![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How could it be that viruses are still on my computer after reformatting?
- Thread starter Kuyt
- Start date
swatbat
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,052
If you really want to kill anything on the drive use DBAN and let it do a few passes over it.
Anyway as far as viruses still on the machine after a format chances are you have either a driver/backup disk with something on it or the machine got hit before you had a chance to update it.
Anyway as far as viruses still on the machine after a format chances are you have either a driver/backup disk with something on it or the machine got hit before you had a chance to update it.
Mister Natural
2[H]4U
- Joined
- Oct 10, 2002
- Messages
- 3,441
...and don't connect the network cable until you have a firewall up and running.
Format your thumb drive too. There was a virus going around recently that infected autorun in thumbdrives. Even after you format, then plug your thumbdrive back in, you're putting the virus right back into your system. External drives too.
Any fool proof way to get these trojans completely off (they're all up in my registry / windows), even after a full reformat?
Ugh.
A reformat is more than sufficient to get rid of any trojan. Its not really possible that a trojan survived the reformat using DBAN or the like to remove a trojan is overkill and and a complete waste of time.
More likely you either have another drive infected which is infecting your main drive or something your installing right off the bat is infected. Or your using AVG which tends to give an annoying amount of false positives.
LifeStealer
n00b
- Joined
- Mar 31, 2006
- Messages
- 61
You could also have something hiding in your bios.
Boot sector virus? I have not seen one in the wild in a long time but I know they can exist.
Yes AVG does give allot of false positives, I know one for sure is Tsearch but almost all open memory hacking tools will also show up as a virus as most viri use the same memory hook structure.
Yes AVG does give allot of false positives, I know one for sure is Tsearch but almost all open memory hacking tools will also show up as a virus as most viri use the same memory hook structure.
Monkey God
Mangina Full of Sand
- Joined
- May 7, 2007
- Messages
- 6,723
Yep. Format wont touch these. I also remember the days of BIOS virus's too, but haven't heard of those in a LONG time.
Joe Average
Ad Blocker - Banned
- Joined
- Apr 6, 2008
- Messages
- 15,459
Formatting a drive doesn not alter the Master Boot Record which is where many viruses still love to hide. You need to departition a drive in order to make those kinds of alterations. In fact, to be absolutely 100% sure you've wiped the MBR properly, that's where the old fdisk command is still handy if you can get a bootable CD with that command on it. You'd use it to departition the entire drive, reboot, then use the command from the command line like so:
fdisk /mbr
That pulls the original factory Master Boot Record data off an EEPROM chip on the drive (all of them work this way) and restores the physical MBR code with that data. Since the factory defaults are stored on an EEPROM chip, there ain't a virus out that can tamper with it so, when you do the fdisk /mbr command it'll restore at least that aspect back to brand new untouched untampered with status.
Then go and partition the drive as you see fit, and the OS will manage the MBR as required to make the system partition/drive bootable.
There are other methods to accurately restoring an MBR to factory condition, that's just the most common one. But again, just reformatting partitions that are already in place doesn't do Jack Shit to the viruses that could be lurking in the MBR - you've got to wipe and restore that to the original state.
fdisk /mbr
That pulls the original factory Master Boot Record data off an EEPROM chip on the drive (all of them work this way) and restores the physical MBR code with that data. Since the factory defaults are stored on an EEPROM chip, there ain't a virus out that can tamper with it so, when you do the fdisk /mbr command it'll restore at least that aspect back to brand new untouched untampered with status.
Then go and partition the drive as you see fit, and the OS will manage the MBR as required to make the system partition/drive bootable.
There are other methods to accurately restoring an MBR to factory condition, that's just the most common one. But again, just reformatting partitions that are already in place doesn't do Jack Shit to the viruses that could be lurking in the MBR - you've got to wipe and restore that to the original state.
cybereality
[H]F Junkie
- Joined
- Mar 22, 2008
- Messages
- 8,789
Did you install a legit version of Windows? You know that cracked software can come with surprises right?
I didnt think they where even still around. Are you guys sure they really even are?
At any rate i would check out your spare drives and the software you install first before checking on these things.
Joe Average
Ad Blocker - Banned
- Joined
- Apr 6, 2008
- Messages
- 15,459
While there are numerous viruses being created and released by the never-ending flood of no life losers humanity keeps spawning, just because a virus from a long time ago - especially something related to boot sector activity - might have been thoroughly trounced upon in the past, it doesn't mean the damned thing just up and vanished like a fart in the wind.
Smallpox was effectively eradicated from the human population decades past, but... it's still out there in a lab someplace. It only takes one instance of it getting out unchecked and wham...
"Does that make sense?"
Smallpox was effectively eradicated from the human population decades past, but... it's still out there in a lab someplace. It only takes one instance of it getting out unchecked and wham...
"Does that make sense?"
Monkey God
Mangina Full of Sand
- Joined
- May 7, 2007
- Messages
- 6,723
I dont think they are around anymore. Most motherboards/bios's now are nearly virus-proof
but they DID exist, as I got one when I was in college (skanky ass college kids, lol)
Also got boot sector virus from college too. I think I have a copy them both on floppy somewhere.
Nah, completely legit for like the first time (I had a SP1 Pro disc from a Gateway laptop.
Right about now, I think it's my WD 500GB External that's infected. Anyway I can get rid of the virus in that thing? It carries ALL my crap (music + movies).
You need to do what Joe Average stated...fdisk/mbr
Joe Average
Ad Blocker - Banned
- Joined
- Apr 6, 2008
- Messages
- 15,459
fdisk(space)/mbr actually... <snicker, snicker...>
Artificiary
Gawd
- Joined
- May 27, 2007
- Messages
- 615
Agreed. This was the first thing I thought after reading the OP. I had this problem once before and fixed it by fdisk'ing the mbr.
To be technical, the mbr code is stored inside fdisk.exe
fixmbr from xp's recovery console will do the same. Vista has a similar tool
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
I've never bothered using the old DOS based boot disk and doing FDISK since the Windows 98 CDs came out..which were bootable..and did all of that stuff through the bootup menu. All OSs since then have been bootable CDs with the install routine built right into them.
Boot from CD...delete any/all partitions through this interface....create partition(s)..do a full format (not quick format)...and begin your install.
Boot from CD...delete any/all partitions through this interface....create partition(s)..do a full format (not quick format)...and begin your install.