hi CaptainObvious,

does help because its definitely going to remove everything

doesn't help if you did not back up your files before formatting and you've lost all your important files T_T

its a different story if its a file infector and you have not removed the file infector before backing up then restoring the backed up files to a supposedly clean drive or if you did not format other partitions and the file infector is lurking there (i experienced this back in college and i cried for not realizing immediately that the file infector was in another partition)

cheers!

Thanks Cyrus. But how to know whether a BIOS is infected because normally I will treat it as normal windows viruses. BIOS threat is new to me.

RoseG, important files will be backup. I used to just format a pc back college whenever pc was infected or acted weirdly. Scanning a file perhaps is the step I should do instead of formatting the whole drive.

Thank you for your advises!!

no worries

i think bios infection is best decribed here

Hello CaptainObvious,

Yes, it will be hard to determine if your motherboard's BIOS has been infected.  Just like you, if I see a machine that has an infection, I will also treat it as a "normal" infection -- not a BIOS infection.

I think one hint that your motherboard's BIOS is infected is that even after you've reformatted the hard drive, the computer will immediately get infected or shows signs of infection.  OR if many (if not all) antivirus/security program, tool or application cannot detect anything on your machine but the symptoms of being infected is still there, then you can probably assume that your motherboard's BIOS has been compromised (given that the MBR has not been compromised as well).

Regards,

Cyrus

not really, you can run online scanners or do a manual malware removal (if you're confident yourself ^____^) if not you can go to different communities/forums which offer step-by-step malware removal and still do it yourself and at your own risk

here's how it works: you start by reading the ***read me*** of a forum which usually contains what forensics tool you should run and what kind of log you should post, then a forum member will provide his/her analysis or just tell you what removal tools you should run

of course not everything can be seen by one forensic tool so you would be asked to run a few more, same goes for removal tools

your other option is to avail of virus removal services provided by different av companies and/or techsupport services

once your machine is reverted to its clean state, i hope you learn from the experience and start adding a layer of protection to your computer

Reformatting an infected harddrive will often helpin most cases but not when the system is infected with boot virus(as already mentioned) and yeah if your backup files are also infected you will reinfect the system, so need to make sure they're clean before putting them back.

Recently the new variant of TDL4 rootkit that creates a hidden volume(which housed the rootkit's files) and modifies the partition table to point to the malicious volume also can't be removed just by mere formatting.

http://blog.eset.com/2011/10/18/tdl4-rebooted

Hello,

If  you are not interested in removing an infection or copying any files off of the hard disk drive at all you can quickly clean it by booting from a Windows 7 installation disc selecting the System Recovery Options menu to open a Command Prompt and running the DiskPart (filename: DISKPART.EXE) command, selecting the hard disk drive and issuing a "CLEAN" command.  This will erase the beginning of the hard disk, including the Master Boot Record and its associated partition table of data so the drive will appear blank.  At that point, you can power down and when you next boot up, treat it as you would any blank hard disk drive (format it, install an operating system and so forth).

One thing to keep in mind is that the DiskPart command is a fairly powerful program, and using it incorrectly can cause all sorts of problems, especially if a system has multiple disk drives and operations are performed against the wrong disk drive.  For this reason, I recommend disconnecting any other hard disk drives from the computer before turning it on to work with the hard disk you intend to wipe, and reviewing the documentation for the command thoroughly before beginning to determine how to properly select the hard disk drive.

Regards,

Aryeh Goretsky

---

I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
X220 (4286-CTO) • W510 (4318-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
  Deutsche Community   Comunidad en Español