Let's say a system is infected with malware, be it virus, worms, Trojan. Will formatting the whole hard disc help? In what occasion it doesn't help and a replacement is needed?
Is formatting a hdd the only thing I can do if the system is compromised and does not have anti virus software installed?
Suggestion for Questions 1:
When it works:
Reformatting does help because everything is removed. But you will lose your important files if you had not backed up your files.
It is a different story if it is a file infector and it was not removed before you backed up your system. Restoring the backed up files to a supposedly clean drive will not work, as with the case of other partitions not being fomatted as the file infector is still there.
When it does not work:
Note that a recent variant of the TDL4 rootkit that creates a hidden volume(which housed the rootkit's files) and modifies the partition table to point to the malicious volume also can't be removed just by mere formatting.
Most of the information-stealing threats will be removed by doing this. But there are some threats that will not be removed by doing such -- like BIOS-infector threats. If you got infected by one of these, you need to remove the files/components that it dropped on your HDD (or reformat it) and then flash your motherboard's BIOS.
Symptom of bios-infector threat
It is somewhat difficult to determine if your motherboard's BIOS has been infected. The symptoms are
that even after you've reformatted the hard drive, the computer will immediately get infected or shows signs of infection.
if many (if not all) antivirus/security program, tool or application cannot detect anything on your machine but the symptoms of being infected are still there
You can probably assume that your motherboard's BIOS has been compromised (given that the Master Boot Record has not been compromised as well).
Suggestion for Questions 2:
Malware removal manually You can run online scanners or do a manual malware removal (if you are confident of doign so.) If not you can go to different communities/forums which offer step-by-step malware removal and still do it yourself and at your own risk
Here's how it works: you start by reading the ***read me*** of a forum which usually contains what forensics tool you should run and what kind of log you should post, then a forum member will provide his/her analysis or just tell you what removal tools you should run. Note that not everything can be seen by one forensic tool so you would be asked to run a few more, and the same goes for removal tools.
Run virus removal services Your other option is to use virus removal services provided by different anti -virus companies and/or tech support services.
Erase hdd via DiskPart.exe without backup nor remove an infection If you are not interested in removing an infection or copying any files off of the hard disk drive at all you can quickly clean it by - booting from a Windows 7 installation disc selecting the System Recovery Options menu to open a Command Prompt - running the DiskPart (filename: DISKPART.EXE) command, selecting the hard disk drive and issuing a "CLEAN" command.
This will erase the beginning of the hard disk, including the Master Boot Record and its associated partition table of data so the drive will appear blank. At that point, you can power down and when you next boot up, treat it as you would any blank hard disk drive (format it, install an operating system and so forth).
Caution: One thing to keep in mind is that the DiskPart command is a fairly powerful program, and using it incorrectly can cause all sorts of problems, especially if a system has multiple disk drives and operations are performed against the wrong disk drive. For this reason, try disconnecting any other hard disk drives from the computer before turning it on to work with the hard disk you intend to wipe, and reviewing the documentation for the command thoroughly before beginning to determine how to properly select the hard disk drive.
Was this article helpful? Please click here and let us know.