Re: Do I have a virus?


"FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx> wrote in message
news:ONaHNtGRJHA.588@xxxxxxxxxxxxxxxxxxxxxxx

"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:erwON2ERJHA.420@xxxxxxxxxxxxxxxxxxxxxxx

"FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx> wrote in message
news:eD6oUjERJHA.1164@xxxxxxxxxxxxxxxxxxxxxxx


<snip>

However, 1PW disagrees with you FTR. He (?) said::-

"All good computer technicians will tell you:

During a proper "level and rebuild" operation, absolute strict
adherence
to best industry practices and due diligence would have erased and
protected the system from any malware proliferation.

Under the same rules as above, restoring the system from known good
media will render a clean, malware free system. Guaranteed, and
without
further qualification".

I'm no guru, but I think he's wrong (sorry Pete!)



He is not incorrect.

Have you time to explain, FTR?

Maybe I mis-understood.

I thought we had established that ........ um ....... 'code' *could*
remain (somewhere) within a machine (even if a shiny brand new hard disk
was installed) - albeit inactive -

So far so good, but here's where you might have misunderstood.

*until*. just possibly, it could join forces with additional elements
captured from the Internet.

Any foreign code residing in EEPROM would still run during boot.
Any code that belonged there but had been relocated to disk by the
infecting malware, wouldn't (obviously). You end up with corruption
in EEPROM but no malware.

If there is malware ITW actively flashing EEPROM then a *proper*
[whatever he said] with *strict adherence* to [what he said] would
have to include reflashing EEPROMs with the proper code.

It seems he chose his words carefully.

He also didn't suggest bringing back any programs from outside of
the "known good media". At that point it is as free of malware as it
was when new. His statement is correct.


Thank you for explaining in more detail, FTR. :))

I've subsequently spent much time today 'Googling' - and learning new
things!

Now I'm wondering if there is some way that I could read the 'instructions'
stored in the EEPROM - BIOS chip in my previous vocabulary (!). Perhaps you
will advise if this is possible and, if so, just how I may do so.

I really do appreciate you helping me to understand these matters. Thanks
again.

Dave

--


.

Relevant Pages

  • Re: Do I have a virus?
    ... During a proper "level and rebuild" operation, ... protected the system from any malware proliferation. ... remain within a machine (even if a shiny brand new hard disk ... Any foreign code residing in EEPROM would still run during boot. ...
    (microsoft.public.security.virus)
  • Re: Do I have a virus?
    ... Any foreign code residing in EEPROM would still run during boot. ... infecting malware, wouldn't. ... most malware just lives on one's hard disk drive. ... Anything worth doing, is worth doing right. ...
    (microsoft.public.security.virus)
  • Re: Do I have a virus?
    ... Any foreign code residing in EEPROM would still run during boot. ... infecting malware, wouldn't. ... have to include reflashing EEPROMs with the proper code. ... most malware just lives on one's hard disk drive. ...
    (microsoft.public.security.virus)
  • Re: Cowboys herding cats
    ... But new classes of zero-day exploits are much rarer, and proper ... precautions stop the others. ... All it takes is one sample of the malware to ...
    (rec.arts.sf.fandom)
  • Re: [bug] e100 bug: checksum mismatch on 82551ER rev10
    ... You should contact the hardware vendor and have the board replaced or upgraded ... with a proper EEPROM. ... Intel provides the vendors with the proper tools to make valid EEPROMs, the driver checks them for a very good reason. ...
    (Linux-Kernel)