Zero access Rootkit
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Tue Nov 26 16:31:26 UTC 2013
On Tue, Nov 26, 2013 at 11:05:22AM -0500, Aruna Hewapathirane wrote:
> This may help: http://malwaretips.com/blogs/trojan-zeroaccess-removal/
>
> I would use something like knopiix or even a ubuntu live cd and boot your
> friends system, mount the windows partition, make a full back-up of all
> important data then do what Neil advised which is a full re-install after a
> low-level format. That way one is safe.
No one does low level formats anymore. That stopped being a sensible
concept when IDE disks came out and replaced ESDI.
A low level format controls where the sectors are placed on the disk.
For ESDI disks, you could get better performance from the disk if you low
level formated it and set the sector interleaving to match the performance
of your machine. So if you machine was only fast enough to process one
sector for every 3 the disk could read, you would set the interleaving
to 3 so the disk would store the sectors physically in the order: 0, 6,
12, 1, 7, 13, 2, 8, 14, 3, 9, 15, 4, 10, 16, 5, 11.
This way, the head would just be coming to the next sector when the CPU
was ready to receiver it. With an interleave of 1, the CPU would have
had to wait for the disk to rotate all the way around again to the next
sector before reading it.
Norton utilities used to have a tool in DOS that would measure the
best interleave and then rewrite the disk with the proper interleave
by swapping sectors around. It took hours, but gave much better disk
performance in the case of old 8088 and even 286 machines.
Never mind what a lot of websites say, overwriting a disk with 0s,
is NOT a low level format. Modern disks do not always have 17 sectors per
track, and they do not have interleave options. Disks are way too slow
to keep up with modern machines so the concept makes no sense anymore.
Surprisingly wikipedia does have it right.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list