Antivirus Software Is Destroying My Computer
in [Windows Viruses]
|
From: Leythos on 9 Mar 2010 11:11 In article <uODOP85vKHA.5936(a)TK2MSFTNGP04.phx.gbl>, someone(a)microsoft.com says... > As a "less" then "expert" at computing, I want to really expose my ignorance > and ask - what exactly is MBR? > Master Boot Record http://en.wikipedia.org/wiki/Master_boot_record http://support.microsoft.com/kb/69013 -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: ~BD~ on 9 Mar 2010 11:17 Phyllis wrote: > > > "~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message > news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... >> FromTheRafters wrote: >>> "Leythos"<spam999free(a)rrohio.com> wrote in message >>> news:MPG.25ff640f61ff7a4198a194(a)us.news.astraweb.com... >>>> In article<OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic >>>> @nomail.afraid.org says... >>>>> >>>>> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >>>>> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>>>>> The installer will rewrite the MBR if no validity marker is found. >>>>>> >>>>>> And if there is a valid MBR that loads a valid rootkit...? >>>>> >>>>> Then I presume that Leythos' "wipe" wipes out the valid marker (he >>>>> wrote >>>>> "wipe" and I know that he knows what that entails). If you just go to >>>>> install without wiping, the MBR might not be touched. Probably any >>>>> rootkit hiding code in the MBR would also have to have relocated some >>>>> MBR code to another area of the disk to function properly during >>>>> boot - >>>>> so, this other area of the disk must also go untouched for the >>>>> rootkit >>>>> to work. >>>> >>>> What's the point of "Wiping" a drive if you leave anything that could >>>> contain malware? >>> >>> You mean like flashable firmware? :oD >> >> Didn't we have a discussion about this once before? It is impossible >> for controlled malware to flash the BIOS ** - isn't it?!! >> >> >>> I guess BD overlooked the fact that you wrote both "wipe...entire..." >>> and "wipe...completely" in your post before even mentioning the Windows >>> CD. :o) >> >> >> By all means take the p*ss, but I overlooked nothing. Leythos has >> previously said that he is a 'professional' and I have no reason to >> doubt that. However ..... >> >> Many *readers* of this group will be *less* than 'expert' at computing >> and might well assume that using a Windows CD to re-install the >> operating system is the *only* action needed to trounce malware. I >> most certainly did many moons ago. >> >> My question was posed simply to leave no doubt at all for any less >> experienced folk that the MBR should always (IMO) be replaced when >> 'wiping' a hard drive. >> >> -- >> Dave - Re: ** the Chinese are damn clever you know! > > As a "less" then "expert" at computing, I want to really expose my > ignorance and ask - what exactly is MBR? No problem :) Take a look here Phyllis: http://en.wikipedia.org/wiki/Master_boot_record HTH -- Dave - just a user like you!
From: Phyllis on 9 Mar 2010 11:38 "~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message news:oMCdndUlI4Ya6QvWnZ2dnUVZ8lGdnZ2d(a)bt.com... > Phyllis wrote: >> >> >> "~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message >> news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... >>> FromTheRafters wrote: >>>> "Leythos"<spam999free(a)rrohio.com> wrote in message >>>> news:MPG.25ff640f61ff7a4198a194(a)us.news.astraweb.com... >>>>> In article<OoShssxvKHA.5008(a)TK2MSFTNGP05.phx.gbl>, erratic >>>>> @nomail.afraid.org says... >>>>>> >>>>>> "RossettoeCioccolato"<rossetoecioccolato(a)newsgroup.nospam> wrote in >>>>>> message news:OkrBl5wvKHA.6140(a)TK2MSFTNGP05.phx.gbl... >>>>>>>> The installer will rewrite the MBR if no validity marker is found. >>>>>>> >>>>>>> And if there is a valid MBR that loads a valid rootkit...? >>>>>> >>>>>> Then I presume that Leythos' "wipe" wipes out the valid marker (he >>>>>> wrote >>>>>> "wipe" and I know that he knows what that entails). If you just go to >>>>>> install without wiping, the MBR might not be touched. Probably any >>>>>> rootkit hiding code in the MBR would also have to have relocated some >>>>>> MBR code to another area of the disk to function properly during >>>>>> boot - >>>>>> so, this other area of the disk must also go untouched for the >>>>>> rootkit >>>>>> to work. >>>>> >>>>> What's the point of "Wiping" a drive if you leave anything that could >>>>> contain malware? >>>> >>>> You mean like flashable firmware? :oD >>> >>> Didn't we have a discussion about this once before? It is impossible >>> for controlled malware to flash the BIOS ** - isn't it?!! >>> >>> >>>> I guess BD overlooked the fact that you wrote both "wipe...entire..." >>>> and "wipe...completely" in your post before even mentioning the Windows >>>> CD. :o) >>> >>> >>> By all means take the p*ss, but I overlooked nothing. Leythos has >>> previously said that he is a 'professional' and I have no reason to >>> doubt that. However ..... >>> >>> Many *readers* of this group will be *less* than 'expert' at computing >>> and might well assume that using a Windows CD to re-install the >>> operating system is the *only* action needed to trounce malware. I >>> most certainly did many moons ago. >>> >>> My question was posed simply to leave no doubt at all for any less >>> experienced folk that the MBR should always (IMO) be replaced when >>> 'wiping' a hard drive. >>> >>> -- >>> Dave - Re: ** the Chinese are damn clever you know! >> >> As a "less" then "expert" at computing, I want to really expose my >> ignorance and ask - what exactly is MBR? > > > No problem :) > > Take a look here Phyllis: > http://en.wikipedia.org/wiki/Master_boot_record > > HTH > > -- > Dave - just a user like you! > Thanks guys!
From: David H. Lipman on 9 Mar 2010 17:10 From: "Andy Medina" <gmedina(a)email.arizona.edu> | An important step in cleaning out unwanted stuff (virus/trojan/worm/etc) is | to turn off System Restore. No, not really. I used to think that but, no more. Having the System Restore cache working (many forms of malware disable or corrupt it) allows one to have a fall back position when cleaning malware. It is better to have a infected PC that's running than a PC that BSoD's or have some other fatal problem. After the PC has been cleaned you can dump the System Restore cache and subsequently re-enable it. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 9 Mar 2010 19:37
"~BD~" <BoaterDave.is(a)hotmail.co.uk> wrote in message news:_MmdnYvVafRRxwvWnZ2dnUVZ8oCdnZ2d(a)bt.com... > FromTheRafters wrote: >> "~BD~"<BoaterDave.is(a)hotmail.co.uk> wrote in message >> news:fuOdnb2GJpT22AvWnZ2dnUVZ8ridnZ2d(a)bt.com... >> >> [...flashable firmware...blah, blah, blah ] >> >>> Didn't we have a discussion about this once before? It is impossible >>> for controlled malware to flash the BIOS ** - isn't it?!! >> >> Controlled malware? > > Is your Google b0rken? ;) > > Try here for starters: > http://www.readwriteweb.com/archives/botnet_commanded_by_google_groups.php (remembering Vecna's Hybris and its encrypted plug-ins being obtained from posted a.c.v. articles) I suspected that was what you meant, but why would "controlled malware" be any different than any other malware with respect to the ability to flash firmware. Also, it must be considered that command and control can also mean that there is the ability to completely change the programming of the bots themselves - add new functions or change it to a completely redesigned node. [...] > Your other comments noted and accepted. I do not wish to pursue > further! > > Thank you for not simply ignoring me! :) You're welcome, Dave. |