Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ENTIRE HDD Erased!

18 Dec 2009   #61
gregrocker

 

Quote   Quote: Originally Posted by MacGyvr View Post
I've never had to zero a drive to remove a trojan or virus and I've been doing it for 15+ years. Your mileage may vary.
My understanding is zeroing isn't to remove infections but to reinstall cleanly when using a previously infected HD.


My System SpecsSystem Spec
.
18 Dec 2009   #62
pallesenw

Windows
 
 

Quote   Quote: Originally Posted by gregrocker View Post
Zeroing was the full format offered (and used by most tech enthusiasts) in XP and before. It was removed in Vista.
Uhm, no. Zeroing was introduced with Vista

Change in the behavior of the format command in Windows Vista

"The format command behavior has changed in Windows Vista. By default in Windows Vista, the format command writes zeros to the whole disk when a full format is performed. In Windows XP and in earlier versions of the Windows operating system, the format command does not write zeros to the whole disk when a full format is performed."
My System SpecsSystem Spec
18 Dec 2009   #63
gregrocker

 

Quote   Quote: Originally Posted by pallesenw View Post
Quote   Quote: Originally Posted by gregrocker View Post
Zeroing was the full format offered (and used by most tech enthusiasts) in XP and before. It was removed in Vista.
Uhm, no. Zeroing was introduced with Vista

Change in the behavior of the format command in Windows Vista

"The format command behavior has changed in Windows Vista. By default in Windows Vista, the format command writes zeros to the whole disk when a full format is performed. In Windows XP and in earlier versions of the Windows operating system, the format command does not write zeros to the whole disk when a full format is performed."
I may be wrong about Vista. I don't go there often, and thought the quick format began then.

But what was the full format in XP?

Heard a lot of complaining when it was dumped in Win7, that it had been zeroing.
My System SpecsSystem Spec
.

18 Dec 2009   #64
pallesenw

Windows
 
 

A full format in xp was just quick format plus scanning for bad sectors. Nothing more.
My System SpecsSystem Spec
18 Dec 2009   #65
gregrocker

 

Differences between a Quick format and a regular format during a "clean" installation of Windows XP

Damn. I always thought it was zeroing when it was chkdsk'ing.

Thanks for clarifying that.

In your opinion, is there any advantage to zeroing?

Some still advise doing it for infected HD's. Wonder why?
My System SpecsSystem Spec
18 Dec 2009   #66
CrashOverride

Windows 7 Ultimate 64bit
 
 

Best you can do at this point since all the messed up, is do a complete reformat/reinstall. Get a decent firewall like comodo firewall (it's free and works great). And leave UAC turned on (default settings) just in case. Also a basic antivirus like Microsoft Security Essential (free and effective). And be careful of what you download. The Adobe CS4 master collection was that pirated? If so possibly there might have been a virus in there. Also that keylogger...might want to get rid of it! Also while browsing try to use firefox as much as possible with addons like "No script", "Adblock Plus", and "WOT" these addons come in as a very handy security measure while surfing the web. No script will block all unwanted scripts. Adblock will block all stupid adds which could lead to malware. And WOT (web of trust) will warn you of dangerous websites.
My System SpecsSystem Spec
18 Dec 2009   #67
IggyAZ

Windows 7 Ultimate (64 bit)
 
 

I read most of the messages here. I really sorry to hear about your computer and HD.
One thing I would like to say is that it seems that your HD gets reinfected each time.
I would suggest you scan all the CD's or DVD's you have and used to install your Projects.
I think you have maybe copied the bad stuff when you made your backup copies.
Good luck and keep us posted on your progress.
My System SpecsSystem Spec
18 Dec 2009   #68
Tepid

Win 7 Ultimate 32bit
 
 

Quote:
In your opinion, is there any advantage to zeroing?
There is and isn't.

Zeroing can eliminate any data that may be accessible by addressing (ie. head, sector, blocks).
If a virus is capable of preforming such a task, then it could reinfect that way.
I do not know if zeroing hits the MBR, etc.

To be honest,, I have never had to zero a drive to eliminate a virus.
If i did it, it was just to wipe out all accessible regions of the drive. Just to make sure there was no data accessible to the OS or anything else. But then I learned about int13 debugging. Basically debug the HDD to set back to factory settings, as I understand it. But, this is not a good idea with Sata drive (i have read) and really bad idea on SSD.

(note: accessible regions) which brings up another caveat to the HDD realm that a lot of people don't know. When a HDD discovers a bad block, it marks that block as unusable. Whatever data was there when marked may get copied to a good block (if possible). That data remains and is never over-written by any software or other means cause the inner workings of the drive say that block no long exists. So, when you wipe a drive, those bad blocks never get touched. Forensics however, can read those blocks, so whatever data is there can be accessed.

In the newest drives, there is a built in command that you can invoke to wipe the entire drive including bad blocks. This won't make them not bad, but it will eliminate the data located there, or attempt to.

This article explains it better than I can.

and more importantly,, this one

and this

Cool eh?
My System SpecsSystem Spec
19 Dec 2009   #69
stevieray

windows 7 x64 Home Premium
 
 

Quote:
(note: accessible regions) which brings up another caveat to the HDD realm that a lot of people don't know. When a HDD discovers a bad sector, it marks that sector as unusable. Whatever data was there when marked may get copied to a good sector (if possible). That data remains and is never over-written by any software or other means cause the inner workings of the drive say that sector no long exists. So, when you wipe a drive, those bad sectors never get touched.
I wonder if that could be used by a virus to hide in. Trick the HD into thinking that sector is "bad", until it wants to activate itself. Then it could trick the drive again, this time declaring the sector "good" and emerge from its safe cocoon.
My System SpecsSystem Spec
19 Dec 2009   #70
Tepid

Win 7 Ultimate 32bit
 
 

Quote:
I wonder if that could be used by a virus to hide in. Trick the HD into thinking that block is "bad", until it wants to activate itself. Then it could trick the drive again, this time declaring the sector "good" and emerge from its safe cocoon.
To my knowledge you can not set a bad block as good once it is marked as bad by the drive.

Every HDD is alloted a certain number of bad blocks before the HDD will begin to fail or produce errors of eminate failure.

Every HDD already has bad blocks on the drive and there is no way (that I know of) to know how many Bad Blocks exist on new drives. But it is well under what is allotted. You would need to do more research if you want more info on this. I am going off of old memory here.

The only way to make a Block completely disappear (like bad block marking) is by the drive setting the block bad. Otherwise the sector is visible to any software. I could be wrong, or there is some secret black ops type thing, but if it were known,, I think it would common knowledge an we would see software designed to use such a trick for security reasons other than encryption.

You can hide sections of the drive by partitioning and hiding the partition, yes. But this is not the same thing.

Which is also why you need to use the Drives Built-in Secure Erase feature to wipe bad sectors also.

I keep saying Sectors,,, it should be Blocks.... I am going to fix it,, but if you see sector in my previous posts, then I probably actually mean Block
My System SpecsSystem Spec
Reply

 ENTIRE HDD Erased!




Thread Tools




Similar help and support threads
Thread Forum
Erased D partition recovery
Hi I have accidentally erased my D partition wile I was installing a fresh copy of W7. I'll walk you throw the hole ordeal.First I deleted and than formatted and then again deleted the partition in question so can I recover anything from that partition now and can I do it my self since profesional...
Hardware & Devices
Everything looks erased
Hi,I have a problem with my PC. everything on the monitor look like a fluding just crossed on my descktop. What should I do?
General Discussion
Erased password: Can't log in!
I erased my password through the control panel in XP mode in hopes of not ever having to enter the password. Now when I try to log-on, I get this message: Old password: The system cound not log you on. Make sure your User name and domain are correct, then type your password again. Letters in...
Virtualization
Registry Erased
Help, I downloaded a registry cleaner only instead it wiped out my whole registry. I think it was a rogue. Anyhow when I start up my Windows 7 I can log in to my desktop but nothing works. All the shortcuts look like blank file icons, as well with all the shortcuts in the taskbar. Even when I...
General Discussion
One of my partitions erased please help.
i had my 500g c: drive partitioned into two partitions, lastnight i went on my computer and the D: partition was showing and and unformatted space when nothing on it.I then formatted it hoping my files would show up again but nothing.Would a partition file recovery program allow me to get my files...
Hardware & Devices
HELP! Entire Shared Directory erased after using XPM!
I had XPM set up to share a directory which is on one of my partitions used by my Win7 host environment. I was running an application which was saving a file to a subdirectory in that directory. I noticed the file write time was taking way too long, but it eventually finished. When I checked in...
Virtualization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:02.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App