New
#61
Last edited by gregrocker; 18 Dec 2009 at 20:37.
ENTIRE HDD Erased!
-
-
New #62
Uhm, no. Zeroing was introduced with Vista
Change in the behavior of the format command in Windows Vista
"The format command behavior has changed in Windows Vista. By default in Windows Vista, the format command writes zeros to the whole disk when a full format is performed. In Windows XP and in earlier versions of the Windows operating system, the format command does not write zeros to the whole disk when a full format is performed."
-
-
New #64
A full format in xp was just quick format plus scanning for bad sectors. Nothing more.
-
New #65
Differences between a Quick format and a regular format during a "clean" installation of Windows XP
Damn. I always thought it was zeroing when it was chkdsk'ing.
Thanks for clarifying that.
In your opinion, is there any advantage to zeroing?
Some still advise doing it for infected HD's. Wonder why?
-
New #66
Best you can do at this point since all the messed up, is do a complete reformat/reinstall. Get a decent firewall like comodo firewall (it's free and works great). And leave UAC turned on (default settings) just in case. Also a basic antivirus like Microsoft Security Essential (free and effective). And be careful of what you download. The Adobe CS4 master collection was that pirated? If so possibly there might have been a virus in there. Also that keylogger...might want to get rid of it! Also while browsing try to use firefox as much as possible with addons like "No script", "Adblock Plus", and "WOT" these addons come in as a very handy security measure while surfing the web. No script will block all unwanted scripts. Adblock will block all stupid adds which could lead to malware. And WOT (web of trust) will warn you of dangerous websites.
-
New #67
I read most of the messages here. I really sorry to hear about your computer and HD.
One thing I would like to say is that it seems that your HD gets reinfected each time.
I would suggest you scan all the CD's or DVD's you have and used to install your Projects.
I think you have maybe copied the bad stuff when you made your backup copies.
Good luck and keep us posted on your progress.
-
New #68
There is and isn't.In your opinion, is there any advantage to zeroing?
Zeroing can eliminate any data that may be accessible by addressing (ie. head, sector, blocks).
If a virus is capable of preforming such a task, then it could reinfect that way.
I do not know if zeroing hits the MBR, etc.
To be honest,, I have never had to zero a drive to eliminate a virus.
If i did it, it was just to wipe out all accessible regions of the drive. Just to make sure there was no data accessible to the OS or anything else. But then I learned about int13 debugging. Basically debug the HDD to set back to factory settings, as I understand it. But, this is not a good idea with Sata drive (i have read) and really bad idea on SSD.
(note: accessible regions) which brings up another caveat to the HDD realm that a lot of people don't know. When a HDD discovers a bad block, it marks that block as unusable. Whatever data was there when marked may get copied to a good block (if possible). That data remains and is never over-written by any software or other means cause the inner workings of the drive say that block no long exists. So, when you wipe a drive, those bad blocks never get touched. Forensics however, can read those blocks, so whatever data is there can be accessed.
In the newest drives, there is a built in command that you can invoke to wipe the entire drive including bad blocks. This won't make them not bad, but it will eliminate the data located there, or attempt to.
This article explains it better than I can.
and more importantly,, this one
and this
Cool eh?Last edited by Tepid; 19 Dec 2009 at 15:18.
-
New #69
I wonder if that could be used by a virus to hide in. Trick the HD into thinking that sector is "bad", until it wants to activate itself. Then it could trick the drive again, this time declaring the sector "good" and emerge from its safe cocoon.(note: accessible regions) which brings up another caveat to the HDD realm that a lot of people don't know. When a HDD discovers a bad sector, it marks that sector as unusable. Whatever data was there when marked may get copied to a good sector (if possible). That data remains and is never over-written by any software or other means cause the inner workings of the drive say that sector no long exists. So, when you wipe a drive, those bad sectors never get touched.
-
New #70
To my knowledge you can not set a bad block as good once it is marked as bad by the drive.I wonder if that could be used by a virus to hide in. Trick the HD into thinking that block is "bad", until it wants to activate itself. Then it could trick the drive again, this time declaring the sector "good" and emerge from its safe cocoon.
Every HDD is alloted a certain number of bad blocks before the HDD will begin to fail or produce errors of eminate failure.
Every HDD already has bad blocks on the drive and there is no way (that I know of) to know how many Bad Blocks exist on new drives. But it is well under what is allotted. You would need to do more research if you want more info on this. I am going off of old memory here.
The only way to make a Block completely disappear (like bad block marking) is by the drive setting the block bad. Otherwise the sector is visible to any software. I could be wrong, or there is some secret black ops type thing, but if it were known,, I think it would common knowledge an we would see software designed to use such a trick for security reasons other than encryption.
You can hide sections of the drive by partitioning and hiding the partition, yes. But this is not the same thing.
Which is also why you need to use the Drives Built-in Secure Erase feature to wipe bad sectors also.
I keep saying Sectors,,, it should be Blocks.... I am going to fix it,, but if you see sector in my previous posts, then I probably actually mean Block
Quote
Related Discussions