Antivirus Software Is Destroying My Computer
in [Windows Viruses]
|
From: RossettoeCioccolato on 8 Mar 2010 17:26 > The installer will rewrite the MBR if no validity marker is found. And if there is a valid MBR that loads a valid rootkit...?
From: Andy Medina on 8 Mar 2010 18:07 Best way to get around that is to "Zero out" or wipe the drive. There are utilities that will do this like dban (Darik's Boot And Nuke). http://www.dban.org/about Then a new MBR will be written. There is also the Recovery Console fixmbr utility to rewrite the MBR. Generally if the OS is being reinstalled due to virus/malware/whatever issues, then a MBR rewrite should be done. I just use dban and be done with it. "RossettoeCioccolato" <rossetoecioccolato(a)newsgroup.nospam> wrote in message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >> The installer will rewrite the MBR if no validity marker is found. > > And if there is a valid MBR that loads a valid rootkit...?
From: "FromTheRafters" erratic on 8 Mar 2010 18:57 "RossettoeCioccolato" <rossetoecioccolato(a)newsgroup.nospam> wrote in message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >> The installer will rewrite the MBR if no validity marker is found. > > And if there is a valid MBR that loads a valid rootkit...? Then I presume that Leythos' "wipe" wipes out the valid marker (he wrote "wipe" and I know that he knows what that entails). If you just go to install without wiping, the MBR might not be touched. Probably any rootkit hiding code in the MBR would also have to have relocated some MBR code to another area of the disk to function properly during boot - so, this other area of the disk must also go untouched for the rootkit to work.
From: ~BD~ on 8 Mar 2010 19:35 FromTheRafters wrote: > "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in > message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>> The installer will rewrite the MBR if no validity marker is found. >> >> And if there is a valid MBR that loads a valid rootkit...? > > Then I presume that Leythos' "wipe" wipes out the valid marker (he wrote > "wipe" and I know that he knows what that entails). If you just go to > install without wiping, the MBR might not be touched. Probably any > rootkit hiding code in the MBR would also have to have relocated some > MBR code to another area of the disk to function properly during boot - > so, this other area of the disk must also go untouched for the rootkit > to work. > > I like Andy's approach best! Better safe than sorry. :) -- Dave
From: Peter Foldes on 8 Mar 2010 19:52
BD You have no idea what the conversation entailed. Leythos said the same as Andy did in a round about way -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "~BD~" <BoaterDave@~NO-SPAM~hotmail.co.uk> wrote in message news:XbydnZkHYvlaCgjWnZ2dnUVZ8nNi4p2d(a)bt.com... > FromTheRafters wrote: >> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>> The installer will rewrite the MBR if no validity marker is found. >>> >>> And if there is a valid MBR that loads a valid rootkit...? >> >> Then I presume that Leythos' "wipe" wipes out the valid marker (he wrote >> "wipe" and I know that he knows what that entails). If you just go to >> install without wiping, the MBR might not be touched. Probably any >> rootkit hiding code in the MBR would also have to have relocated some >> MBR code to another area of the disk to function properly during boot - >> so, this other area of the disk must also go untouched for the rootkit >> to work. >> >> > > I like Andy's approach best! > > Better safe than sorry. :) > > -- > Dave |