VMware Communities
MoYoDoMoYoGet
Contributor
Contributor
‎12-31-2011 05:29 PM

Request: Tips to keep viruses from leaking out of VM environment into host

Hello,

I am new to the concept of Virtual Machines, so please bare with me.
I have an old XP based computer, and it had some viruses/malware that I was not able to remove.

I recently purchased a Lenovo computer with Windows 7.

I wanted to transfer my files and whatnot from my old xp computer to my new one, but the process is daunting due to all the years of accumulation.

Also because the computer has some viruses/malware on it, I am worried about infecting my new computer.

This is where virtual machines enter..

I just learned that a virtual machine can be used with VMWare converter, and basically I can put my old OS into my new one (virtually of course). This is obviously appealing for many reasons.


The articles I read (Feel free to recommend another article if you think it is better):

http://blogs.vmware.com/workstation/2010/06/bring-your-windows-xp-pc-over-to-your-windows-7-pc-for-f...

http://quinxy.com/2011/02/17/the-new-virtual-machine-way-to-migrate-your-pc-part-i/

My concern is that any infection (Dirt) in my old computer could transfer to my new one somehow by leaking.

I started to research and found a few links where it was mentioned that viruses can slip through the virtual environment.

What can I do to keep myself safe in this situation? I don't know how to disable networking and am not experienced enough to know what measures to take. I don't plan to transfer any files from the virtual environment to my new computer at all, so maximum security would be fine.

Here are some links I found talking about this with some quotes from each link (I don't know how to do the recommendations):

http://hardforum.com/archive/index.php/t-1299798.html

"Disable all folder sharing, network, etc...

Make sure you have the latest Virtual PC client. There have been  vulnerabilties in old versions of VMWare and Virtual PC that allowed  malware to jailbreak out of VM."


"If you have Shared Folders enabled in the VM which allows the Guest OS  inside the VM to "reach out and touch someone," namely the Host OS in  some way, shape, or form, then yes, the Host OS becomes vulnerable to  infection.

The only true "sandbox" in a VM would be absolutely no network access  whatsoever, no external write-access to any devices outside the VM (USB,  external drives, etc - optical media doesn't count since it's primarily  read-only by and large), thereby keeping it completely locked down and  unable to get out of that VM. "

http://forum.kaspersky.com/lofiversion/index.php/t38843.html

"of course you have to make sure you setup the machine so that it does  not have access to the real machine. for example if you copy the file  from the virtual machine to the real one manually (or by some script)  then you could get infected. or if you share the folders on the real  machine to the virtual machine and don't have them as read only, then  malware could also escape."

network worms can get through hidden shares on other pcs or use  security breaches in a computer to infect it. i havn't tried it yet, but  the virtual network between machine and pc looks just like a regular  one so it can be possible. (in the same as another pc in your network  infecting you)

VMWare Escape Publicized at SANSfire 2007

http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255

Any help on this would be much appreciated. I still have a lot of reading to do on how to properly transfer XP to Windows 7, so my apologies if these are commonly asked questions.

0 Kudos
7 Replies
vihag
Contributor
Contributor
‎12-31-2011 05:47 PM

Make sure your Windows machines have all of the latest updates. There are some worms that can spread simply by having SMB access to other computers. Use strong passwords also. The ones I have seen try to brute force their way into other computers so use strong passwords.

0 Kudos
elgreco81
Expert
Expert
‎01-01-2012 04:50 PM

Hi,

Once you "convert" your old pc into a virtual machine (V2V process) all that you'll have to do in case you completly want to isolate that virtual machine, will be to remove any virtual network adapter before you turn it on (you could also just disable it, if you prefer).

I would recommend aswell to disable any USB port on the virtual machine (do not let it map to any of your hardware usb ports).

After doing this, you will be able to work with your old pc in a secure way...althought you won't be able to copy from it any file into your new pc (as it is isolated).

There are a lot of tools that will help you remove any virus...online scans that will help you. But again, you could work with this converted machine into a virtual enviroment and be safe.

Regards,

Seb

Please remember to mark as answered this question if you think it is and to reward the persons who helped you giving them the available points accordingly. IT blog in Spanish - http://chubascos.wordpress.com
MoYoDoMoYoGet
Contributor
Contributor
‎01-01-2012 06:51 PM

Thank you for the reply, I appreciate it.

I do have one simple rookie question though

When disabling network adapters and the USB ports from Device manager, do I do this before I start the conversion process on my old computer? That way after the conversion takes place, the disabled settings will be included and remain?

I only ask because I would be uncomfortable opening it up on the new computer then going to device manager and "sealing it up".

Thanks once again, and I know this is a very basic question

0 Kudos
elgreco81
Expert
Expert
‎01-02-2012 03:52 AM

Hi,

Sorry, i didn't express my self clear. After you convert your old pc, edit it's configurarion from the Virtual machine menu. This should be done before you turn on your virtual machine.

It's not disabeling the devices from windows in which case you do will have to turn the vm on, it's "disconnecting" the actual virtual devices fram the virtual machine.

Hope this helped you Smiley Happy

Regards,

Seb

Please remember to mark as answered this question if you think it is and to reward the persons who helped you giving them the available points accordingly. IT blog in Spanish - http://chubascos.wordpress.com
WoodyZ
Immortal
Immortal
‎01-02-2012 06:41 AM

IMO You are going about this in the wrong direction! Smiley Wink

In other words since you're totally new to virtualization starting with a loaded gun (creating a virtual machine of a known infected system) is a dangerous place to start.  Since you have a new pristine computer I'd install the virtualization product of choice, create a new normal virtual machine using either Windows or Linux and then learn how to properly use the product.  Once you have a handle on how the product works and what you can do with it then do a P2V (Physical to Virtual) of the infected system only if you have no the choice.

That said...

Unless you have an absolute need to have a virtual machine of the infected system I'd clean the system before doing the P2V and if it can't be cleaned then do not virtualize it as you're just playing with a loaded gun again. Smiley Wink  What would be more prudent and safer it to simply boot the infected system with a Live OS CD/DVD/USB Drive and make a Data Only Backup to external media.  With it being a Data Only Backup and no Executables you would then scan the Data Store on the New System before migrating the User Data to the new system thus leaving the new system clean and virus free.

Now if you really need to have a virtual machine of Windows XP then if you have the right version of Windows 7 you can have one for free from Microsoft, it's called Windows XP Mode.  Then you're starting with a known good clean scenario, not transferring infected executables to a known good clean working system and you can leave the garbage behind! Smiley Happy

BTW  Creating a new known good virtual machine, whether XP Mode or other, it will be a better scenario in the long run as P2V'ed virtual machines almost always have more issues to deal with and never seem to preform as nice as a clean built one, both in the begining and in the long run tend to be far less problematic too.

Message was edited by: WoodyZ - Originally posted, Jan 2, 2012 9:41 AM.

0 Kudos
MoYoDoMoYoGet
Contributor
Contributor
‎01-02-2012 02:06 PM

Thank you for clarifying, I appreciate it. Smiley Happy

0 Kudos
MoYoDoMoYoGet
Contributor
Contributor
‎01-02-2012 02:13 PM

WoodyZ, thank you for taking the time to type up such a detailed post!

I'm glad to see such helpful members on this board (I was expecting to get zero responses).


I think your recommendation is wise (That I should get accustomed to VM before jumping into such an advanced action). So I will wait a little bit.

As far as cleaning the old OS, I tried my best, and had help from someone at bleepingcomputers. He had me try many tools, but Malware bytes kept finding outgoing problems.

The only thing we didn't try was booting something like Puppy Linux from a CD or USB to see if we can find some roots.

Your recommendation seems simple, but for a novice like me I am still a little confused.

I will say it in my own words so you can correct where I'm off:

Back up my OS to an external harddrive, but I will make it "Data Only".

This means executables like viruses will not be able to run.

Then I was confused on the "scan part and transfer". Do you mean that I would leave the OS in the external harddrive permanently and check in there whenever I need to look at files?

Or do you mean by making it data only and executables restricted from running, that I could transfer it to my new computer and malicious code will still not be able to run?

Once again, rookie questions I know

0 Kudos