Virus Stuck on HDD?

[tyttebøvs]

You have not done your research good enough. fdisk /mbr will not touch even a single byte in the partition table. So saying it will remove all the partitions is wrong.

 

[kimsland]

No I didn't say that any of those commands will remove the Partition
I was just saying that a Clean install means Users should remove the Partition

 

[tyttebøvs]

Yes, you said "removing all the partitions" would solve the problem. And I said that wasn't enough in itself. Just removing partitions will not rewrite the boot strap code located in the MBR. And rewriting of that code is the only thing those commands do.

 

[kimsland]

I expanded my help a bit above

Answered already

 

[tlarkin]

Once the computer is turned off the memory is dumped. So if he boots into the recovery partitions or boots to an install cd how is a virus going to get back on the hard drive?

True, but capacitors will still hold charge even after shut down, and things like cache and memory is not always 100% cleared. Also, I guess it is quite possible to infect the firmware of a hard drive with a virus (however very unlikely). There are also boot sector viruses can that can stay with in the boot sector.

This should no longer be a problem once EFI is adobted because drives won't have boot sectors, it will boot from firmware memory off a controller instead, but that is theoretical since EFI has not fully caught on. Apple uses EFI and they actually put a very small partition on the disk for the EFI.

I am digressing though, so back on subject.

If you want to be 100% sure, wipe the partitions, write zeros to your drive, power it off and unplug it completely to clear all cache and memory (un plug it for like 10 minutes) and wipe out the boot sectors.

If your "virus" still exists after all of that, then it has found it's way into the firmware of one of your pieces of hardware. Then you gotta start flashing firmwares or replace parts.

#EDIT

Hmm, well I guess I should read whole threads before answering such things since it seems the questions have already been answered. I was too lazy and didn't want to read all the replies so I just hit reply after that last post I read.

 

[tyttebøvs]

Answered already

No you did not. We were talking about "removing partitions" - and then you bring up those tools. Two very different things.

Another thing. If the virus is active in the MBR, rewriting of the boot strap code would be enough. Removing the partitions wouldn't be necessary.

 

[kimsland]

Removing the partitions wouldn't be necessary.

Unless you wanted to do a clean install
And by the way, when I stated "expanded my help" I meant that in addition to
ie The original part about me saying remove the Partitions only was obviously not fully correct. I agree.

 

[tyttebøvs]

This should no longer be a problem once EFI is adobted because drives won't have boot sectors

Can we agree that an OS loader is still required?

And that this is still possible:

EFI -> virus -> OS loader ?

 

[tlarkin]

Can we agree that an OS loader is still required?

And that this is still possible:

EFI -> virus -> OS loader ?

Well if you read through all the tech FAQs on EFI, it states that the tech is built to actually keep boot loaders on the firmware level on a hardware controller on the motherboard. So, sure if you can flash that you can have a boot virus, otherwise the drive itself just holds data and OS.

EFI is only used in a hand full of hardware out there and I don't really know enough about it to be honest. I have just read all of what it is capable of, and well you know, what it is capable of and what it can do is two different things.

 

[tyttebøvs]

You still need a software-based OS loader, which will be placed on the EFI system partition.

 

[tlarkin]

You still need a software-based OS loader, which will be placed on the EFI system partition.

True, but when you look at how the tech scales, eventually OSes will be embedded into firmware and hard drives will just be storage. At least, that is what they are saying.

The GUID partition map is used with EFI currently, here is some info on it.

http://en.wikipedia.org/wiki/GUID_Partition_Table

Here is the output of my partition lists from my Mac

larkin$ diskutil list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *232.9 Gi   disk0
   1:                        EFI                         200.0 Mi   disk0s1
   2:                  Apple_HFS OSX                     132.6 Gi   disk0s2
   3:                  Apple_HFS Data                    99.9 Gi    disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *499.9 Mi   disk1
   1:                  Apple_HFS Homer                   499.8 Mi   disk1s1
/dev/disk5
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *149.1 Gi   disk5
   1:                        EFI                         200.0 Mi   disk5s1
   2:                  Apple_HFS external                148.7 Gi   disk5s2
admins-imac:~ tlarkin$

As you can see all partitions have the EFI slice on them which is about 200megs in size. This is where the boot loaders and other firmware applications live on the drive. According to the tech specs I read a few years ago, the idea, is to load an entire OS into some sort of high end flash memory on a motherboard and just use HDs as storage, so at that point I guess everything will be loaded in firmware and boot times should be near instant if everything is done properly.

Of course, that is just the technology road map, and not yet real world applicable.

I agree though, currently you do still have something on your HD that loads the OS.

 

[tyttebøvs]

According to the tech specs I read a few years ago, the idea, is to load an entire OS into some sort of high end flash memory on a motherboard and just use HDs as storage, so at that point I guess everything will be loaded in firmware and boot times should be near instant if everything is done properly.

I don't think that has to do with EFI.

 

[tlarkin]

I don't think that has to do with EFI.

Yes it does because BIOS is very limited to 16bit applications and smaller file sizes where EFI can support 64bit programming/memory addressing. You can basically load a full blown application into EFI. Hardware can contain drivers in firmware, and so forth.

Since the old legacy BIOS is such a limited system it can not support such features. Extensible Firmware Interface allows for more robust applications or even say an OS to run out of firmware and it also allows for an OS to directly access firmware settings via the API.

Like I said, I am not a developer or hardware designer and have only read what it is "capable of" and currently the old legacy BIOS that runs on current x86 PC hardware is not capable of doing such things.

 

[Peter12]

You must be used Norton 360 the scan yours hard drive

 

[tyttebøvs]

Yes it does because BIOS is very limited to 16bit applications and smaller file sizes where EFI can support 64bit programming/memory addressing. You can basically load a full blown application into EFI. Hardware can contain drivers in firmware, and so forth.

Yes, you can use EFI to do stuff you cannot normally do. What I ment was, EFI is not specifically ment for putting an OS onto some flash media.

 

[tlarkin]

Sure but there is no specific application of EFI, it has a very broad use. I mean some of the applications are kind of endless.