dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3652
share rss forum feed

Secyurityet
Premium
join:2012-01-07
untied state
reply to NetFixer

Re: a reformat clears the mbr right

said by NetFixer:

said by Secyurityet:

They're still a lot cheaper per GB than they were 5 years ago.

Besides, how much is your time worth to you? consider a low-level format and a three-pass wipe job on a 100 GB drive vs a 20-minute trip to Compu-mart...

I'd just buy a new drive and go from there.

Of course, the OP really only needs to create a new MBR and do a quick OS level format on the partition(s) being used.

That is only a few seconds for the MBR (basically just the time it takes to type the command or make a few mouse clicks)

The quick OS format will typically take less than a minute (even for much larger partitions than 100 GB).

Not to mention that both of the above operations will need to be done on the new drive too.

Do you own Compu-mart, or do you just work there?

That's fine. If you trust that your advice will get rid of the malware, and OP wants to agree with you, that's fine. No skin off my nose.

BTW, I haven't bought a drive lately that needed a low-level format and a security wipe to kill off malware right out of the box...


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to Secyurityet

said by Secyurityet:

said by signmeuptoo:

Not to mention anyone getting ahold of the old disk and stealing identity.

Precisely why God made rare-earth magnets and T-9 Torx bits...

My preference is for a preliminary fire axe assault followed by a massage from a 6 pound sledge hammer. It is really quite therapeutic.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

Secyurityet
Premium
join:2012-01-07
untied state

Ah, but you might break up the rare earth magnets inside the case, which, if left intact, are handy for erasing platters and hanging steel shelving on the wall.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

1 recommendation

reply to Secyurityet

said by Secyurityet:

That's fine. If you trust that your advice will get rid of the malware, and OP wants to agree with you, that's fine. No skin off my nose.

BTW, I haven't bought a drive lately that needed a low-level format and a security wipe to kill off malware right out of the box...

I am quite certain that my advice is good. A new MBR and an OS format is all that is required to make an HDD safe to use after any infection. Exactly from where do you think the infection is going to be resurrected? The only place would be from the installation source, and that would still be used for your new HDD.

You are the one talking about a low-level format (which incidentally is impossible for an end-user to do on any HDD that I have seen that was manufactured since the mid 1980s), and a three -pass wipe, not me.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to Secyurityet

said by Secyurityet:

consider a low-level format and a three-pass wipe job on a 100 GB drive vs a 20-minute trip to Compu-mart...

Well, sure, if you believe in voodoo. On the other hand, one pass of overwrite for the first hundred or so sectors takes almost no time at all, and does the job perfectly.

Anyone that believes operational malware survives being overwritten does not understand storage.

Secyurityet
Premium
join:2012-01-07
untied state

We are getting close to Mardi Gras...voodoo may apply.

I'll take your word on the one pass, but won't test it -- because I'd prefer to replace a tainted drive and start over with a fresh load.

Fortunately, I don't need to do it very often.


RJ44

join:2001-10-19
Nashville, TN

said by Secyurityet:

We are getting close to Mardi Gras...voodoo may apply.

I'll take your word on the one pass, but won't test it -- because I'd prefer to replace a tainted drive and start over with a fresh load.

Fortunately, I don't need to do it very often.

You "need" to do it even less often than you seem to think you do but that's another story as well

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

2 recommendations

reply to Secyurityet

The function of storage in a computer is to record the last thing written to it, and on request, return exactly that thing. Not some other thing that was written earlier. Ergo, if you overwrite it with a new thing, the previous thing is gone.

The rumours that run round the internet to the effect that a man with a large research budget and an atomic-force microscope can read the previous settings are completely irrelevant here. Or even the slightly saner concerns about sector sparing.

We are only concerned with whether the disk subsystem is able to bring into memory (for execution, otherwise it does not matter) the previous content of the disk, now overwritten by something else. A disk system that does not return the last-written data for any given sector is called 'not working'.



n00blet1

@optonline.net
reply to n00blet1

okay so, clear mbr, then reformat.

Then i am thinking, what if this rootkit spreads itself to the files on the os? like if i download the motherboard drivers, burn it to a cd.

would it attach itself to the drivers? or am i just paranoid?

also how about rootkits residing in the bios of motherboards?

im paranoid.



n00blet1

@optonline.net
reply to n00blet1

unfortunately the pc came with a Counterfeit version of windows 7....

so i ran mbrcheck....everything seemed to be okay.

but definitely i think this system is rooted. -

i was thinking about getting an ssd. reflashing the bios. purchasing a legit copy of windows 7, or wait until 8 comes out

The thought of me being a zombie pc is terrifying.

i share this pc with other people so....


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to n00blet1

said by n00blet1 :

Then i am thinking, what if this rootkit spreads itself to the files on the os?

Where will this rootkit come from, if you've wiped the MBR and reformatted all partitions? It's gone.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by dave:

said by n00blet1 :

Then i am thinking, what if this rootkit spreads itself to the files on the os?

Where will this rootkit come from, if you've wiped the MBR and reformatted all partitions? It's gone.

It that particular post, I think the OP was implying that the infected system is still in use, so that there would exist the possibility that any drivers, ISO images, etc that were downloaded (and probably saved to CD/DVD) prior to the drive cleansing would also become infected.

Apparently (based on another post) the OP does not have a known good OS CD/DVD from which to boot and reinstall the OS.

unfortunately the pc came with a Counterfeit version of windows 7....

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

said by NetFixer:

I think the OP was implying that the infected system is still in use, so that there would exist the possibility that any drivers, ISO images, etc that were downloaded (and probably saved to CD/DVD) prior to the drive cleansing would also become infected.

Ah, gotcha, thanks. Yes, that is an unfortunate possibility.


n00blet1

@optonline.net
reply to n00blet1

it's the in the wild windows 7 loader that this os has been "reversed engineered" upon...

i don't know the specs of the rootkit....what it's capable of....the os can just be rooted and that's it.

but i am not the only user of this counterfeit os so there are probably thousands in the same position as me....just not security conscious.

Anyway....i guess i would download the drivers from another pc...just for some peace of mind.

This bios has also a boot sector virus protection option....not sure what good that would do.

I have reflashed.

Then again....there have been numerous reports of malware residing in asian made motherboards for quite some time now....just not really read upon in depth.

Or am i just fear mongering here?

sigh



n00blet1

@optonline.net
reply to n00blet1

and one more thing, what is this new fad about solid state drives?



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by n00blet1 :

and one more thing, what is this new fad about solid state drives?

Not really new, I had solid state drives in two 1980's vintage CPM based Xerox 820 PCs. The only new thing is that they are becoming widely available for the masses (and they look like normal magnetic disk drives instead of circuit boards).

And FWIW, if you load an infected OS onto one of them, you will still have an infected PC.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


n00blet1

@optonline.net
reply to n00blet1

i was worried about if on the current os....if i download the motherboard drivers....possibly the rootkit might have worm like features and attach itself to the drivers? so when i burn to a cd....and insert it on a genuine os i would get re-infected.

But that may just be a paranoid delusional thought, but in computer security....



ashrc4
Premium
join:2009-02-06
australia
reply to n00blet1

said by n00blet1 :

Then again....there have been numerous reports of malware residing in asian made motherboards for quite some time now....just not really read upon in depth.

Or am i just fear mongering here?

Considering your fears and apprehention for trusting hardware i've scoured the web looking for a more trusted solution.

Here it is; »www.theage.com.au/digital-life/t···k59.html


--
Paradigm Shift beta test pilot. "Now is the not right time to stop folding."


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to n00blet1

said by n00blet1 :

i was worried about if on the current os....if i download the motherboard drivers....possibly the rootkit might have worm like features and attach itself to the drivers? so when i burn to a cd....and insert it on a genuine os i would get re-infected.

But that may just be a paranoid delusional thought, but in computer security....

You had already mentioned using another PC to do the driver downloads (or at least that was my interpretation of what you said). Use that PC do to the burning too. Unless you have already somehow infected the other PC from a network connection or from transferred files, that should be safe. If you really don't know, then find a friend who will allow you to download and burn what you need using their PC (with no physical connection to either of your PCs)

And use a truly genuine OS, not another crackware copy that you downloaded from the internet. If you can't afford to purchase a genuine copy of Windows, download a Linux ISO directly from the official distro site, not from some warez site. Doing anything else is only going to repeat the same cycle.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


n00blet1

@optonline.net
reply to n00blet1

the pc came with the os like that...believe it or not...from an independant shop. i did not buy the computer....

but i know more about operating systems, security than they do....they told me to help them update....updates were not working....i did some checks - ran some commands....BAM - found out it was not genuine....

Happens



n00blet1

@optonline.net
reply to n00blet1

but i share it with 3 other people, and i told them what they are facing, they understand.

eventually i'm just going to go through with it....just got to go out and purchase windows 7.....

believe it or not these people have a legit copy of an av on this os too...lol

but im anticipating the release of windows 8.



n00blet1

@optonline.net
reply to NetFixer

can you clarify what you meant when you said "infected the other pc from a network connection" it is connected to a wired router that this same un genuine os is connected too....but that pc has a genuine os....

would that pose a problem here?



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

said by n00blet1 :

can you clarify what you meant when you said "infected the other pc from a network connection" it is connected to a wired router that this same un genuine os is connected too....but that pc has a genuine os....

would that pose a problem here?

That is a network connection.

I have no way of knowing if the second PC has become infected since I have no knowledge of what kind of infection(s) you have on the first PC, or what kind of security you have on the second PC. That you have to ask the question however, tells me that both PCs may indeed be infected. This is especially so if you have explicitly exchanged files between the two PCs...either via the network or via removable drive or media swapping. But just being connected is all that is required depending on the nature of the infection(s). There are some residential/soho grade routers that are capable of providing vlan isolation between connected clients, but even if your router has that capability, it would seem unlikely that you have configured that kind of advanced protection.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


n00blet1

@optonline.net
reply to n00blet1

hmmm no i don't use that network sharing -bridge connection thing, and i haven't exchanged any files between the pc's...the pc's are not inter-connected...

so yea i think i'm okay on this one....



n00blet1

@optonline.net

just incase i didn't make sense, because usually i don't explain things well

the second pc just receives an ethernet wire from one of slots of the router....



n00blet1

@optonline.net
reply to n00blet1

okay so more research pinpoints what it is.

"Windows 7 Loader(10-14-2009)"

so apparently it was cracked by a group? or something...i'm not too familiar with the warez scene.