How do I *completely* kill all files when re-installing

shiphen said:

Jav, I'm not precisely sure what you mean by a "custom install" but yes I booted of the DVD and I found a screen that said "Where would you like to install Windows7?" (or something similar) and on that screen I tried everthing: I asked it to format the partitions and nothing much seemed to happen. I deleted all partitions and recreated them again. At one point when I asked it to format a partition it paused for about 4 or 5 seconds - but clearly not long enough to do any kind of serious formatting!

What still slightly worries me is that at the time of re-creating partitions, Windows7 grabbed about 100GB for its system files (or something). Sure enough my hard disk (a 500GB Seagate - model: ST3500320NS) now says that the C: drive's capacity is only 465GB rather than 500GB. And I was slighty suspicious that Windows7 might have been lazy and that the hidden partition might not have been formatted/rebuilt.

It is probably just me being paranoid... but there again if I was a virus author (which for the record I certainly am not!) then I would certainly be exploiting any such weaknesses of Windows7.

ok, I see you did quick Format..
Let me explain some basics:

There are 3 types of Format:
1. High level format (AKA quick format) (type done by Windows)
2. Mid level Format (some people refer to it as Low level) (done by 3rd party software)
3. Low level Format (done only by manufacturers, as if wrongly used my break your HD)

So, you did 1. High level format.

Wikipedia said:

A high-level format procedure is sometimes performed on a functioning disk to erase the contents of the hard drive. This is commonly termed a "reformat". While this may not completely erase all data from the drive , it erases critical areas, such as the boot sector and partition table. This gives the appearance of an empty disk to the operating system, making any existing contents unavailable by normal methods.

So, High level Format will not erase all Data, but just mark sector as available, but OS can't access it. Some special programs can access and recover date from High level format.

Wikipedia said:

As with regular deletion, data on a disk is not fully destroyed during a high-level format. Instead, the area on the disk containing the data is merely marked as available (in whatever file system structure the format uses), and retains the old data until it is overwritten.

So, Windows will mark the sectors as empty and available to use, and when OS will try to write something on it, it will erase it and then write.

2. Mid-level format. (also referred as Wipe)
It will fill sectors either with 1s or 0s...
So it will Actually erase the Data from HD.

Now coming to your question, can virus survive High level format?
hmm... You will get different answers as it's complicated subject.
In theory, yes it can..

Let's see what happens.
1. Windows will do high level format and mark whole HD as empty and available.
2. So Virus still on HD but inaccessible by normal means
3. You reinstall Windows.
4. It may erase your virus, If Windows will be installed on that sector (as when Data written on High level formatted sector it will first erase inaccessible Data on it.)
5. You install write your programms and Data, It may erase virus (According to above rule)
6. Let's suppose virus still survived.
OS (Windows) can't see or access it as it sees it as empty space.
That means OS can't execute it, so it can't do any harm by itself.
So according to some theories even if virus physically on HD it can't do anything as it's inaccessible for OS and just like ghost which will be overwritten and erased when it's sector (place) used...
7. Theory number 2.
There are some programs which can get (recover) Data from High level formatted HD.
As Data is physically there.
So theoretically Virus can be recovered aswell.
But there comes some obstacles:
Firstly, Virus can't recover itself as it can't access OS or execute.
So it should be recovered by 3rd party software:
1. If you use some special program and recover erased Data (which you will not do)
2. Special virus targeted to recovering that particular virus from High level format.

We will forget First option, as you will not do it.

Second option...
As you can see it's theoretically possible to virus survive and reactivate after High level format.
But in my opinion it's far fetched theory for home-user.
Why?
Because:
1. In order to Virus recovered you should AGAIN get infected by Special virus-recoverer
2. It should be special virus so it Should know what and where from to recover
3. It's unusual to you get infected by both of those special viruses
4. This theory will probably work only on targeted attacks
5. Very uncommon for Home user getting this kind of targeted attack.
6. As far as I know, this has never has been seen on the wild.

But in theory it's possible.
If you are getting Targeted attack it will be a lot easier for virus write to target BIOS viruses. (That can't be killed even by mid-level HD formats or even low level as it targets BIOS not HD)
more info on BIOS virus:
New BIOS Virus Withstands HDD Wipes - Tom's Hardware

Still BIOS virus is uncommon aswell.
But I am not security expert but just computer enthusiast So I am may be wrong on some points.

shiphen said:

Sure enough my hard disk (a 500GB Seagate - model: ST3500320NS) now says that the C: drive's capacity is only 465GB rather than 500GB. And I was slighty suspicious that Windows7 might have been lazy and that the hidden partition might not have been formatted/rebuilt.

ok, Let me explain Why it shows 465GB instead of 500GB

You see you Manufacturer defines storage by SI prefix, according to which 1 GB=1000000000 bytes (10^9)
But most OS s including Windows difeines storage on Binary prefix which is 1 GB= 1073741824 bytes (2^30)

on simple terms:
For manufacturer: 1 KB = 1000 bytes = 10^3
For OS: 1 KiB= 1024 bytes = 2^10 (Althought it will still say KB instaled of KiB)

So according to this rule:
For Manufacture:
1 GB = 1000^3 = 1000000000 bytes
500 MB = 1GB/2 = 500000000 bytes
For OS:
1 GiB = 1024^3 = 1073741824 bytes

500000000/1073741824 = 0.4656661 GB
0.4656661 GB * 1000 = 465.666 MiB

Now you see why it shows 465 MB instead of 500 MB

Hope you will understand me.

Jav - thanks for all that - all quite interesting.
But you miss an important point which is that Windows7 itself told me it was reserving space for a special partition, which I now cant actually see. So what happened to that partition?

shiphen said:

Jav - thanks for all that - all quite interesting.
But you miss an important point which is that Windows7 itself told me it was reserving space for a special partition, which I now cant actually see. So what happened to that partition?

Yes, If you create Partitions while installing Windows, it will create 100 mb (note MB not GB as you said before) hidden partition.
This partition holds your boot and recovery files and also used by BitLocker.

If you preparation your HD (create partitions before installing) then you will not get this partition.

If you don't want it you can delete it.
But this way:
Backup!!! As if something goes wrong you may lose everything

1. Boot into bootable partition manager (like Partion Wizard Free Download Partition Wizard)
2. Delete that hidden partition.
3. Add free space to another partition.
4. Set your Windows drive as active.
5. Boot into Windows installation CD and choose Startup recover (people say you should try 3 times )

And there you go.

But if you are unsure, Don't do it! Leve it alone, it will not hurt you! Many people just left it as it is, and it's recommended leaving it unless you have to!

Ah MB not GB - yes that explains quite a lot!

Yes I think I should leave it alone... UNLESS that is Windows7 is likely to have left it in place from the previous installation (in which case - call me paranoid - it might have become infected...!)

no, it's not left from previous installation.
It was created after format while installing Windows.

OK cool - that about wraps it up - thanks so much for your help everyone.

However one more thing before I go....

My other computer at home is a Lenovo laptop (T60) running WinXP Pro.

Background:
I am using my Lenovo laptop to run all sorts of anti-virus/anti-malware utilities across another copy of all my data. (And interestingly enough when X1 desktop search spiders my archived Outlook(2003) PST files, Avast and MSE start going nuts talking about viruses! So I have now found various viruses lurking in my PST files and I have deleted the relevant emails on both of my PCs. But installing and uninstalling a series of different anti-viral applications will no doubt do nasty things to my Registry (because un-installing applications in Windows almost *never* seems to be a clean process!)

Question:
When the time comes to format the hard disk of my Lenovo laptop,
A). Should I ALSO format the special WindowsXP partition that WindowsXP arrive in (no WindowsXP CDs came with the machine at time of purchase)? (e.g. I could do a low level format using KillDisk off a CD, presumably)

B). If I do a KillDisk and completely format the ENTIRE hard disk, what is then the best way for me to get another copy of WindowsXP? (I do have access to an OEM version of WindowsXP from the Office, but obviously it will have the wrong installation code details?? (i.e. incorrect serial number/installation code details/ "product key"/"License number" or whatever... etc).
So should I take note of the number under Control Panel > System Properties > General Tab and then phone up Microsoft (UK) after I have attempted to install the thing?

Ummmm...Yes? J/K. I found this interesting because I was in a similar situation as well. Infected, pissed (not drunk), pissed (drunk) and very paranoid. It's all very complex yet simple at the same time. I'm learning as I go, so thanks to all!! Funny how there was no reply to the original's final post (Probably obvious to the SuperDupers, but maybe not to those who are newer here than myself, yeah?).

Raise him to Corporal!! Cheers