Re: Does clean install of XP kill all malware?


"Juan I. Cahis" <jiclbch@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:o08qd1dhfoe3ta9qlnngg4hp74s3m77o44@xxxxxxxxxx
Dear Kerry & friends:

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote:

>How do you connect to the Internet? If it is via a network connection the
>cable must be physically unplugged while installing. It is possible for a
>virus to survive a format. I have not seen any versions of Sasser that
>infect the boot sector but it's certainly possible. A format won't help you
>with a boot sector virus. You must overwrite track 0. Most hard drive
>manufacturers have a utility to do this.

>That it interesting!!!

>Would be better if:

>1.- The disk is repartitioned prior it is reformatted, or
>2.- One issues the FIXMBR command.

>Would any of the above measures overwrite track 0?

If you boot from the hard drive the virus is active and could intercept
commands to overwrite it and make it seem like they worked. You need to boot
from a CD, floppy drive, USB drive etc. so the virus is not loaded. Any
program that will boot from a different media could be used. Linux, BartPe,
etc. would work. Most boot sector virii encrypt the original boot sector and
relocate it. Booting from the XP CD to the recovery console and using FIXMBR
could result in an unbootable disk. In addition the virus could have two
parts so there could still be part of it left active in the Windows
installation. Deleting all partitions and recreating them during a clean
install will work. A lot of unsophisticated users will not do this step
properly and the virus will still be active. The easiest and surest way is
to download a program capable of booting from removable media and
overwriting track 0.

Kerry


.

Relevant Pages

  • Re: BSOD possible Virus Issue
    ... > I am using Windows 2000 on serveral older machines. ... From all appearances the boot sector is corrupted. ... > Norton Antivirus is unable to find any boot sector or other virus. ... > (server 2000) that has two RAID disks I can see on the XP machine ...
    (microsoft.public.security.virus)
  • Re: [opensuse] Who said Linux doesnot get Virus infections
    ... Nothing to "execute" there. ... that most desktop linux users would use. ... Sounds like a virus to me. ... A boot sector virus is executed every time the computer is booted. ...
    (SuSE)
  • Re: Boot Sector Virus Removal
    ... | computer badly infected due to some virus including Boot Sector Virus. ... Download MULTI_AV.EXE from the URL -- ... This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Boot sector virus in Windows 2000
    ... I already booted to the recovery console and ... Fixboot and fixmbr, neither worked. ... Are there any free virus Win2K ... I doubt your problem is a boot sector virus. ...
    (microsoft.public.win2000.file_system)
  • Re: virus in boot sector?
    ... All that enabling "virus protection" in the BIOS does is prevent writes to ... the Boot Sector of the booting hard drive. ...
    (microsoft.public.security.virus)