Do I really need to wipe my HD and start over?

[power_hour]

I would go a step further and ditch the drive or never use it for an OS again, EVER.

The VM idea is good. I prefer not to answer my phone idea better. These jokers have called me a few times and I just say sorry I don't have a computer.

Funny world we live in.

 

[Muse]

I would go a step further and ditch the drive or never use it for an OS again, EVER.

The VM idea is good. I prefer not to answer my phone idea better. These jokers have called me a few times and I just say sorry I don't have a computer.

Funny world we live in.

I have a CD with DBAN on it, boot to it and the drive is wiped pretty thoroughly, I think. That wouldn't be safe? At DBAN's website it says DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware.

I'm getting way too many intrusive phone calls these days, but I've never heard of one such as I got a week ago. Wish I'd been hipped to these types of scam artists. Once burned twice shy, I'm going to be way tougher here on out.

I've been getting a lot of calls from people trying to get me to transfer my credit card debt. Now, I don't carry CCD, I pay off my CCs immediately and automatically, so I'm not even in these people's target space. I pressed "1" a couple of weeks ago to talk to a live person and their system hung up on me. I did it again when they called me a few days later, finally got a person and I told them I'm not in their target space, please don't call me, the guys says he's happy to do that, goodbyes. I get the same call a few days later. I am on the National Do Not Call List, so I don't know what gives with my getting these calls.

I have been getting occasional cold calls from people wanting me to contribute to charities, and I always make a quick bow out. I asked why they are calling me, being on the NDNCL and I was told that charities are an exception Last few were for children's charities (you're not going to turn your back on the kids, are you?) and cancer, I think.

It's pretty fucked up that you get so many calls these days that aren't by humans but by machines, at least I do.

 

[Muse]

Here's another idea. Remove the HD from the laptop and install it as a secondary drive in another machine and run AV software on it:
- - - -

Re: Removing rootkits

RE: Removing RootKits
"cyranodesade" wrote:

> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden files on a hard drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES

It will remove the root kit. However, it is not the best first thing to
try, as there are better and easier ways to both remove root kits and to reduce the risk of re-infection.

Most root kits in use nowadays have little to nothing to do with the MBR. In old days, some people suggested running FDISK /MBR was recommended as a virus removal method, but antivirus experts said this was a bad idea, and I still agree.

Besides the other suggestions you received... if you have two computers that are networked, using one known clean computer to virus scan the hard drive of the suspect computer will allow you to detect the root kits commonly used today. Root kits only hide objects from the infected local OS, not remote connections to that OS.

--

kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
- - - -

I have hardware that enables me to install this HD as a secondary drive on one of my other machines. I could run a full MSE scan on it. Wouldn't that ensure its freedom from infection? Now, the post quoted above was written in August 2007, which might be a factor. He did use the word "nowadays."

 

[TreyRandom]

I could run a full MSE scan on it. Wouldn't that ensure its freedom from infection?

Ensure its freedom from infection? No. Like I said before, there's nothing out there that catches absolutely everything (and even if they detect malware, they aren't always able to remove it). The only thing that will ENSURE it is clean is a full wipe and repartition.

MIGHT it be clean after you run MSE (or any other anti-malware app)? It might, yes. It might not. Like I said before, only you can determine whether you believe that's "good enough". I've seen firsthand the damage they can cause and how well they avoid detection and removal, so I now tend to err on the side of caution.

You can keep asking question after question, but the bottom line is this: you need to take whatever steps necessary to give you the confidence that the security of your computer is no longer compromised. Whatever level that is will be entirely your decision to make. We can simply tell you what we have experienced and let you make the decision on your own.

 

[Muse]

I fully understand it's my responsibility and I will not blame anyone here if things go wrong. I was wondering if what Karl Levinson, that MS MVP, said was true, that installed as a secondary drive, not the boot drive, and having MSE Full run against it would certainly eliminate a rootkit on the secondary drive. His contention was that it absolutely would. He said:

Root kits only hide objects from the infected local OS, not remote connections to that OS.

He was talking about running MSE on a network on the suspect drive. I'd imagine that running it in the same box but against the drive installed as a secondary drive would accomplish the same thing, and of course not running across the network would make the process many times faster.

 

[TreyRandom]

I fully understand it's my responsibility and I will not blame anyone here if things go wrong. I was wondering if what Karl Levinson, that MS MVP, said was true, that installed as a secondary drive, not the boot drive, and having MSE Full run against it would certainly eliminate a rootkit on the secondary drive. His contention was that it absolutely would. He said:

Root kits only hide objects from the infected local OS, not remote connections to that OS.

He was talking about running MSE on a network on the suspect drive. I'd imagine that running it in the same box but against the drive installed as a secondary drive would accomplish the same thing, and of course not running across the network would make the process many times faster.

You're not listening to what I'm telling you. MSE can indeed eliminate rootkits... but it can only eliminate the ones it is programmed to detect and eliminate. I'll repeat this once more before I give up: no anti-malware solution detects and repairs everything. It's simply not possible. New malware created today has no defense against it!

It doesn't matter whether he's an MVP, a CISSP, a CCSA, and an MCSE. With the exception of the MVP, I've had all those certs and more (as soon as my CISSP endorsement is validated). None of those titles matter. What matters is whether my statement is accurate that no antimalware app catches everything. Please, do your own research (instead of blindly trusting people simply because of their titles. Including me.)

For what it's worth, no, putting a drive as a secondary drive will not "accomplish the same thing", because a secondary drive is not a "remote connection" to that file system; it is being read locally by the host OS. But that doesn't change what I said, above. If you want to be 100% sure, there's only one way. If you're OK with being sorta-kinda sure, then by all means, use an antimalware app that can detect and remove KNOWN rootkits.

 

[TreyRandom]

And hey - during your research, if you DO manage to find the magical antimalware app that catches everything, including zero-day threats, be sure to let me know. I will want to install it on every system I manage!

 

[Muse]

OK, TreyRandom, point taken. I have my software in hand, the weather's good, I'm feeling fine, it'll be a busy day, I'll be OK. Thanks for the help. Have a good day yourself.

 

[dawks]

Yup, only way to know for certain is to format the drive and start fresh.

These calls are frustrating, and even worse, people are actually falling for it. The callers don't even know if you have a computer, much less one that's infected. Or just as difficult, if they some how find an infected computer, they have almost no way of finding a phone number for the owner of that computer without a court order. These are pure social engineering fishing attempts.

I guess the story goes, these Indians work in a call center doing tech support for various companies, Microsoft included, and after they are done their normal legitimate job, they switch over to scamming people, and apparently make good money doing it.

Hey Trey, I'm looking at getting CISSP.. Got a nice fat Shon book, and reading through it. Whats the exam process like? PM me if you get a chance! Thanks.

 

[Ketchup]

One of my previous jobs included removing malware from people's computers. It was a learning experience. I learned that there are situations where you do not have to reinstall windows, and there are many where you do. I have also learned that malware in general loves to hide in restore points. One of the first things I do when I see an infected computer is to delete all restore points. You have do temporarily turn off system restore to do this. Telling windows to delete restore points will not remove the most recent one. Then run all the anti-malware applications you trust to clean your system. I have learned over the years that some applications work much better than others, and the list of "good" ones can change from year to year.

Personally, I will format and start over if there is any doubt an infection on my own computer has not been removed. I keep everything backed up on a home file server (it only has access to my local home network), so the longest part here is re-installing my programs.

I am not going to sit here and tell you how you did something dumb. We all do things like that. I know I do dumb things. It's no big deal. Just learn from it. Taking the time to re-do your system might help you think twice when placed in a similar situation in the future.

 

[TreyRandom]

OK, TreyRandom, point taken. I have my software in hand, the weather's good, I'm feeling fine, it'll be a busy day, I'll be OK. Thanks for the help. Have a good day yourself.

Every day is a new challenge and a wonderful opportunity to do good in the world. And at the end of today, you'll be able to rest easy, because you will have the peace of mind that your computer is indeed free of malware.

Glad to be of assistance.

 

[Muse]

Taking the time to re-do your system might help you think twice when placed in a similar situation in the future.

Indeed, I realize that the process of reinstalling everything is my penance here, it helps drive home the lesson. I've now copied all the data from the HD to an external HD for copy back later and made a list of the installed programs, mostly from the Uninstall Programs list in Control Panel. Getting an appropriate set of drivers and utilities for the machine from Lenovo is not trivial, but I did it before, I'll just slog through it.

I've done the preparation for the most part. I'll look things over and try to determine if I've omitted any steps and proceed, starting with the Windows 7 install disk (Well, I might run DBAN first from a CD I have) and removal of the partitions, repartition and format. One question remains, being whether or not I should go with the default Windows 7 installation with its hidden 200MB partition. Last time I elected to work around that. I can't remember my reasoning. Some discussion on this is in the thread I started this morning:

Wiping a HD

 

[Ketchup]

Here's another idea. Remove the HD from the laptop and install it as a secondary drive in another machine and run AV software on it:

BTW, never try this approach unless you have everything backed up first. I have used this method on more than one occasion, and while it is a lot faster, it can render some badly infected system unbootable after the removal.

 

[SecurityTheatre]

May I ask a few questions? Is all this going on on the USB drive? When you say it's portable, I'm thinking a thumb drive. All this on a thumb drive? If so that obviously requires that the PC you boot from it is configured to boot from USB. I suppose it's all possible, 16GB and 32GB thumb drives are out there now and not very expensive. However, to do any of these _secure_ activities you'd need to boot from this thing, and if not already booted from it, you'd need to reboot the machine.

That all seems like a pretty insanely complicated rig.

Why have Windows 7 under Ubuntu? Why not just use Ubuntu live CD for banking if you're that paranoid?

Anyway, this seems overly paranoid.

 

[blankslate]

Military is just another welfare system these days. Its a totally unproductive (actually destructive) activity that gives inner city and broke rural ppl jobs. Hides under guise of national security so it's not going anywhere. Well..until we go broke.

This never rely solely on one security program. Have one resident av program that constantly monitors your computer and a couple of other programs that you can run on-demand to scan your computer from time to time.

For example I'm using Nod32 and even with it's excellent track record I run scans with malwarebyte's anti-malware and Super Anti-spyware a few times a week.

Ocassionally I'll track down a rootkit detection/removal program and run those as well.

 

[lxskllr]

That all seems like a pretty insanely complicated rig.

Why have Windows 7 under Ubuntu? Why not just use Ubuntu live CD for banking if you're that paranoid?

Anyway, this seems overly paranoid.

Depends. It's a creative way of using Windows anywhere you like if you need such a thing. Since the machine it's registered to is virtual, you can use it on any hardware that can run a VM. Personally, I'd just go with GNU/Linux, and forget Windows entirely.