I deal with cleaning these things 2-3 times a week, pretty easy once you know what to do.
First of all, they usually set themselves so that the Virus runs whenever a program is executed(hence when anything is executed, even in Safe Mode, the virus will run instead).
So the first thing you want to do is fix that issue. So on a clean computer copy and paste the following into a text file:
Code:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
Then save the text file as fix
.reg. Put that file on a USB flash drive, and boot the infected computer into safe mode. Double click the fix.reg file and tell it to add the information to the registry. If you are on Vista or Win7 it might give you an error about some things not being added successfully, don't worry about it, it still works.
Next from a clean computer put
Malwarebytes,
Tdsskiller, and
Combofix on a USB flash drive.(You might want to do this at the same time you put the reg file on the flash drive just to make things a little more efficient.)
Then, while still in safe mode after installing the reg file(do not reboot!), install Malwarebytes. Update Malwarebytes, and do a full scan. When it finishes, tell it to remove what it found. And then reboot, let it boot into normal mode. 9 times out of 10 this will completely take care of the virus. One of the major things you want to check is internet function. Especially going to google and doing a few searches, and clicking on a few results, making sure it is taking you to the correct webpage from the results. These viruses love to install google redirect rootkits.
If web pages aren't loading and you know the computer has a good internet connection, try checking Internet Options and going to the Connections tab. At the bottom will be a LAN Settings button. Go in there and make sure the box to use a proxy is not checked. These virus love to set the computer to use a proxy of 127.0.0.1, which redirects everything through the virus on the machine, to screw with the internet and only let certain pages through.
If you are still having issues, run Tdsskiller. It will occasionally find rootkits that Malwarebytes misses, particularly ones that redirect from Google searches.
Finally, after all of that, if you are still having issues run Combofix. If it asks you to update, do it, and if it asks you to install the recovery console
don't.
Only run Combofix as a last resort! Combofix is extremely aggressive. Even the author has admitted it will likely completely brick 1 out of 100 machines, making Windows completely unbootable even in safe mode, and I've had it do this on more than one occasion. However, it is a great thing to try if you are one step away from reformatting anyway.
Now, for the OP's question directly. Yes, you can put another hard drive in and install Windows to that, and copy the important files over. Make sure you have a good AV installed before even hooking up the old drive though. You can do this, but personally, I prefer to clean the virus. Yes, it might take longer, but it is better to have the experience in doing it just in case there is a time where reformatting isn't an option.