<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
> I would use something like knopiix or even a ubuntu live cd and boot your<br>
> friends system, mount the windows partition, make a full back-up of all<br>
> important data then do what Neil advised which is a full re-install after a<br>
> low-level format. That way one is safe.<br>
<br>
</div>No one does low level formats anymore. That stopped being a sensible<br>
concept when IDE disks came out and replaced ESDI.<br></blockquote><div><br></div><div><i>Agreed fully but I was thinking since this trojan supposedly installs a root-kit the best thing would be to wipe the disk completely and in the good old dos days it was as simple as fdisk /mbr which was undocumented back then but did the job and well. <br>
</i></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
A low level format controls where the sectors are placed on the disk.<br>
For ESDI disks, you could get better performance from the disk if you low<br>
level formated it and set the sector interleaving to match the performance<br>
of your machine. So if you machine was only fast enough to process one<br>
sector for every 3 the disk could read, you would set the interleaving<br>
to 3 so the disk would store the sectors physically in the order: 0, 6,<br>
12, 1, 7, 13, 2, 8, 14, 3, 9, 15, 4, 10, 16, 5, 11.<br></blockquote><div><br></div><div><i>True !</i> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
This way, the head would just be coming to the next sector when the CPU<br>
was ready to receiver it. With an interleave of 1, the CPU would have<br>
had to wait for the disk to rotate all the way around again to the next<br>
sector before reading it.<br>
<br>
Norton utilities used to have a tool in DOS that would measure the<br>
best interleave and then rewrite the disk with the proper interleave<br>
by swapping sectors around. It took hours, but gave much better disk<br>
performance in the case of old 8088 and even 286 machines.<br>
<br></blockquote><div><i>True again..</i> <i>!</i><br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Never mind what a lot of websites say, overwriting a disk with 0s,<br>
is NOT a low level format. <br></blockquote><div><br></div><div><i>I did not mean writing 0's when I said a LLF what I meant was a true LLF where the disk is completely wiped and </i>reinitialized <i>to factory state :-)</i><br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br>Modern disks do not always have 17 sectors per<br>
track, and they do not have interleave options. Disks are way too slow<br>
to keep up with modern machines so the concept makes no sense anymore.<br>
Surprisingly wikipedia does have it right.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Len Sorensen<br>
--<br>
The Toronto Linux Users Group. Meetings: <a href="http://gtalug.org/" target="_blank">http://gtalug.org/</a><br>
TLUG requests: Linux topics, No HTML, wrap text below 80 columns<br>
How to UNSUBSCRIBE: <a href="http://gtalug.org/wiki/Mailing_lists" target="_blank">http://gtalug.org/wiki/Mailing_lists</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><span style="font-family:comic sans ms,sans-serif"><b>Aruna Hewapathirane</b><br>Consultant/Trainer<br>Phone : 647-709-9269<br>Website:<a href="http://goog_1768911931" target="_blank"> </a><a href="http://sahanaya.net/aruna/" target="_blank">Open Source Solutions</a></span><br>
<br><br><a href="https://sites.google.com/site/arunahewapathirane/home/business-card/buisness-card.png?attredirects=0" target="_blank"><br></a>
</div></div>