What a virus does/how to get rid of

Help and Discussion

Moderator: The Mod Squad

Postby audiobliss » Wed Mar 02, 2005 4:46 am

Wow, thanks guys! I will be sure to ask if he still has all the disks that came with it....I sure hope so.

ctrl+scroll.....lol....neat....
audiobliss
Green Belt
Green Belt
 
Posts: 116
Joined: Thu Feb 24, 2005 2:01 pm
Location: NC, USA

Postby kltsin » Wed Mar 02, 2005 10:21 pm

EmilyB wrote:
kltsin wrote:
EmilyB wrote:
kltsin wrote:
EmilyB wrote:
Purplejulia wrote:Are you reinstalling the OS? Doesn't a fdisk / format / reinstall get rid of everything?
Or am I being over-optimistic... :D


A reformat would indeed kill everything, if that is what the user wants to do.


Not true, there are memory resident virus's but they are pretty weak and easily removed with working updated AntiVirus.


RAM is cleared when the machine is shut down, and if the HDD is reformatted the "loader" program is removed :?

The only exception is CMOS viruses, but modern BIOSes take care of this anyway.

Please prove me wrong, because youve totally confused me.


Any bios can be attacked, its not a strong attack as I stated earlier they are weak.
There may be a hidden boot partition on a drive that can be attacked as well that an fdisk cant touch. Neither are common but do happen from erroneous files.
There is a bug that would infect floppys as well, for the sole purpose of infecting a boot diskette to transfer a virus onto a freshly formatted HD.

Really dont sweat any of the above. Its very very unlikely now a days, all AV will show the infections with a full scan and are easily removed..


Well since I didnt mention the use of floppies or using FDisk then, indeed thats what I thought. A total and complete format (delete and recreate all partitions as per a WindowsXP setup) will suffice. Thank you.


Incorrect again :P
Hidden boot partitions arent affected by a fdisk or XP install.. Even with a complete reformat XP or Fdisk wont touch a hidden partition which used to have some bugs installed on them. The same goes for the bios as older compaqs used to save bios information in a hidden block on the hard drive..
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl

Postby EmilyB » Thu Mar 03, 2005 1:05 am

kltsin wrote:
EmilyB wrote:
kltsin wrote:
EmilyB wrote:
kltsin wrote:
EmilyB wrote:
Purplejulia wrote:Are you reinstalling the OS? Doesn't a fdisk / format / reinstall get rid of everything?
Or am I being over-optimistic... :D


A reformat would indeed kill everything, if that is what the user wants to do.


Not true, there are memory resident virus's but they are pretty weak and easily removed with working updated AntiVirus.


RAM is cleared when the machine is shut down, and if the HDD is reformatted the "loader" program is removed :?

The only exception is CMOS viruses, but modern BIOSes take care of this anyway.

Please prove me wrong, because youve totally confused me.


Any bios can be attacked, its not a strong attack as I stated earlier they are weak.
There may be a hidden boot partition on a drive that can be attacked as well that an fdisk cant touch. Neither are common but do happen from erroneous files.
There is a bug that would infect floppys as well, for the sole purpose of infecting a boot diskette to transfer a virus onto a freshly formatted HD.

Really dont sweat any of the above. Its very very unlikely now a days, all AV will show the infections with a full scan and are easily removed..


Well since I didnt mention the use of floppies or using FDisk then, indeed thats what I thought. A total and complete format (delete and recreate all partitions as per a WindowsXP setup) will suffice. Thank you.


Incorrect again :P
Hidden boot partitions arent affected by a fdisk or XP install.. Even with a complete reformat XP or Fdisk wont touch a hidden partition which used to have some bugs installed on them. The same goes for the bios as older compaqs used to save bios information in a hidden block on the hard drive..


If we were talking about the same issues. I might agree with you! :?

Disagreeing with you, is not the same as being wrong.
:roll:
EmilyB
 

Postby audiobliss » Thu Mar 03, 2005 10:45 am

What is a hidden boot partition?
audiobliss
Green Belt
Green Belt
 
Posts: 116
Joined: Thu Feb 24, 2005 2:01 pm
Location: NC, USA

Postby EmilyB » Thu Mar 03, 2005 12:18 pm

audiobliss wrote:What is a hidden boot partition?


Sometimes partitions can become corrupt in a way that under some cirumstances they are not "seen" by their operating system. All the cases ive seen this usually happens to partitions formatted with a FAT16/32 file system and not NTFS. For example I have in the past used a program called "Drive Image" to create images of several operating-systems on one match; swapping between them one at a time. Under these conditions I have had times were Ive "lost" my partitions but it only ever happened with Windows95, Windows98/SE and WindowsME, and never with a NTFS operating-system. Therefore I see no problem with using the WindowsXP CD to recreate, delete format or whatever any partition on any hard drive. IMHO it works everytime. At least the 100,000,000 times ive done it, but maybe that was all just a lucky co-incidence.
EmilyB
 

Postby snap355 » Thu Mar 03, 2005 12:19 pm

Also hidden partitions are used by mfg to create a section for drivers for OS to pull from to help aid in os recovery
[url=http://www.motherboards.org/folding/index.html] Lend a hand and help with the folding project. Come join our 33258 team!

Image
[/url]
snap355
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 9258
Joined: Mon Sep 13, 2004 3:22 pm
Location: 33258

Postby EmilyB » Thu Mar 03, 2005 12:21 pm

snap355 wrote:Also hidden partitions are used by mfg to create a section for drivers for OS to pull from to help aid in os recovery


That sounds bad 8O

How are they viewable and modified?
EmilyB
 

Postby snap355 » Thu Mar 03, 2005 12:23 pm

Well if you look at the boot.ini file, there partition numbers and such that tells it where to boot. The same could be applied to partitions that say "Dell" uses to load the drivers from to speed up install time and such
[url=http://www.motherboards.org/folding/index.html] Lend a hand and help with the folding project. Come join our 33258 team!

Image
[/url]
snap355
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 9258
Joined: Mon Sep 13, 2004 3:22 pm
Location: 33258

Postby EmilyB » Thu Mar 03, 2005 12:25 pm

snap355 wrote:Well if you look at the boot.ini file, there partition numbers and such that tells it where to boot. The same could be applied to partitions that say "Dell" uses to load the drivers from to speed up install time and such


Ok so its a "valid" partition? So if you use a WindowsXP CD you could delete and recreate it?
EmilyB
 

Postby snap355 » Thu Mar 03, 2005 12:28 pm

Yes you could delete and recreate it with wxp or any other partitioning software. However in doing so, you lost all drivers and apps that came with PC
[url=http://www.motherboards.org/folding/index.html] Lend a hand and help with the folding project. Come join our 33258 team!

Image
[/url]
snap355
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 9258
Joined: Mon Sep 13, 2004 3:22 pm
Location: 33258

PreviousNext

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest