Re: Boot sectors and virii
- From: "Lil' Dave" <spamyourself@xxxxxxxxx>
- Date: Wed, 22 Jun 2005 12:35:30 -0500
"Croaker" <brianlane@xxxxxxxxxxx> wrote in message
news:MPG.1d22777cc4f0c4898968c@xxxxxxxxxxxxxxxxxxxxxxx
> Are there virii/trojans that will survive a format and reinstall of
> Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> previous install of XP and run through setup to reformat(NTFS) the
> entire partition and then reinstall XP, Does this not rewrite the master
> boot record, after wiping the partiion clean?
>
Formatting only resets the file table for a quick format, or writes a new
file table for the partition you're formatting (C:). Does nothing to any
other partition, or the master boot record.
The partition boot record incorporates the new file table in the process.
If there is a redirect in the parittion boot record to a boot sector virus,
then nothing changes. Not all boot viruses use this scheme.
> I ask this because when i clean XP boxes I have never had to resort to
> formatting and reinstalling. I usually can fix the installation. I was
> talking to some "techs" that insisted the only way to be sure you get
> rid of all trojans and virii is to do a low level format. I have never
Trojans don't affect the master boot record or the paritition boot record.
A very limited few viruses, a small handful, can inhabit the general disk
area where the master boot record is kept. But, not within the mbr itself.
They are extremely rare. A virus inhabiting the paritition boot record can
be removed by simply removing and restoring the partition that may be
infected. These are uncommon as well.
> had to resort to thirrd party stuff to fix windows, and these guys were
> the kind of guys who would reformat at the very hint of corruption.
Low level formats of ide hard drives are done at the factory only.
Writing zeroes, ones, or a combination, or a repeated combination is
typically referred to as a "medium" level format. Many unknowing users call
this a low-level format. The writes overwrite all on the hard disk writable
area including the area where the master boot record is stored.
> They never attempt to fix an XP installation they just reformat and
> reinstall. I think its some wierd throwback to the 98/ME era when
> formattiing was a way of life. Anyway I had no real world experience
> with an uncleanable boot sector virus that survived a clean and repair
> and maybe a MBR rewrite, let alone a format/install (without the disk
> wiping low level dealie). Are they speaking truth?
> --
> Thanks in advance
> Croaker
They're speaking the truth as they know it. My take on this is they want
your PC fixed so they can get you out the door the first time. The
so-called "low-level" format will take 24 hours or so, or more, and will do
it without user intervention after starting. And, it will result in a clean
hard drive irregardless of what underlying problems there were that
orginated from the original data on that hard drive. Depending on what's
infected on the PC, their ability to remove the infection harmlessly, and so
on, can cost many man hours and lessen their ability to work on many PCs at
the same time. Makes plain business sense to me..
.
- References:
- Boot sectors and virii
- From: Croaker
- Boot sectors and virii
- Prev by Date: Re: LSASS.EXE
- Next by Date: Re: Can somebody tell me How can I connect MIDI ports to the Sony Vaio
- Previous by thread: Re: Boot sectors and virii
- Next by thread: Color Management at the Bits & Bytes Level
- Index(es):
Relevant Pages
|
