning password protected archives, but it does not allow to input the password
  • opened the archive with 7zip and saw a document inside
  • extracted the file using 7zip and uploaded the document to VirusTotal => 13+ engines detected something weird.

Do previewing and extracting the archive impose any security risk or is it only the document inside that can be infected? (in this case it seems to employ a macro).

Question: How to quickly find out what exactly the threat nature of a password protected archive without getting infected?

Router infected; Factory reset not working

Recently, I was being redirected (occasionally, not every time) by “ilkmawgod.site” (no information on google) to malicious webpages. I scanned my every thing using quick heal, but it didn’t find anything. I noticed this was happening with all the devices at home connected to the home router. Further, when I used mobile data there was no redirect. I figured out that my router must be infected. I factory-reset my router, but now I am being redirected by “netpatas.com” (a redirecting virus according to google) to malicious ads (on all devices connected to the home router, occasionally). What should I do? Is there something that I missed while factory-resetting my router? Can I clean this thing off my router or I have to buy a new one?

Can an windows infected USB drive infect a MacBook?

I recently had a virus on my windows 10, at some point I plugged in a usb drive to it (didn’t transfer any files). But assuming it was infected, can it infect, or simply transfer anything from it to my MacBook?

I didn’t transfer anything from the usb to my MacBook, I have only transferred files from the MacBook to the usb, and I secure erase the usb with my macbook.

Thank You for your help.

Why attacker do not care about masking the IP of the infected device of botnet?

I get a sentence:

If an attack is created using a botnet the likelihood of tracking the attack back to its source is low. For an added level of obfuscation, an attacker may have each distributed device also spoof the IP addresses from which it sends packets. If the attacker is using a botnet such as the Mirai botnet, they generally won’t care about masking the IP of the infected device.

Why attacker do not care about masking the IP of the infected device of botnet?