:confused:
can a virus survive a hard drive format?
Printable View
:confused:
can a virus survive a hard drive format?
yes!
Now to really answer the Question:
Never assume that a format on its own will rid you of ALL virii.
If I am not to sure of the Bug that destroyed the data on a drive.. And the customer is not willing to pay for a forensics recovery of data.. A low level format, partition and format is the first step (with the drive in a clean machine).
Some Virii CAN (not will or does) hide in the Mobo CMOS Ram, Also some code CAN make changes to the BIOS itself and hide itself in the BIOS..
But then what seems like a virus in the BIOS/CMOS could also be a simple corruption of the bios and just needs reseting..(this account for more than half of my suspected Virus infected machines)
Hope this is of help.. I am sure there are others who can give better and more detailed inf..and or Links to the Info..
Cheers
yes that is helpfull
and virii in the bios would explain what happend to a couple of my mother boards.
can it also get into pci cards like display cards
p.s. how do i change my user name to some thing else?
Excuse me?!? :mad: User name to what, man? Here in AO, another site, something like a database, or the user accounts in your comp's login?? If so which OS do you have exactly???Quote:
sorry
here in AO
Just get a new e-mail address, register useing that address only under a different name, then wait for your accounting info to come through the mail so you can start posting agian.
thnx
i was just hoping that i could change it and keep my stats and settings but owell.
Not that I have seen..YET.. I suspect that it is possable, have read some boasts of such activityQuote:
and virii in the bios would explain what happend to a couple of my mother boards.
can it also get into pci cards like display cards
Anything that uses EEPROM/Flash memory either for Device BIOS or Device's own use, can have these areas of memory written to.. ie Video Cards AGP and some PCI, CD-RW's, External Modems,
Cheers
i have this pci video card and every mother board i've put it in has died so i think its the card but i also have a bigfoot hard drive that had had a worm and then i got it formated but i dont want to try it with my new mother board thats working fine but i would like the extra mem.
should i risk hooking it up or what
As far as I know it is not possible for a virus to hide ina psi card, it is ossible and has happend to a frined of mine that a virus logged itself in the bios, so we just flashed it and it was all good. As far as every mother board dieing when your using a card, it could be couple of problems. 1. is trhe card compatible and 2 is it a defective product.
well i try to answer ur question as correctly as i can answer...Quote:
a straight forward answer is "yes, a virus can survive HDD format"...but how...
to explain it..let me first explain some basic types of viruses...soon i will be writing a tut on viruses...
1. MBR/boot sector---those viruses which infect only MBR/Boot record and gets loaded whenever the system is booted from infected disk...doesnt matter if the disk is bootable or not.........
2. File --- those viruses which infect only executables.
3. those which infect both MBR/Boot record as well as files...
now lets consider a situation..........u are already infected from a virus...its either of type 1 or 3 ... u detect it..and format ur HDD...now let us see what will happen..........the virus is already in RAM of ur system....and is looking for uninfected MBR/boot record.....as soon as formating is over ... virus detects the HDD as uninfected target...and immediately infects it..........so it has survived a formatting...
solution to this type of problem is...first boot from a clean disk and then format.....
as far as viruses residing in CMOS etc are concerned....let me explain this to you.........
a virus needs some executable code to trigger it.....and CMOS hardly contains any executable code (as far as to my best knowledge)....furture CMOS may be vendor specific.........so a virus infecting CMOS only may never get triggered.......so at most a virus worth its salts....will never try to mess with CMOS...at most viruses can hide some of their data in CMOS....or can corrupt the data in CMOS.............
Several things:
1. Although some viruses maliciously modify the bios memory area, I don't think there are any which can remain resident there. I think it's unlikely.
2. Boot sector viruses are very rare these days, they don't work in Windows. This is because it would be too complicated to make and nobody boots off floppies (nobody even uses floppies) much any more. In any case, you can always reinitialise your boot sector (fdisk /mbr from dos (NO, that doesn't work in Windows NT, get a dos boot floppy))
Unless you run DOS and frequently exchange floppies with other dos users, I wouldn't worry about boot sector viruses. By DOS, I mean DOS, not Windows 98, Windows 2,000,000 etc
3. A virus *CAN* survive a reformat by being resident in your backups.
When restoring your backups either:
- Delete all executable files (this includes Word documents, Excel, MS Access and anything else that could contain macros), and obtain fresh copies from either read-only media (the CDs the apps came on), recompile them (if you made them yourself), or download from the vendor's official web site (only the official one, not p2p or warez)
- Files which are definitely not executable are safe (txt files, jpeg, html, mp3s etc)
- If you cannot delete *all* executable files, be very careful with any remaining ones, ensuring you have a virus checker installed before running any executables from your backups.
If your source of software is warez, p2p or unofficial web sites, forget about data integrity, you will always have mal-ware all over your machine, some of which is undetectable to virus checkers. Serves you right.
There have been reports of viruses that can attack your flashable BIOS.
http://www.disastercenter.com/virus.htmQuote:
If the virus succeeds in reprogramming the flash BIOS ROM, there is no software remedy for it: your PC will no longer be bootable and the flash BIOS will need to be replaced or re-programmed in a special EEPROM programming device. Where the flash BIOS ROM is permanently attached to the motherboard, the entire motherboard will need replacing.
:cool:
If you have a 'Boot Sector' Virus........type FDISK /MBR (virus will be gone, and boot sector recovered)
That would be a virus that distroys your CMOS not reprograms it...Cmos is a very small area, it would be very dificault to write a virus that it and fit the computers boot instructions also...so a virus can distroy bios but not hide in it.Quote:
Originally posted here by rcgreen
There have been reports of viruses that can attack your flashable BIOS.
http://www.disastercenter.com/virus.htm
:cool:
As for surviveing a forma, there are a few that hid themselfes in bad sectors on a drive, those would survive but they would be dormant after a format.
If you've already formatted and still have a virus, it's most likely in your master boot record virus. To ensure removal. Destroy and re-create the current partition, fdisk /mbr to clear the master boot record, format again and reinstall media. Be sure that you are not using infected floppys or have the virus in your backups.
It would also be a good idea to invest in a virus removal tools.
--PuRe
noticed my reply as soon as the boot sector gets uninfected...virus in RAM detects it and again infects it....Quote:
Originally posted here by dcongram
If you have a 'Boot Sector' Virus........type FDISK /MBR (virus will be gone, and boot sector recovered)
a virus may destroy CMOS but cant use it to launch itself..........
if u are going for repartitioning ensure u boot from uninfected media....
Yeah, there is a virus that tends to get reloaded on 95% of the worlds desktops, its called Windows! lol
k, on a more serious note, I have also heard rumors about viruses that try to corrupt the flash bios and stuff like that, and that MBR viruses can 'survive a format.' What I figure is, use a clean, fresh installed system (install booted from the retail CD's etc) and download the tool to 'zero' your harddrive. (scan it for viruses too) Then boot up from a clean floppy (made during the install) and zero the drive. Then run fdisk, and then format what you need. Shut down (to clear the RAM and stuff much better than just rebooting) and boot the install from the CD's. Also, as already pointed out, be very careful about reloading your backups. Then it should hopefully be clean. (at least thats my paranoid route after a nasty infection)
I hope that was clear, lol. Sorry if it didn't make much sense. (I'm late for an awards ceremony at school, its kinda rushed)
Dave
:eek: what about when i took the battery out of the mother board and waited a half hour then put it back in booted up with no hard drive hooked up set the bios to check for floppy drives and the thing could not find drive a:?
i tried differnt cables differnt drives but still the same result .
thats why i tryed the other mother boards and they started having the same problem till that one mother board wouldnt even boot any more it would just freeze after trying to detect a hard drive. :confused:
also we are talking about this in one of my other threads "formated hard drives"
Yes Oso the can and If you boot off the infected HDD, the virus will be resident and rewrite itself to the MBR anytime someone else writes the MBR.
To clean up, you need to boot off a known clean, write protected floppy disk and do the fdisk and format /u from there. Or better yet, use a sector level utility that wipes the drive by writing meaningless stuff to each sector.
if you wanted to be absolutely sure of not getting reinfected is to debug the MBR then debug the partitions (given that nothing was saved to the BIOS). Reinstall all programs off of the CD's and don't reinstall any saved data.
here is a link for the utility to learn more....http://www.whitecanyon.com/wipedrive_overview.php
man its too early for spelling but what i was trying to say is a virus can live through a format