car825 wrote:
techvisitor wrote:
car825 wrote:
dickevans wrote:
Hi,
Just a couple of comments. If the malware and virus developers wanted honest jobs I'm sure they would apply
Reinstalling from the installation disk is not 100%. Some things have been known to slip past and remain to bite again
Stay well and surf safe
What malware can survive a reinstall from a system image? What about the malware giving people on the forum so much trouble now?
Does anyone know the answer to this? My system is clean, but I like knowing I can fix things with a full image copy restore. How confident should I be in percentage terms that this is true.
I am mobile computer tech and have visited several customers with these infections. I have in fact performed factory recovery on systems and had the virus maintain itself on the hard disk. A fully cleaned system was reinfected on reboot.
I determined that the hard drive had to be nuked. We performed a full bit-by-bit erasure of all partition tables, boot sectors, and did a clean 1pass wipe.
Having done that.... the computer was clean after a second re-install. The downside is that we lost the manufacturers recovery partition and the supporting software and hardware the computer came with. Thank MS for OEM COA labels on the side of machines! :)
Does this reinfection issue apply to the factory recovery on all computers or or just older ones? I have a new computer. The factory recovery removes all partitions, reformats the hard drive, reinstalls the operating system, and reinstalls all the hardware drivers and software. It also recreates the recovery partition. Is this the same as nuking the hard drive?
Hi, car825. A "Nuke & Pave" will destroy any rootkit. All that is required is to rebuild the MBR and the Partition Table from scratch, such that the rootkit/bootkit's "fixit" partition is destroyed. All modern laptops have this ability as part of their System Reinstall procedure.
Please note that techvisitor's procedure was overkill. What should have happened is that machine should have had its recovery disks built when first purchased. These CDs or DVDs could then have been used to rebuild the machine from scratch - including the machine's recovery partition, its custom driver information and the install utilities for those custom drivers.
There is a reason you are harassed when you first buy your machine to create those disks..........
And if you don't have them and are currently uninfected - it is still not too late to create them even now.
For those who did not make their Recovery Disks when they first purchased their laptop - and are now infected such that making a clean set of disks is not possible using the utility on the laptop itself - the disks are available for purchase from the laptop manufacturer at nominal cost.
Consequently, no matter the circumstance, it is possible to recover from a rootkit/bootkit infection that has a "fixit" partition.
However, what changes is the amount of time and money it takes to get the Recovery Disks into the hands of the person rebuilding the machine - which varies according to the amount of foresight the user possesses.
Note: The above is not a replacement for the work of Quads or another competent removalist. It is simply prudent to have
the ability to rebuild-from-scrach if all other procedures fail.
Hope this helps.
