Zero access Rootkit
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Tue Nov 26 18:18:55 UTC 2013
On Tue, Nov 26, 2013 at 12:47:08PM -0500, Aruna Hewapathirane wrote:
> *Agreed fully but I was thinking since this trojan supposedly installs a
> root-kit the best thing would be to wipe the disk completely and in the
> good old dos days it was as simple as fdisk /mbr which was undocumented
> back then but did the job and well. *
Which was a simple overwrite of sector 0 (not including the partition
table part).
> *I did not mean writing 0's when I said a LLF what I meant was a true LLF
> where the disk is completely wiped and *reinitialized *to factory state
> :-)*
Reinitialized is NOT a low level format. Also doing even that is
complete overkill. Simply overwriting the disk with zeroes is plenty,
and even that is overkill. Writing a new filesystem and partition table
would be enough to wipe any link to any software on the disk.
And yes fdisk /mbr used to overwrite the boot sector with a default
loader and hence would wipe out any boot sector virus present there.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list