|
Posted by Richard Urban on August 20, 2008, 4:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
I believe that if you delete all the partitions from the drive, apply the
changes and then create a new partition - a new MBR is created. A boot
sector virus should not survive this action.
I seem to remember that I did just that about 8 years ago to remove a boot
sector virus from a friends computer.
But then, it was 8 years ago! (-:
--
Richard Urban
Microsoft MVP
Windows Desktop Experience
> If your OS has been severely compromised, you don't want to
> use the copy of format.com that is on that machine to do the
> format. In the old days, the "rootkit" was a collection of utilities
> and tools that were modified from their original to something
> perhaps nefarious. If someone had root access they could
> replace the formatting tool with one that only appears to format
> the drive. As long as the act of formatting and reinstalling touches
> the boot axis areas of the disk then any trace of malware should
> be overwritten or no longer linked to.
>
> There is some malware (I forget the name(s)) that affect the boot
> areas of the disk, and IIRC simple format won't affect that area.
> You probably are just left with an unbootable drive unless the
> area is repaired.
>
>>A simple format and reinstall is sufficient to have a fresh clean copy of
>>the OS without malware.
>>
>> Multi-pass wipes aren't necessary unless you want to ensure there's
>> nothing remaining when you sell or give away the drive.
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>>
>>> Thank you. For instance, a DOD wipe is done before a clean installation
>>> for
>>> better safety and security. I would imagine, the only true safety on a
>>> drive
>>> is to perform this and then totally annihilate the hard drive if it
>>> contains
>>> classified and/or sensitive information.
>>>
>>> "FromTheRafters" wrote:
>>>
>>>> Wipe is "cleaner" than format, and reload is dependent on
>>>> exactly what is reloaded.
>>>>
>>>> > Steve and Robear, I was wondering if that was as clean as a format
>>>> > and
>>>> > clean
>>>> > install or is my wording just different and means the same thing.
>>>> > <?>
>>>> >
>>>> > "PA Bear [MS MVP]" wrote:
>>>> >
>>>> >> 9 times out of 10, we end up ripping them out by the roots...or
>>>> >> doing a
>>>> >> "wipe & reload."
>>>> >> --
>>>> >> ~Robear Dyer (PA Bear)
>>>> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>> >> AumHa VSOP & Admin http://aumha.net
>>>> >> DTS-L http://dts-l.net/
>>>> >>
>>>> >> Spin wrote:
>>>> >> > I know Symantec offers RootKit detection tools, as does Panda
>>>> >> > Security,
>>>> >> > F-Secure, to name a few. However, this is addressed to those of
>>>> >> > you in
>>>> >> > this
>>>> >> > newsgroup, which of those do you prefer to use "out in the field"?
>>>> >>
>>>> >>
>>>>
>>>>
>>>>
>
>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map