Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
CaptainObvious
Posts: 56
Registered: ‎03-26-2009
Location: Burma
0
Accepted Solution

Would format infected hdd help?

Let's say a system is infected with malware, be it virus, worms, Trojan, does format the whole hard disc help? In what occasion it doesn't help and a replacement is needed?
Lenovo Technology Partner
CyrusR
Posts: 10
Registered: ‎11-29-2011
Location: PH

Re: Would format infected hdd help?

Hello CaptainObvious,

 

Most of the information-stealing threats will be removed by doing this.  But there are some threats that will not be removed by doing such -- like BIOS-infector threats.  If you got infected by one of these, you need to remove the files/components that it dropped on your HDD (or reformat it since that's your question) AND then flash your mobo's BIOS.

 

Hope this helps.


Regards,
Cyrus

Lenovo Technology Partner
RoseG
Posts: 7
Registered: ‎11-29-2011
Location: Philippines

Re: Would format infected hdd help?

hi CaptainObvious,

 

does help because its definitely going to remove everything

doesn't help if you did not back up your files before formatting and you've lost all your important files T_T

 

its a different story if its a file infector and you have not removed the file infector before backing up then restoring the backed up files to a supposedly clean drive or if you did not format other partitions and the file infector is lurking there (i experienced this back in college and i cried for not realizing immediately that the file infector was in another partition)

 

cheers! :smileyhappy:


I am a Trend Micro employee.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience. Find me in Trend Community
Punch Card
CaptainObvious
Posts: 56
Registered: ‎03-26-2009
Location: Burma
0

Re: Would format infected hdd help?

[ Edited ]

Thanks Cyrus. But how to know whether a BIOS is infected because normally I will treat it as normal windows viruses. BIOS threat is new to me.

RoseG, important files will be backup. I used to just format a pc back college whenever pc was infected or acted weirdly. Scanning a file perhaps is the step I should do instead of formatting the whole drive.

Thank you for your advises!!

Both of you helped but I could only one time for accept as solution. Sorry...
Lenovo Technology Partner
RoseG
Posts: 7
Registered: ‎11-29-2011
Location: Philippines
0

Re: Would format infected hdd help?

no worries :smileyhappy:

 

i think bios infection is best decribed here

hope it helps, cheers!

I am a Trend Micro employee.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience. Find me in Trend Community
Lenovo Technology Partner
CyrusR
Posts: 10
Registered: ‎11-29-2011
Location: PH
0

Re: Would format infected hdd help?

[ Edited ]

Hello CaptainObvious,

 

Yes, it will be hard to determine if your motherboard's BIOS has been infected.  Just like you, if I see a machine that has an infection, I will also treat it as a "normal" infection -- not a BIOS infection.

 

I think one hint that your motherboard's BIOS is infected is that even after you've reformatted the hard drive, the computer will immediately get infected or shows signs of infection.  OR if many (if not all) antivirus/security program, tool or application cannot detect anything on your machine but the symptoms of being infected is still there, then you can probably assume that your motherboard's BIOS has been compromised (given that the MBR has not been compromised as well).

 

Regards,

Cyrus

Punch Card
CaptainObvious
Posts: 56
Registered: ‎03-26-2009
Location: Burma
0

Re: Would format infected hdd help?

Hey thanks for the tips! Another related question, is formatting a hdd the only thing I can do if the system is compromised and does not have anti virus software installed?
Lenovo Technology Partner
RoseG
Posts: 7
Registered: ‎11-29-2011
Location: Philippines
0

Re: Would format infected hdd help?

not really, you can run online scanners or do a manual malware removal (if you're confident yourself ^____^) if not you can go to different communities/forums which offer step-by-step malware removal and still do it yourself and at your own risk

 

here's how it works: you start by reading the ***read me*** of a forum which usually contains what forensics tool you should run and what kind of log you should post, then a forum member will provide his/her analysis or just tell you what removal tools you should run

of course not everything can be seen by one forensic tool so you would be asked to run a few more, same goes for removal tools

 

your other option is to avail of virus removal services provided by different av companies and/or techsupport services

 

once your machine is reverted to its clean state, i hope you learn from the experience and start adding a layer of protection to your computer :smileyvery-happy:


I am a Trend Micro employee.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience. Find me in Trend Community
Punch Card
rpggamergal
Posts: 6
Registered: ‎11-14-2011
Location: Australia

Re: Would format infected hdd help?

Reformatting an infected harddrive will often helpin most cases but not when the system is infected with boot virus(as already mentioned) and yeah if your backup files are also infected you will reinfect the system, so need to make sure they're clean before putting them back.

 

Recently the new variant of TDL4 rootkit that creates a hidden volume(which housed the rootkit's files) and modifies the partition table to point to the malicious volume also can't be removed just by mere formatting.

http://blog.eset.com/2011/10/18/tdl4-rebooted

---------------------------------------------------------------------------
Microsoft MVP - Consumer Security
Zone Advisor at Experts-Exchange.com



goretsky
Posts: 2,006
Topics: 19
Kudos: 358
Solutions: 143
Registered: ‎12-01-2007
Location: California, USA
0

Re: Would format infected hdd help?

Hello,

 

If  you are not interested in removing an infection or copying any files off of the hard disk drive at all you can quickly clean it by booting from a Windows 7 installation disc selecting the System Recovery Options menu to open a Command Prompt and running the DiskPart (filename: DISKPART.EXE) command, selecting the hard disk drive and issuing a "CLEAN" command.  This will erase the beginning of the hard disk, including the Master Boot Record and its associated partition table of data so the drive will appear blank.  At that point, you can power down and when you next boot up, treat it as you would any blank hard disk drive (format it, install an operating system and so forth).

 

One thing to keep in mind is that the DiskPart command is a fairly powerful program, and using it incorrectly can cause all sorts of problems, especially if a system has multiple disk drives and operations are performed against the wrong disk drive.  For this reason, I recommend disconnecting any other hard disk drives from the computer before turning it on to work with the hard disk you intend to wipe, and reviewing the documentation for the command thoroughly before beginning to determine how to properly select the hard disk drive.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
S230u (3347-4HU)X220 (4286-CTO)W510 (4318-CTO)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)T61p (6459-CTO)T43p (2678-H7U)T42 (2378-R4U)T23 (2648-LU7)
de.gif  Deutsche Community es.gif  Comunidad en Español ru.gif Русскоязычное Сообщество