Zero access Rootkit
Paul Nash
paul-fQIO8zZcxYtFkWKT+BUv2w at public.gmane.org
Tue Nov 26 18:29:09 UTC 2013
If you are feeling really paranoid about the disk, just buy a new one and and do a fresh install of Windoze, Orifice and whatever other M$ products are in use. Disinfect the current drive & copy only the critical data over.
Disk drives cost way way less than your time nuking it.
paul
On Nov 26, 2013, at 1:27 PM, Aruna Hewapathirane <aruna.hewapathirane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>
> Reinitialized is NOT a low level format. Also doing even that is
> complete overkill. Simply overwriting the disk with zeroes is plenty,
> and even that is overkill. Writing a new filesystem and partition table
> would be enough to wipe any link to any software on the disk.
>
> Overkill I can live with but if this root-kit trojan has a mechanism that actually goes and resides in the BIOS then we are right royally screwed ? And wiping the disk is not going to help ? In that case flashing the bios and in extreme cases actually pulling out and puting the bios chip back is the only solution ? So YES agreed it is overkill but liek I said better to be safe than sorry with no back up of countless hours of data. ( Yes I had to do this long years ago :-)
>
> And yes fdisk /mbr used to overwrite the boot sector with a default
> loader and hence would wipe out any boot sector virus present there.
>
> --
> Len Sorensen
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
>
>
> --
> Aruna Hewapathirane
> Consultant/Trainer
> Phone : 647-709-9269
> Website: Open Source Solutions
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1974 bytes
Desc: not available
URL: <http://gtalug.org/pipermail/legacy/attachments/20131126/6483dda5/attachment.bin>
More information about the Legacy
mailing list