Paul
I know you said you have used PcLinuxOs 2009. I now have 2 flash drives
and 2 HDDs to format, which could be infected. Once that is dont,
everything will be cleaned up. I know I can format the HDDs using a Dos
boot floppy, (but will have to throw the floppy away, just to be safe).
But I cant format the flash drives from a dos boot.
I just spend almost 2 hours trying to figure out how to format drives
while booted to the Live Cd of PcLinuxOs. I dont know where they hide
the format command, because I cant find it. Do you know how?
The easiest solution would be to just format both HDDs and both flash
drives from a Linux Cd boot and be done with it. I wont lose much data,
except some drivers that I can download again. This way I wont need to
burn any CDs to boot XP.
Thanks
Open a terminal and in there enter
su root
password: root
Now the command prompt will turn red, and you're
running as Administrator.
hwinfo --short --disk
That will give the name(s) of hard drives.
The name shown is a pointer to the entire drive,
such as /dev/sda.
hwinfo --disk
That one gives a lot more (confusing) information.
It would include size information or a model number
or whatever. That way, you can distinguish the
purpose of /dev/sda versus /dev/sdb or /dev/hda or
/dev/hdb.
You can remove the MBR on a drive like this. Here
I identified /dev/sda as the drive I want to erase
the partitions on. Removing the MBR just removes
all information about the (MBR-based) partitions.
A GPT disk might require more than this for all
I know. Your disk(s) aren't likely to be GPT.
dd if=/dev/zero of=/dev/sda bs=512 count=1
That overwrites the first sector of the disk, the MBR.
*******
If it is a hard drive, you can overwrite the
entire drive (without consulting the drive size)
like this.
dd if=/dev/zero of=/dev/sda
That zeros the entire drive, stopping only when you
run out of hard drive to erase. Hard drives don't
wear as such, so it doesn't matter how "efficient"
my command parameters are.
If the device was flash, I'd try to be a little more
gentle. Say the flash drive was ~2GB. I would use a
block size of 2 megabytes (could be stated 2M perhaps
or 2097152 if you want to spell it out precisely).
I always use exact numbers, because I confuse easily.
The arithmetic product of those two numbers, is 2GiB.
(
http://en.wikipedia.org/wiki/GiB )
dd if=/dev/zero of=/dev/sda bs=2097152 count=1024
If the command bitched that the block size was too large,
I'd chop it down a notch like this.
dd if=/dev/zero of=/dev/sda bs=1048576 count=2048
That would be sufficient to erase my 2147483648 or
2GiB flash key. The large block size, is intended
to write full flash pages if possible, and perhaps
not require as many writes to a flash page.
I'd try to get the total number of sectors
for hard drive. My sample drive, the value was
33554304 sectors of 512 bytes each. I would factor
that, into "reasonable" values.
On a hard drive, a smaller block size might be
a reasonable (performance) choice. I can factor the
33554304 number, using the factor program. (By passing
numbers to the "dd" command, it runs roughly three times
faster with the usage of a decent block size.)
factor 33554304
The answer returned includes
2 2 2 2 2 2 2 3
Multiply those together gives 384. Multiply that number
of sectors by 512 to get 196608 bytes. Divide 33554304 by 384
to get the block count of 87381.
dd if=/dev/zero of=/dev/sda bs=196608 count=87381
That erases all 196608 * 87381 = 17,179,803,648 or
17GB or so of the hard drive.
I tried looking in the PCLinuxOS menus for a better
way, but none came to mind.
So if it is a hard drive, this is easier than all
that gibberish.
dd if=/dev/zero of=/dev/sda
If it is a flash key, you can try your hand at
crafting a numeric format of the command.
dd if=/dev/zero of=/dev/sdb bs=1048576 count=2048
Flash keys can be formatted with an MBR present
in sector zero, or without an MBR at all. Erasing
the whole thing is just the easiest way to be sure
that nothing remains.
*******
If the hard drive has an HPA or host protected area,
more gibberish is required. There's no point
worrying about that now, as the HPA won't bite you
on the ass, unless something modifies it. Like
the BIOS has some option to multiplex five partitions
into a four partition MBR. And only a few OEM computers
do stuff like that. So we won't worry about HPA right now.
(The assumption here would be, the "evil" seller of
the computer, places malware inside the HPA, as a
future "bomb" if the HPA area is ever accessed somehow.
The malware normally couldn't get there all by itself,
as HPAs are a bear to work with. It takes considerable
work, to load something in there, an effort. And not
worth it, unless you "hate" the buyer.)
To satisfy yourself an HPA is not present (without using
the appropriate Linux command), simply compare the
size info from hwinfo --disk, to the size on the label of
the hard drive. If there is a significant difference between
the label value, and the hwinfo --disk value, then go off
and do some research on HPA. I have both added and removed
an HPA on my current computer, but I'm not prepared
at the moment to give a recipe. This is enough dribble
for now.
HTH,
Paul
