Re: I've done both of these 'silly things'!

From: "FromTheRafters" <Erratic@xxxxxxxxx>
Date: Sun, 30 Mar 2008 17:48:58 -0400

"~BD~" <BoaterDave@xxxxxxxxxxxxxx> wrote in message news:%23t19DoqkIHA.1680@xxxxxxxxxxxxxxxxxxxxxxx

"FromTheRafters" <Erratic@xxxxxxxxx> wrote in message news:uTueJUqkIHA.484@xxxxxxxxxxxxxxxxxxxxxxx

"~BD~" <BoaterDave@xxxxxxxxxxxxxx> wrote in message news:uY7fSHmkIHA.2396@xxxxxxxxxxxxxxxxxxxxxxx
<snip>
The virus could reside in the boot code, which 'format' wouldn't touch.
You would effectively lose all data stored as files, while format went
about its business sprucing up the underlying structure. Kind of like
tightening up bookshelves to make them ready for some new books.
The boot code isn't stored in a file, so is unaffected by formatting.

Thank you for your response. I'm beginning to understand! :)

Have you any idea how one may remove a virus from the boot code? TIA.

Sure, you overwrite/replace the correct code where it belongs. The trouble
is that sometimes you need part of the malicious code to recover your data
from the malware. Say for instance the virus encrypted some of your files, and
you decide to overwrite the boot code (stomping on the virus) then reboot only
to find the algorithm and 'key' to recovering your data was also stomped on.

...also consider that some of your backups may have been affected if the malware
was there long enough.

The whole Fdisk/MBR thing just illustrates the old saw 'a little knowledge is a dangerous thing'.

.

Follow-Ups:
- Re: I've done both of these 'silly things'!
  - From: ~BD~

References:
- I've done both of these 'silly things'!
  - From: ~BD~
- Re: I've done both of these 'silly things'!
  - From: FromTheRafters
- Re: I've done both of these 'silly things'!
  - From: ~BD~

Prev by Date: Re: stubborn Keylogger !
Next by Date: Re: I've done both of these 'silly things'!
Previous by thread: Re: I've done both of these 'silly things'!
Next by thread: Re: I've done both of these 'silly things'!
Index(es):
- Date
- Thread

Relevant Pages

Re: OT-Malware/Virus-What to do
... I'll be reinstalling the malware or virus along with the files. ... format the drive and reinstall everything. ...
(rec.music.makers.guitar.jazz)
Re: Ive done both of these silly things!
... Have you any idea how one may remove a virus from the boot code? ... ..also consider that some of your backups may have been affected if the malware ... If one has been using a hard disk - and let us assume that it *has* been infected by a Mebroot virus - if one simply boots from a retail copy of XP with a view to reinstalling Windows XP, is the 'Format procedure' incorporated in the set-up programme sufficient to erradicate a virus attached to the code in the MBR? ...
(microsoft.public.security.virus)
Re: hard drive problem
... entire malware files. ... emails some and puts some in packets with LBA ... offsets, user detects virus and formats, new virus comes along and reads ... files, format, military wipe, shred disk ...
(microsoft.public.windowsxp.help_and_support)
Re: "The application failed to initialize properly (0xc0000006). Click on OK to terminate the applic
... computer which made me completely format my hd. ... My system is clean of any malware because I've formatted and run virus ... the dvdrw lets me explore some cds but it wont let me execute any ...
(microsoft.public.windowsxp.help_and_support)
Re: IE Hijack virus survived a full hard drive reformat
... The virus didnt survive your formating, ... BTW you cannot format your sys drive within win. ... > I spent the best part of the weekend trying to fix my PC after Internet ... > connection. ...
(microsoft.public.windowsxp.help_and_support)