Zero access Rootkit

Aruna Hewapathirane aruna.hewapathirane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 26 18:27:08 UTC 2013


> Reinitialized is NOT a low level format.  Also doing even that is
> complete overkill.  Simply overwriting the disk with zeroes is plenty,
> and even that is overkill.  Writing a new filesystem and partition table
> would be enough to wipe any link to any software on the disk.
>

Overkill I can live with but if this root-kit trojan has a mechanism that
actually goes and resides in the BIOS then we are right royally screwed  ?
And wiping the disk is not going to help ?  In that case flashing the bios
and in extreme cases actually pulling out and puting the bios chip back is
the only solution ? So YES agreed it is overkill but liek I said better to
be safe than sorry with no back up of countless hours of data. ( Yes I had
to do this long years ago :-)

>
> And yes fdisk /mbr used to overwrite the boot sector with a default
> loader and hence would wipe out any boot sector virus present there.
>
> --
> Len Sorensen
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>



-- 
*Aruna Hewapathirane*
Consultant/Trainer
Phone : 647-709-9269
Website: <http://goog_1768911931>Open Source
Solutions<http://sahanaya.net/aruna/>



<https://sites.google.com/site/arunahewapathirane/home/business-card/buisness-card.png?attredirects=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20131126/bc337245/attachment.html>


More information about the Legacy mailing list