Please review my site : 2-viruses.com

giedrius
Сообщения: 1310
Зарегистрирован: Вт июл 20, 2010 3:34 pm

BIOS viruses (that are

Сообщение giedrius » Чт дек 16, 2010 2:51 pm

BIOS viruses (that are really uncommon) would survive that. Other types of viruses WOULD not survive format and mbr reset with fdisk.
So DBAN is (likely) unnecessary for malware removal, useful for evidence removal.

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html


giedrius
Сообщения: 1310
Зарегистрирован: Вт июл 20, 2010 3:34 pm

There is no question that

Сообщение giedrius » Чт дек 16, 2010 2:52 pm

There is no question that boot viruses should be removed using automatic tools.
What browser are you using? I'll check that today/tomorrow.

charrox
Сообщения: 507
Зарегистрирован: Вт ноя 30, 2010 12:05 pm

Browser

Сообщение charrox » Чт дек 16, 2010 3:15 pm

I use Google chrome

The Shadow
Сообщения: 492
Зарегистрирован: Пт фев 26, 2010 1:27 pm

BIOS infection

Сообщение The Shadow » Чт дек 16, 2010 6:08 pm

The very first sentence of the article you have provided admits that it is sometimes necessary to wipe a hard drive and re-install the operating system:

"In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection."

However, you still have not addressed the original contention that DBAN could possibly fail to remove all of the data from a hard drive. But let's set that aside for the moment.

I'm intrigued by the notion of a virus flashing the BIOS of a computer and infecting the most basic of the computer's firmware with malicious code. Do you have instructions on either of your Web sites for the removal of a BIOS infection?

Such information would be truly invaluable.

giedrius
Сообщения: 1310
Зарегистрирован: Вт июл 20, 2010 3:34 pm

They are not widespread at

Сообщение giedrius » Чт дек 16, 2010 6:45 pm

They are not widespread at the moment, thus no, we have not that information. They haven't gained much popularity and I put them as theoretical example.
However, similar, and more common issue are infections of the routers instead of PC :
http://digital-rag.com/article.php/LinksysDlinkFirewallRouterAttacks
We cover that in our guide on solving Redirections due to malicious settings here: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
As routers serve as DNS proxy servers on most common setup, this affects more PCs and can not be fixed by formating.
Though setting simple safe DNS servers (like google ones) fixes that problem.

Guest

Ubuntu LiveCD

Сообщение Guest » Чт дек 16, 2010 7:54 pm

@ giedrius,

Do you recommend to recover that data with a Ubuntu LiveCD, then scan that data for the presence of the virus, and if clean or removable, then use it as "backup" and THEN reformat and clean install?

giedrius
Сообщения: 1310
Зарегистрирован: Вт июл 20, 2010 3:34 pm

That might be an option for

Сообщение giedrius » Чт дек 16, 2010 8:18 pm

That might be an option for more advanced users than average.
If one can boot from Linux CD, one can use various CD scanners made by antivirus vendors. I believe almost any of them offer such option.

Guest

Been awhile

Сообщение Guest » Чт дек 16, 2010 11:00 pm

@ giedrius,

That might be an option for more advanced users than average."
It's been a while since I looked at your site . . . so you don't give instructions on how to do this?

If not (because you think this is for advanced users), how are the instructions for this any more difficult to follow than instructions for manual removal?

The Shadow
Сообщения: 492
Зарегистрирован: Пт фев 26, 2010 1:27 pm

A BIOS Solution

Сообщение The Shadow » Пт дек 17, 2010 3:08 am

"Other types of viruses WOULD not survive format and mbr reset with fdisk.

I guess in a round-about way, you have answered my question.

The solution to a BIOS infection, according the majority consensus on the Internet, is the same as the DBAN solution. Flash the BIOS. Users will have to check with their motherboard or computer manufacturer for instructions and software. It would, therefore, not be in your best interest to attempt to included detailed instructions on your Web sites.

But all of this is purely academic.

giedrius
Сообщения: 1310
Зарегистрирован: Вт июл 20, 2010 3:34 pm

If a user would come with a

Сообщение giedrius » Пт дек 17, 2010 7:01 am

If a user would come with a problem related to BIOS infection, that is what I would suggest. Or bring it to a person that CAN safely flash the BIOS.
There are still TONS of guides I have to write, I agree on that :)

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 4 гостя