Antivirus Software Is Destroying My Computer
in [Windows Viruses]
|
From: Leythos on 8 Mar 2010 20:03 In article <#ko9OLyvKHA.1692(a)TK2MSFTNGP04.phx.gbl>, okf22(a)hotmail.com says... > You have no idea what the conversation entailed. Leythos said the same as Andy did > in a round about way > I generally ignore BD, he's about as close to a troll as anyone can come without actually being one. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: "FromTheRafters" erratic on 8 Mar 2010 20:19 "~BD~" <BoaterDave@~NO-SPAM~hotmail.co.uk> wrote in message news:XbydnZkHYvlaCgjWnZ2dnUVZ8nNi4p2d(a)bt.com... > FromTheRafters wrote: >> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>> The installer will rewrite the MBR if no validity marker is found. >>> >>> And if there is a valid MBR that loads a valid rootkit...? >> >> Then I presume that Leythos' "wipe" wipes out the valid marker (he >> wrote >> "wipe" and I know that he knows what that entails). If you just go to >> install without wiping, the MBR might not be touched. Probably any >> rootkit hiding code in the MBR would also have to have relocated some >> MBR code to another area of the disk to function properly during >> boot - >> so, this other area of the disk must also go untouched for the >> rootkit >> to work. >> >> > > I like Andy's approach best! > > Better safe than sorry. :) That *is* Andy's approach, only stated differently. If you *wipe* the drive , the program data is obliterated. Then you load known good replacement data and everybody's happy. :o)
From: David H. Lipman on 8 Mar 2010 20:27 From: "FromTheRafters" <erratic @nomail.afraid.org> | That *is* Andy's approach, only stated differently. If you *wipe* the | drive , the program data is obliterated. Then you load known good | replacement data and everybody's happy. :o) :-) ^2 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: ~BD~ on 8 Mar 2010 20:52 Leythos wrote: > In article<#ko9OLyvKHA.1692(a)TK2MSFTNGP04.phx.gbl>, okf22(a)hotmail.com > says... >> You have no idea what the conversation entailed. Leythos said the same as Andy did >> in a round about way >> > > I generally ignore BD, he's about as close to a troll as anyone can come > without actually being one. > I simply questioned whether or not you always replace the MBR. You actually said "I just boot from the Windows CD and go from there". No mention was made by you of using any facility to replace the MBR although others feel that that is what you implied by 'wipe'. Do you now confirm that you *do* always replace the MBR? -- Dave - a response would be appreciated
From: Leythos on 9 Mar 2010 05:58
In article <OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic @nomail.afraid.org says... > > "RossettoeCioccolato" <rossetoecioccolato(a)newsgroup.nospam> wrote in > message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... > >> The installer will rewrite the MBR if no validity marker is found. > > > > And if there is a valid MBR that loads a valid rootkit...? > > Then I presume that Leythos' "wipe" wipes out the valid marker (he wrote > "wipe" and I know that he knows what that entails). If you just go to > install without wiping, the MBR might not be touched. Probably any > rootkit hiding code in the MBR would also have to have relocated some > MBR code to another area of the disk to function properly during boot - > so, this other area of the disk must also go untouched for the rootkit > to work. What's the point of "Wiping" a drive if you leave anything that could contain malware? -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address) |