Antivirus Software Is Destroying My Computer
in [Windows Viruses]
|
From: "FromTheRafters" erratic on 9 Mar 2010 06:59 "Leythos" <spam999free(a)rrohio.com> wrote in message news:MPG.25ff640f61ff7a4198a194(a)us.news.astraweb.com... > In article <OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic > @nomail.afraid.org says... >> >> "RossettoeCioccolato" <rossetoecioccolato(a)newsgroup.nospam> wrote in >> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >> >> The installer will rewrite the MBR if no validity marker is found. >> > >> > And if there is a valid MBR that loads a valid rootkit...? >> >> Then I presume that Leythos' "wipe" wipes out the valid marker (he >> wrote >> "wipe" and I know that he knows what that entails). If you just go to >> install without wiping, the MBR might not be touched. Probably any >> rootkit hiding code in the MBR would also have to have relocated some >> MBR code to another area of the disk to function properly during >> boot - >> so, this other area of the disk must also go untouched for the >> rootkit >> to work. > > What's the point of "Wiping" a drive if you leave anything that could > contain malware? You mean like flashable firmware? :oD I guess BD overlooked the fact that you wrote both "wipe...entire..." and "wipe...completely" in your post before even mentioning the Windows CD. :o)
From: ~BD~ on 9 Mar 2010 07:56 FromTheRafters wrote: > "Leythos"<spam999free(a)rrohio.com> wrote in message > news:MPG.25ff640f61ff7a4198a194(a)us.news.astraweb.com... >> In article<OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic >> @nomail.afraid.org says... >>> >>> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >>> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>>> The installer will rewrite the MBR if no validity marker is found. >>>> >>>> And if there is a valid MBR that loads a valid rootkit...? >>> >>> Then I presume that Leythos' "wipe" wipes out the valid marker (he >>> wrote >>> "wipe" and I know that he knows what that entails). If you just go to >>> install without wiping, the MBR might not be touched. Probably any >>> rootkit hiding code in the MBR would also have to have relocated some >>> MBR code to another area of the disk to function properly during >>> boot - >>> so, this other area of the disk must also go untouched for the >>> rootkit >>> to work. >> >> What's the point of "Wiping" a drive if you leave anything that could >> contain malware? > > You mean like flashable firmware? :oD Didn't we have a discussion about this once before? It is impossible for controlled malware to flash the BIOS ** - isn't it?!! > I guess BD overlooked the fact that you wrote both "wipe...entire..." > and "wipe...completely" in your post before even mentioning the Windows > CD. :o) By all means take the p*ss, but I overlooked nothing. Leythos has previously said that he is a 'professional' and I have no reason to doubt that. However ..... Many *readers* of this group will be *less* than 'expert' at computing and might well assume that using a Windows CD to re-install the operating system is the *only* action needed to trounce malware. I most certainly did many moons ago. My question was posed simply to leave no doubt at all for any less experienced folk that the MBR should always (IMO) be replaced when 'wiping' a hard drive. -- Dave - Re: ** the Chinese are damn clever you know!
From: "FromTheRafters" erratic on 9 Mar 2010 08:37 "~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... [...flashable firmware...blah, blah, blah ] > Didn't we have a discussion about this once before? It is impossible > for controlled malware to flash the BIOS ** - isn't it?!! Controlled malware? >> I guess BD overlooked the fact that you wrote both "wipe...entire..." >> and "wipe...completely" in your post before even mentioning the >> Windows >> CD. :o) > > > By all means take the p*ss, but I overlooked nothing. :o) I thought maybe you were thinking "format" while reading "wipe" which are *not* equivalent. > Leythos has previously said that he is a 'professional' and I have no > reason to doubt that. However ..... > > Many *readers* of this group will be *less* than 'expert' at computing > and might well assume that using a Windows CD to re-install the > operating system is the *only* action needed to trounce malware. I > most certainly did many moons ago. Yes, i does bear mentioning that a "wipe" *should* invalidate the MBR so that it will be rewritten when installing the OS. > My question was posed simply to leave no doubt at all for any less > experienced folk that the MBR should always (IMO) be replaced when > 'wiping' a hard drive. Also, that the MBR should be replaced with the *correct* MBR which might not necessarily be the one that the Windows CD thinks is correct. You wouldn't want the Windows CD to stomp on grub or lilo if your system is a dual boot system. You can reinstall Windows from a CD without affecting the MBR as long as it is still marked as valid, but after a "wipe" you would have to replace the now overwritten and invalidated MBR with whatever is proper.
From: ~BD~ on 9 Mar 2010 09:27 FromTheRafters wrote: > "~BD~"<BoaterDave.is(a)hotmail.co.uk> wrote in message > news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... > > [...flashable firmware...blah, blah, blah ] > >> Didn't we have a discussion about this once before? It is impossible >> for controlled malware to flash the BIOS ** - isn't it?!! > > Controlled malware? Is your Google b0rken? ;) Try here for starters: http://www.readwriteweb.com/archives/botnet_commanded_by_google_groups.php >>> I guess BD overlooked the fact that you wrote both "wipe...entire..." >>> and "wipe...completely" in your post before even mentioning the >>> Windows >>> CD. :o) >> >> >> By all means take the p*ss, but I overlooked nothing. > > :o) > > I thought maybe you were thinking "format" while reading "wipe" which > are *not* equivalent. > >> Leythos has previously said that he is a 'professional' and I have no >> reason to doubt that. However ..... >> >> Many *readers* of this group will be *less* than 'expert' at computing >> and might well assume that using a Windows CD to re-install the >> operating system is the *only* action needed to trounce malware. I >> most certainly did many moons ago. > > Yes, i does bear mentioning that a "wipe" *should* invalidate the MBR so > that it will be rewritten when installing the OS. > >> My question was posed simply to leave no doubt at all for any less >> experienced folk that the MBR should always (IMO) be replaced when >> 'wiping' a hard drive. > > Also, that the MBR should be replaced with the *correct* MBR which might > not necessarily be the one that the Windows CD thinks is correct. You > wouldn't want the Windows CD to stomp on grub or lilo if your system is > a dual boot system. You can reinstall Windows from a CD without > affecting the MBR as long as it is still marked as valid, but after a > "wipe" you would have to replace the now overwritten and invalidated MBR > with whatever is proper. Your other comments noted and accepted. I do not wish to pursue further! Thank you for not simply ignoring me! :) -- Dave
From: Phyllis on 9 Mar 2010 10:42
"~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... > FromTheRafters wrote: >> "Leythos"<spam999free(a)rrohio.com> wrote in message >> news:MPG.25ff640f61ff7a4198a194(a)us.news.astraweb.com... >>> In article<OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic >>> @nomail.afraid.org says... >>>> >>>> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >>>> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>>>> The installer will rewrite the MBR if no validity marker is found. >>>>> >>>>> And if there is a valid MBR that loads a valid rootkit...? >>>> >>>> Then I presume that Leythos' "wipe" wipes out the valid marker (he >>>> wrote >>>> "wipe" and I know that he knows what that entails). If you just go to >>>> install without wiping, the MBR might not be touched. Probably any >>>> rootkit hiding code in the MBR would also have to have relocated some >>>> MBR code to another area of the disk to function properly during >>>> boot - >>>> so, this other area of the disk must also go untouched for the >>>> rootkit >>>> to work. >>> >>> What's the point of "Wiping" a drive if you leave anything that could >>> contain malware? >> >> You mean like flashable firmware? :oD > > Didn't we have a discussion about this once before? It is impossible for > controlled malware to flash the BIOS ** - isn't it?!! > > >> I guess BD overlooked the fact that you wrote both "wipe...entire..." >> and "wipe...completely" in your post before even mentioning the Windows >> CD. :o) > > > By all means take the p*ss, but I overlooked nothing. Leythos has > previously said that he is a 'professional' and I have no reason to doubt > that. However ..... > > Many *readers* of this group will be *less* than 'expert' at computing and > might well assume that using a Windows CD to re-install the operating > system is the *only* action needed to trounce malware. I most certainly > did many moons ago. > > My question was posed simply to leave no doubt at all for any less > experienced folk that the MBR should always (IMO) be replaced when > 'wiping' a hard drive. > > -- > Dave - Re: ** the Chinese are damn clever you know! As a "less" then "expert" at computing, I want to really expose my ignorance and ask - what exactly is MBR? |