dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3908
Secyurityet
Premium Member
join:2012-01-07
untied state
·T-Mobile

Secyurityet to NetFixer

Premium Member

to NetFixer

Re: a reformat clears the mbr right

said by NetFixer:

said by Secyurityet:

They're still a lot cheaper per GB than they were 5 years ago.

Besides, how much is your time worth to you? consider a low-level format and a three-pass wipe job on a 100 GB drive vs a 20-minute trip to Compu-mart...

I'd just buy a new drive and go from there.

Of course, the OP really only needs to create a new MBR and do a quick OS level format on the partition(s) being used.

That is only a few seconds for the MBR (basically just the time it takes to type the command or make a few mouse clicks)

The quick OS format will typically take less than a minute (even for much larger partitions than 100 GB).

Not to mention that both of the above operations will need to be done on the new drive too.

Do you own Compu-mart, or do you just work there?

That's fine. If you trust that your advice will get rid of the malware, and OP wants to agree with you, that's fine. No skin off my nose.

BTW, I haven't bought a drive lately that needed a low-level format and a security wipe to kill off malware right out of the box...

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to Secyurityet

Premium Member

to Secyurityet
said by Secyurityet:

said by signmeuptoo94:

Not to mention anyone getting ahold of the old disk and stealing identity.

Precisely why God made rare-earth magnets and T-9 Torx bits...

My preference is for a preliminary fire axe assault followed by a massage from a 6 pound sledge hammer. It is really quite therapeutic.
Secyurityet
Premium Member
join:2012-01-07
untied state

Secyurityet

Premium Member

Ah, but you might break up the rare earth magnets inside the case, which, if left intact, are handy for erasing platters and hanging steel shelving on the wall.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

1 recommendation

NetFixer to Secyurityet

Premium Member

to Secyurityet
said by Secyurityet:

That's fine. If you trust that your advice will get rid of the malware, and OP wants to agree with you, that's fine. No skin off my nose.

BTW, I haven't bought a drive lately that needed a low-level format and a security wipe to kill off malware right out of the box...

I am quite certain that my advice is good. A new MBR and an OS format is all that is required to make an HDD safe to use after any infection. Exactly from where do you think the infection is going to be resurrected? The only place would be from the installation source, and that would still be used for your new HDD.

You are the one talking about a low-level format (which incidentally is impossible for an end-user to do on any HDD that I have seen that was manufactured since the mid 1980s), and a three -pass wipe, not me.
dave
Premium Member
join:2000-05-04
not in ohio

dave to Secyurityet

Premium Member

to Secyurityet
said by Secyurityet:

consider a low-level format and a three-pass wipe job on a 100 GB drive vs a 20-minute trip to Compu-mart...

Well, sure, if you believe in voodoo. On the other hand, one pass of overwrite for the first hundred or so sectors takes almost no time at all, and does the job perfectly.

Anyone that believes operational malware survives being overwritten does not understand storage.
Secyurityet
Premium Member
join:2012-01-07
untied state
·T-Mobile

Secyurityet

Premium Member

We are getting close to Mardi Gras...voodoo may apply.

I'll take your word on the one pass, but won't test it -- because I'd prefer to replace a tainted drive and start over with a fresh load.

Fortunately, I don't need to do it very often.
RJ44
join:2001-10-19
Nashville, TN

RJ44

Member

said by Secyurityet:

We are getting close to Mardi Gras...voodoo may apply.

I'll take your word on the one pass, but won't test it -- because I'd prefer to replace a tainted drive and start over with a fresh load.

Fortunately, I don't need to do it very often.

You "need" to do it even less often than you seem to think you do but that's another story as well
dave
Premium Member
join:2000-05-04
not in ohio

2 recommendations

dave to Secyurityet

Premium Member

to Secyurityet
The function of storage in a computer is to record the last thing written to it, and on request, return exactly that thing. Not some other thing that was written earlier. Ergo, if you overwrite it with a new thing, the previous thing is gone.

The rumours that run round the internet to the effect that a man with a large research budget and an atomic-force microscope can read the previous settings are completely irrelevant here. Or even the slightly saner concerns about sector sparing.

We are only concerned with whether the disk subsystem is able to bring into memory (for execution, otherwise it does not matter) the previous content of the disk, now overwritten by something else. A disk system that does not return the last-written data for any given sector is called 'not working'.

n00blet1
@optonline.net

n00blet1 to n00blet1

Anon

to n00blet1
okay so, clear mbr, then reformat.

Then i am thinking, what if this rootkit spreads itself to the files on the os? like if i download the motherboard drivers, burn it to a cd.

would it attach itself to the drivers? or am i just paranoid?

also how about rootkits residing in the bios of motherboards?

im paranoid.
n00blet1

n00blet1 to n00blet1

Anon

to n00blet1
unfortunately the pc came with a Counterfeit version of windows 7....

so i ran mbrcheck....everything seemed to be okay.

but definitely i think this system is rooted. -

i was thinking about getting an ssd. reflashing the bios. purchasing a legit copy of windows 7, or wait until 8 comes out

The thought of me being a zombie pc is terrifying.

i share this pc with other people so....
dave
Premium Member
join:2000-05-04
not in ohio

dave to n00blet1

Premium Member

to n00blet1
said by n00blet1 :

Then i am thinking, what if this rootkit spreads itself to the files on the os?

Where will this rootkit come from, if you've wiped the MBR and reformatted all partitions? It's gone.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by dave:

said by n00blet1 :

Then i am thinking, what if this rootkit spreads itself to the files on the os?

Where will this rootkit come from, if you've wiped the MBR and reformatted all partitions? It's gone.

It that particular post, I think the OP was implying that the infected system is still in use, so that there would exist the possibility that any drivers, ISO images, etc that were downloaded (and probably saved to CD/DVD) prior to the drive cleansing would also become infected.

Apparently (based on another post) the OP does not have a known good OS CD/DVD from which to boot and reinstall the OS.

unfortunately the pc came with a Counterfeit version of windows 7....

dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

said by NetFixer:

I think the OP was implying that the infected system is still in use, so that there would exist the possibility that any drivers, ISO images, etc that were downloaded (and probably saved to CD/DVD) prior to the drive cleansing would also become infected.

Ah, gotcha, thanks. Yes, that is an unfortunate possibility.

n00blet1
@optonline.net

n00blet1 to n00blet1

Anon

to n00blet1
it's the in the wild windows 7 loader that this os has been "reversed engineered" upon...

i don't know the specs of the rootkit....what it's capable of....the os can just be rooted and that's it.

but i am not the only user of this counterfeit os so there are probably thousands in the same position as me....just not security conscious.

Anyway....i guess i would download the drivers from another pc...just for some peace of mind.

This bios has also a boot sector virus protection option....not sure what good that would do.

I have reflashed.

Then again....there have been numerous reports of malware residing in asian made motherboards for quite some time now....just not really read upon in depth.

Or am i just fear mongering here?

sigh
n00blet1

n00blet1 to n00blet1

Anon

to n00blet1
and one more thing, what is this new fad about solid state drives?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by n00blet1 :

and one more thing, what is this new fad about solid state drives?

Not really new, I had solid state drives in two 1980's vintage CPM based Xerox 820 PCs. The only new thing is that they are becoming widely available for the masses (and they look like normal magnetic disk drives instead of circuit boards).

And FWIW, if you load an infected OS onto one of them, you will still have an infected PC.

n00blet1
@optonline.net

n00blet1 to n00blet1

Anon

to n00blet1
i was worried about if on the current os....if i download the motherboard drivers....possibly the rootkit might have worm like features and attach itself to the drivers? so when i burn to a cd....and insert it on a genuine os i would get re-infected.

But that may just be a paranoid delusional thought, but in computer security....

ashrc4
Premium Member
join:2009-02-06
australia

ashrc4 to n00blet1

Premium Member

to n00blet1
said by n00blet1 :

Then again....there have been numerous reports of malware residing in asian made motherboards for quite some time now....just not really read upon in depth.

Or am i just fear mongering here?

Considering your fears and apprehention for trusting hardware i've scoured the web looking for a more trusted solution.

Here it is; »www.theage.com.au/digita ··· k59.html


NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to n00blet1

Premium Member

to n00blet1
said by n00blet1 :

i was worried about if on the current os....if i download the motherboard drivers....possibly the rootkit might have worm like features and attach itself to the drivers? so when i burn to a cd....and insert it on a genuine os i would get re-infected.

But that may just be a paranoid delusional thought, but in computer security....

You had already mentioned using another PC to do the driver downloads (or at least that was my interpretation of what you said). Use that PC do to the burning too. Unless you have already somehow infected the other PC from a network connection or from transferred files, that should be safe. If you really don't know, then find a friend who will allow you to download and burn what you need using their PC (with no physical connection to either of your PCs)

And use a truly genuine OS, not another crackware copy that you downloaded from the internet. If you can't afford to purchase a genuine copy of Windows, download a Linux ISO directly from the official distro site, not from some warez site. Doing anything else is only going to repeat the same cycle.

n00blet1
@optonline.net

n00blet1 to n00blet1

Anon

to n00blet1
the pc came with the os like that...believe it or not...from an independant shop. i did not buy the computer....

but i know more about operating systems, security than they do....they told me to help them update....updates were not working....i did some checks - ran some commands....BAM - found out it was not genuine....

Happens
n00blet1

n00blet1 to n00blet1

Anon

to n00blet1
but i share it with 3 other people, and i told them what they are facing, they understand.

eventually i'm just going to go through with it....just got to go out and purchase windows 7.....

believe it or not these people have a legit copy of an av on this os too...lol

but im anticipating the release of windows 8.
n00blet1

n00blet1 to NetFixer

Anon

to NetFixer
can you clarify what you meant when you said "infected the other pc from a network connection" it is connected to a wired router that this same un genuine os is connected too....but that pc has a genuine os....

would that pose a problem here?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer

Premium Member

said by n00blet1 :

can you clarify what you meant when you said "infected the other pc from a network connection" it is connected to a wired router that this same un genuine os is connected too....but that pc has a genuine os....

would that pose a problem here?

That is a network connection.

I have no way of knowing if the second PC has become infected since I have no knowledge of what kind of infection(s) you have on the first PC, or what kind of security you have on the second PC. That you have to ask the question however, tells me that both PCs may indeed be infected. This is especially so if you have explicitly exchanged files between the two PCs...either via the network or via removable drive or media swapping. But just being connected is all that is required depending on the nature of the infection(s). There are some residential/soho grade routers that are capable of providing vlan isolation between connected clients, but even if your router has that capability, it would seem unlikely that you have configured that kind of advanced protection.

n00blet1
@optonline.net

n00blet1 to n00blet1

Anon

to n00blet1
hmmm no i don't use that network sharing -bridge connection thing, and i haven't exchanged any files between the pc's...the pc's are not inter-connected...

so yea i think i'm okay on this one....
n00blet1

n00blet1

Anon

just incase i didn't make sense, because usually i don't explain things well

the second pc just receives an ethernet wire from one of slots of the router....
n00blet1

n00blet1 to n00blet1

Anon

to n00blet1
okay so more research pinpoints what it is.

"Windows 7 Loader(10-14-2009)"

so apparently it was cracked by a group? or something...i'm not too familiar with the warez scene.