Keylogger question.

[Dazeon]

Hey,

Does anyone know if it is possible for a keylogger to survive/persist a complete hard drive wipe using DBAN?

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

I ran the program with DoD short wipe and 3 passes from a bootable DVD.

The system only contains one drive.

As many answers as possible would be great.

 

[ultraplanet]

My vote would be no. Unless it is a hardware device built into the system.

 

[gamepro127]

Hey,

Does anyone know if it is possible for a keylogger to survive/persist a complete hard drive wipe using DBAN?

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

I ran the program with DoD short wipe and 3 passes from a bootable DVD.

The system only contains one drive.

As many answers as possible would be great.

No, unless if the Version of Windows your installing is pirated and comes pre-installed with a keylogger!

 

[Jacee]

Hi Dazeon, do you suspect there is/was a keylogger on your computer?

You can read about 'keylogers' here:
Viruslist.com - Keyloggers: How they work and how to detect them (Part 1)

Keyloggers can be divided into two categories: keylogging devices and keylogging software. Keyloggers which fall into the first category are usually small devices that can be fixed to the keyboard, or placed within a cable or the computer itself. The keylogging software category is made up of dedicated programs designed to track and log keystrokes.

 

[Lemur]

keylogger would not withstand disk wipe with reboot.

 

[Jacee]

^^^ if was a software application.

 

[Etihtsarom]

Not keyloggers. But I believe some rootkits can survive that.

 

[gamepro127]

Not keyloggers. But I believe some rootkits can survive that.

Nope, still impossible.

When you re-install Windows, the first thing Windows does is delete EVERYTHING on the selected partition (or hard drive) so that nothing is on it. Now, it installs a fresh copy. Rootkits will be wiped out during the deleting process.

 

[Etihtsarom]

Bios rootkit is what I think they're called. Though I'm not familiar with the probability or method of being infected.

 

[gamepro127]

Bios rootkit is what I think they're called. Though I'm not familiar with the probability or method of being infected.

BIOS rootkit's are extremely rare and any legit anti-virus will block them.

 

[H2SO4]

As many answers as possible would be great.

I specialise in quantity over quality

Other than the hardware device that Jacee brought up, there are at least three other theoretical vectors for malware (doesn't really matter whether it's a keylogger or a rootkit or whatever) to survive a full zero-filling of the HDD:

1) The disk and/or utility you used to nuke the HDD is itself infected. Sure, it told you that the drive was completely wiped and filled with zeroes or random patterns, but it actually hid a sector-worth of code which is going to be the basis for future pwnage once you reinstall an OS.

2) The BIOS is infected. After all, it too is code.

3) The machine supports hardware-level virtualisation and there's a hypervisor virus of the "blue pill" variety. It's completely underneath all attempts to format a (virtualised) parent or child partition.

Needless to say, all three are highly unlikely in a home usage scenario.