Zero access Rootkit

Aruna Hewapathirane aruna.hewapathirane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 26 17:47:08 UTC 2013 

>
> > I would use something like knopiix or even a ubuntu live cd and boot your
> > friends system, mount the windows partition, make a full back-up of all
> > important data then do what Neil advised which is a full re-install
> after a
> > low-level format. That way one is safe.
>
> No one does low level formats anymore.  That stopped being a sensible
> concept when IDE disks came out and replaced ESDI.
>


*Agreed fully but I was thinking since this trojan supposedly installs a
root-kit the best thing would be to wipe the disk completely and in the
good old dos days it was as simple as fdisk /mbr which was undocumented
back then but did the job and well. *


> A low level format controls where the sectors are placed on the disk.
> For ESDI disks, you could get better performance from the disk if you low
> level formated it and set the sector interleaving to match the performance
> of your machine.  So if you machine was only fast enough to process one
> sector for every 3 the disk could read, you would set the interleaving
> to 3 so the disk would store the sectors physically in the order: 0, 6,
> 12, 1, 7, 13, 2, 8, 14, 3, 9, 15, 4, 10, 16, 5, 11.
>

*True !*

>
> This way, the head would just be coming to the next sector when the CPU
> was ready to receiver it.  With an interleave of 1, the CPU would have
> had to wait for the disk to rotate all the way around again to the next
> sector before reading it.
>
> Norton utilities used to have a tool in DOS that would measure the
> best interleave and then rewrite the disk with the proper interleave
> by swapping sectors around.  It took hours, but gave much better disk
> performance in the case of old 8088 and even 286 machines.
>
> *True again..* *!*

Never mind what a lot of websites say, overwriting a disk with 0s,
> is NOT a low level format.
>

*I did not mean writing 0's when I said a LLF what I meant was a true LLF
where the disk is completely wiped and  *reinitialized *to factory state
:-)*

>
>
> Modern disks do not always have 17 sectors per
> track, and they do not have interleave options.  Disks are way too slow
> to keep up with modern machines so the concept makes no sense anymore.
> Surprisingly wikipedia does have it right.
>
> --
> Len Sorensen
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>



-- 
*Aruna Hewapathirane*
Consultant/Trainer
Phone : 647-709-9269
Website: <http://goog_1768911931>Open Source
Solutions<http://sahanaya.net/aruna/>



<https://sites.google.com/site/arunahewapathirane/home/business-card/buisness-card.png?attredirects=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20131126/a496da7e/attachment.html>

More information about the Legacy mailing list