|
Posted by FromTheRafters on August 20, 2008, 3:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Yes, but formating and partitioning are two different
things. Even when partitioning is the subject, IIRC
the boot areas are not fixed by default unless there
is no marker (flag?) found indicating there is a valid
boot sector present.
Anyway - when rootkits or other very sticky malware
are concerned it is best to fix the boot axis as well as
making the data stored by the filesystem inaccessible
or invalid. Format addresses the latter, but not the
former (unless they changed something I am not aware
of). :o)
Fixmbr or fdisk /mbr probably - or the old bootsect.exe
'bootsect write bootsect.bak' sound familiar?
>I believe that if you delete all the partitions from the drive, apply the
>changes and then create a new partition - a new MBR is created. A boot
>sector virus should not survive this action.
>
> I seem to remember that I did just that about 8 years ago to remove a boot
> sector virus from a friends computer.
>
> But then, it was 8 years ago! (-:
>
> --
>
> Richard Urban
> Microsoft MVP
> Windows Desktop Experience
>
>
>> If your OS has been severely compromised, you don't want to
>> use the copy of format.com that is on that machine to do the
>> format. In the old days, the "rootkit" was a collection of utilities
>> and tools that were modified from their original to something
>> perhaps nefarious. If someone had root access they could
>> replace the formatting tool with one that only appears to format
>> the drive. As long as the act of formatting and reinstalling touches
>> the boot axis areas of the disk then any trace of malware should
>> be overwritten or no longer linked to.
>>
>> There is some malware (I forget the name(s)) that affect the boot
>> areas of the disk, and IIRC simple format won't affect that area.
>> You probably are just left with an unbootable drive unless the
>> area is repaired.
>>
>>>A simple format and reinstall is sufficient to have a fresh clean copy of
>>>the OS without malware.
>>>
>>> Multi-pass wipes aren't necessary unless you want to ensure there's
>>> nothing remaining when you sell or give away the drive.
>>>
>>> --
>>> Steve Riley
>>> steve.riley@microsoft.com
>>> http://blogs.technet.com/steriley
>>> http://www.protectyourwindowsnetwork.com
>>>
>>>
>>>
>>>> Thank you. For instance, a DOD wipe is done before a clean
>>>> installation for
>>>> better safety and security. I would imagine, the only true safety on a
>>>> drive
>>>> is to perform this and then totally annihilate the hard drive if it
>>>> contains
>>>> classified and/or sensitive information.
>>>>
>>>> "FromTheRafters" wrote:
>>>>
>>>>> Wipe is "cleaner" than format, and reload is dependent on
>>>>> exactly what is reloaded.
>>>>>
>>>>> > Steve and Robear, I was wondering if that was as clean as a format
>>>>> > and
>>>>> > clean
>>>>> > install or is my wording just different and means the same thing.
>>>>> > <?>
>>>>> >
>>>>> > "PA Bear [MS MVP]" wrote:
>>>>> >
>>>>> >> 9 times out of 10, we end up ripping them out by the roots...or
>>>>> >> doing a
>>>>> >> "wipe & reload."
>>>>> >> --
>>>>> >> ~Robear Dyer (PA Bear)
>>>>> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> >> AumHa VSOP & Admin http://aumha.net
>>>>> >> DTS-L http://dts-l.net/
>>>>> >>
>>>>> >> Spin wrote:
>>>>> >> > I know Symantec offers RootKit detection tools, as does Panda
>>>>> >> > Security,
>>>>> >> > F-Secure, to name a few. However, this is addressed to those of
>>>>> >> > you in
>>>>> >> > this
>>>>> >> > newsgroup, which of those do you prefer to use "out in the
>>>>> >> > field"?
>>>>> >>
>>>>> >>
>>>>>
>>>>>
>>>>>
>>
>>
>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map