-
June 8th, 2003, 09:24 AM
#11
Re: virus survive a format?
Originally posted here by oso_1_
can a virus survive a hard drive format?
well i try to answer ur question as correctly as i can answer...
a straight forward answer is "yes, a virus can survive HDD format"...but how...
to explain it..let me first explain some basic types of viruses...soon i will be writing a tut on viruses...
1. MBR/boot sector---those viruses which infect only MBR/Boot record and gets loaded whenever the system is booted from infected disk...doesnt matter if the disk is bootable or not.........
2. File --- those viruses which infect only executables.
3. those which infect both MBR/Boot record as well as files...
now lets consider a situation..........u are already infected from a virus...its either of type 1 or 3 ... u detect it..and format ur HDD...now let us see what will happen..........the virus is already in RAM of ur system....and is looking for uninfected MBR/boot record.....as soon as formating is over ... virus detects the HDD as uninfected target...and immediately infects it..........so it has survived a formatting...
solution to this type of problem is...first boot from a clean disk and then format.....
as far as viruses residing in CMOS etc are concerned....let me explain this to you.........
a virus needs some executable code to trigger it.....and CMOS hardly contains any executable code (as far as to my best knowledge)....furture CMOS may be vendor specific.........so a virus infecting CMOS only may never get triggered.......so at most a virus worth its salts....will never try to mess with CMOS...at most viruses can hide some of their data in CMOS....or can corrupt the data in CMOS.............
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
June 8th, 2003, 11:18 AM
#12
Several things:
1. Although some viruses maliciously modify the bios memory area, I don't think there are any which can remain resident there. I think it's unlikely.
2. Boot sector viruses are very rare these days, they don't work in Windows. This is because it would be too complicated to make and nobody boots off floppies (nobody even uses floppies) much any more. In any case, you can always reinitialise your boot sector (fdisk /mbr from dos (NO, that doesn't work in Windows NT, get a dos boot floppy))
Unless you run DOS and frequently exchange floppies with other dos users, I wouldn't worry about boot sector viruses. By DOS, I mean DOS, not Windows 98, Windows 2,000,000 etc
3. A virus *CAN* survive a reformat by being resident in your backups.
When restoring your backups either:
- Delete all executable files (this includes Word documents, Excel, MS Access and anything else that could contain macros), and obtain fresh copies from either read-only media (the CDs the apps came on), recompile them (if you made them yourself), or download from the vendor's official web site (only the official one, not p2p or warez)
- Files which are definitely not executable are safe (txt files, jpeg, html, mp3s etc)
- If you cannot delete *all* executable files, be very careful with any remaining ones, ensuring you have a virus checker installed before running any executables from your backups.
If your source of software is warez, p2p or unofficial web sites, forget about data integrity, you will always have mal-ware all over your machine, some of which is undetectable to virus checkers. Serves you right.
-
June 8th, 2003, 07:44 PM
#13
There have been reports of viruses that can attack your flashable BIOS.
If the virus succeeds in reprogramming the flash BIOS ROM, there is no software remedy for it: your PC will no longer be bootable and the flash BIOS will need to be replaced or re-programmed in a special EEPROM programming device. Where the flash BIOS ROM is permanently attached to the motherboard, the entire motherboard will need replacing.
http://www.disastercenter.com/virus.htm
I came in to the world with nothing. I still have most of it.
-
June 9th, 2003, 08:55 AM
#14
If you have a 'Boot Sector' Virus........type FDISK /MBR (virus will be gone, and boot sector recovered)
-
June 9th, 2003, 02:06 PM
#15
That would be a virus that distroys your CMOS not reprograms it...Cmos is a very small area, it would be very dificault to write a virus that it and fit the computers boot instructions also...so a virus can distroy bios but not hide in it.
As for surviveing a forma, there are a few that hid themselfes in bad sectors on a drive, those would survive but they would be dormant after a format.
-
June 9th, 2003, 04:12 PM
#16
If you've already formatted and still have a virus, it's most likely in your master boot record virus. To ensure removal. Destroy and re-create the current partition, fdisk /mbr to clear the master boot record, format again and reinstall media. Be sure that you are not using infected floppys or have the virus in your backups.
It would also be a good idea to invest in a virus removal tools.
--PuRe
-
June 10th, 2003, 06:59 AM
#17
Originally posted here by dcongram
If you have a 'Boot Sector' Virus........type FDISK /MBR (virus will be gone, and boot sector recovered)
noticed my reply as soon as the boot sector gets uninfected...virus in RAM detects it and again infects it....
a virus may destroy CMOS but cant use it to launch itself..........
if u are going for repartitioning ensure u boot from uninfected media....
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
June 11th, 2003, 12:04 AM
#18
Yeah, there is a virus that tends to get reloaded on 95% of the worlds desktops, its called Windows! lol
k, on a more serious note, I have also heard rumors about viruses that try to corrupt the flash bios and stuff like that, and that MBR viruses can 'survive a format.' What I figure is, use a clean, fresh installed system (install booted from the retail CD's etc) and download the tool to 'zero' your harddrive. (scan it for viruses too) Then boot up from a clean floppy (made during the install) and zero the drive. Then run fdisk, and then format what you need. Shut down (to clear the RAM and stuff much better than just rebooting) and boot the install from the CD's. Also, as already pointed out, be very careful about reloading your backups. Then it should hopefully be clean. (at least thats my paranoid route after a nasty infection)
I hope that was clear, lol. Sorry if it didn't make much sense. (I'm late for an awards ceremony at school, its kinda rushed)
Dave
Alcohol & calculus don't mix. Never drink & derive.
-
June 13th, 2003, 01:45 AM
#19
-
June 13th, 2003, 11:37 AM
#20
Member
Yes Oso the can and If you boot off the infected HDD, the virus will be resident and rewrite itself to the MBR anytime someone else writes the MBR.
To clean up, you need to boot off a known clean, write protected floppy disk and do the fdisk and format /u from there. Or better yet, use a sector level utility that wipes the drive by writing meaningless stuff to each sector.
if you wanted to be absolutely sure of not getting reinfected is to debug the MBR then debug the partitions (given that nothing was saved to the BIOS). Reinstall all programs off of the CD's and don't reinstall any saved data.
here is a link for the utility to learn more....http://www.whitecanyon.com/wipedrive_overview.php
man its too early for spelling but what i was trying to say is a virus can live through a format
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|