Removing RootKits

Removing RootKits
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Removing RootKits cyranodesade 08-05-2007
Posted by cyranodesade on August 5, 2007, 5:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
All,
I hope this is a simple question does Formatting a Hard Drive and then
FDisk /MBR remove any rootkits or hidden files on a hard drive??
If the answer is no then could you please point me to a good resource
for formatting the boot sector/MBR? Thanks in advance. - CES


Posted by Jerry on August 5, 2007, 5:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Reformatting the drive removes everything. FDISK /MBR is redundant if you
just formatted.

The only other option is a manufacturer's low-level format and that program
is probably not available for a user.

> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden files on a hard drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES
>



Posted by =?Utf-8?B?cm9tYW5vbQ==?= on August 6, 2007, 5:12 am
If you were  Registered and logged in, you could reply and use other advanced thread options
If your formatting just to remove the rootkit you may try this freeware first:

http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0

It worked for me in finding and removing a Sony Music rootkit that Sony was
kind enough to install with Connect software, I guess to ensure I wasn't
passing on music to the Communist or something.

"Jerry" wrote:

> Reformatting the drive removes everything. FDISK /MBR is redundant if you
> just formatted.
>
> The only other option is a manufacturer's low-level format and that program
> is probably not available for a user.
>
> > All,
> > I hope this is a simple question does Formatting a Hard Drive and then
> > FDisk /MBR remove any rootkits or hidden files on a hard drive??
> > If the answer is no then could you please point me to a good resource
> > for formatting the boot sector/MBR? Thanks in advance. - CES
> >
>
>
>

Posted by Noddy on August 7, 2007, 8:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Reformatting the drive removes everything. FDISK /MBR is redundant if you
> just formatted.

Format does not clear the mbr. If it did then Linux Grub or Lilo wouldn't be
left behind after a format, but it is and to get rid of it you run fdisk
/mbr. HDD manufacturers still provide what they call low level format
utilities but all they really are is a zero wipe utility which does
overwrite every sector on a HDD and is the best method to ensure you are
virus free. Or you can simply use Dban's quick wipe, same thing. Dban is
available as a separate download or on The Ultimate Boot Disk.


Posted by Tyler Larson on August 8, 2007, 11:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Noddy wrote:
>> Reformatting the drive removes everything. FDISK /MBR is redundant if
>> you just formatted.
>
> Format does not clear the mbr. If it did then Linux Grub or Lilo
> wouldn't be left behind after a format, but it is and to get rid of it
> you run fdisk /mbr. HDD manufacturers still provide what they call low
> level format utilities but all they really are is a zero wipe utility
> which does overwrite every sector on a HDD and is the best method to
> ensure you are virus free. Or you can simply use Dban's quick wipe, same
> thing. Dban is available as a separate download or on The Ultimate Boot
> Disk.

The MBR is stored on sector 0, whereas partitions start at sector 1
(specifically to avoid overwriting the boot sector (MBR)). Therefore,
nothing you can do to the partition will affect the boot sector.
However, in the process of reinstalling windows, you'll automatically
write a new boot sector, since that's what SETUP does.

Similar ThreadsPosted
Removing share?? November 17, 2005, 8:51 am
help removing Haxdoor.CX January 1, 2006, 9:55 am
Removing W32.Rontokbro.B@mm February 26, 2006, 6:23 am
removing SID from an object March 30, 2006, 6:57 am
Re: need help removing a trojan March 6, 2007, 8:31 pm
Removing a program November 25, 2008, 2:39 am
removing beta spyware December 3, 2005, 5:43 am
Tips on removing spyware December 5, 2005, 2:08 am
Removing Patchou's "Messerger Plus!" Add-on February 9, 2006, 10:51 pm
Removing Microsoft Antispyware November 16, 2006, 5:25 pm

The site map in XML format XML site map

Contact Us | Privacy Policy