Boot sectors and virii

[Croaker]

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never
had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.
They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?

 

[j9]

Yes, there are still virii out there that live in the MBR. But, most tools
these days have more than adequate boot sector scans. I haven't had to do a
LLF for a virus in a very long time (unless you count trying to overcome a
bad RedHat LILO install in the test lab )

Seems to me that these "techs" have forgotten the cardinal rule of
performing non-destructive data handling whenever possible.

 

[Croaker]

Yes, there are still virii out there that live in the MBR. But, most tools
these days have more than adequate boot sector scans. I haven't had to do a
LLF for a virus in a very long time (unless you count trying to overcome a
bad RedHat LILO install in the test lab )

Seems to me that these "techs" have forgotten the cardinal rule of
performing non-destructive data handling whenever possible.

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never
had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.
They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?

Well then I would ask this. Does the master boot record get rewritten
after a format during a fresh install? Does rewriting the MBR get rid
of these virii/trojans? Do these virii survive a reformat and
reinstall? Thank you for your patience, this is for my own knowledge at
this point.

 

[Rock]

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never
had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.
They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?

FYI the plural of virus is viruses not virii.

 

[Lil' Dave]

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

Formatting only resets the file table for a quick format, or writes a new
file table for the partition you're formatting (C. Does nothing to any
other partition, or the master boot record.

The partition boot record incorporates the new file table in the process.
If there is a redirect in the parittion boot record to a boot sector virus,
then nothing changes. Not all boot viruses use this scheme.

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never

Trojans don't affect the master boot record or the paritition boot record.
A very limited few viruses, a small handful, can inhabit the general disk
area where the master boot record is kept. But, not within the mbr itself.
They are extremely rare. A virus inhabiting the paritition boot record can
be removed by simply removing and restoring the partition that may be
infected. These are uncommon as well.

had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.

Low level formats of ide hard drives are done at the factory only.

Writing zeroes, ones, or a combination, or a repeated combination is
typically referred to as a "medium" level format. Many unknowing users call
this a low-level format. The writes overwrite all on the hard disk writable
area including the area where the master boot record is stored.

They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?

They're speaking the truth as they know it. My take on this is they want
your PC fixed so they can get you out the door the first time. The
so-called "low-level" format will take 24 hours or so, or more, and will do
it without user intervention after starting. And, it will result in a clean
hard drive irregardless of what underlying problems there were that
orginated from the original data on that hard drive. Depending on what's
infected on the PC, their ability to remove the infection harmlessly, and so
on, can cost many man hours and lessen their ability to work on many PCs at
the same time. Makes plain business sense to me..

 

[Lil' Dave]

FYI the plural of virus is viruses not virii.

No, both are correct. Its just a matter of choice which spelling to use to
describe the plural. Personally, I prefer "viruses" for simplicity sake.
But, have no problem with others that prefer "virii" or "viri". They
communicate the meaning obviously as you evidently understood the word, so
did I.
http://en.wikipedia.org/wiki/Virii

 

[Bill Blanton]

Well then I would ask this. Does the master boot record get rewritten
after a format during a fresh install? Does rewriting the MBR get rid
of these virii/trojans? Do these virii survive a reformat and
reinstall? Thank you for your patience, this is for my own knowledge at
this point.

There are "stealth type" viruses that load from the MBR, that also
have the ability to hide themselves from detection if booted from
the infected hard drive. In that case, you generally need to boot from
known clean removable media (floppy) and check the MBR. Getting rid of
them without a complete wipe of the mbr can be tricky, but not impossible.

Google on "stealth virus master boot record" for examples.

A "fresh install" will write the MBR code if there is none in place already.
I don't remember if that's true if code is already in place. I wouldn't
chance it either way if I suspected a MBR virus.

Format is just concerned with the particular volume ("drive X:") being
formatted, and doesn't touch the mbr. Though that may effect a volume
boot sector virus.

 

[Rock]

No, both are correct. Its just a matter of choice which spelling to use to
describe the plural. Personally, I prefer "viruses" for simplicity sake.
But, have no problem with others that prefer "virii" or "viri". They
communicate the meaning obviously as you evidently understood the word, so
did I.
http://en.wikipedia.org/wiki/Virii

No true. Virii is not correct.

 

[Lil' Dave]

No true. Virii is not correct.

Whatever...

 

[Plato]

No true. Virii is not correct.

Agreed.

 

[Scott]

Where the hell is Miss Perspicia Tick when you really need her??

 

[_RR]

Agreed.

It could be that he was talking about common usage, like "Unii"
(that's people who work on Unix boxes... IOW, the plural of Eunuch)