Page 4 of 5

BIOS viruses (that are

Posted: Thu Dec 16, 2010 2:51 pm
by giedrius
BIOS viruses (that are really uncommon) would survive that. Other types of viruses WOULD not survive format and mbr reset with fdisk.
So DBAN is (likely) unnecessary for malware removal, useful for evidence removal.

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html


There is no question that

Posted: Thu Dec 16, 2010 2:52 pm
by giedrius
There is no question that boot viruses should be removed using automatic tools.
What browser are you using? I'll check that today/tomorrow.

Browser

Posted: Thu Dec 16, 2010 3:15 pm
by charrox
I use Google chrome

BIOS infection

Posted: Thu Dec 16, 2010 6:08 pm
by The Shadow
The very first sentence of the article you have provided admits that it is sometimes necessary to wipe a hard drive and re-install the operating system:

"In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection."

However, you still have not addressed the original contention that DBAN could possibly fail to remove all of the data from a hard drive. But let's set that aside for the moment.

I'm intrigued by the notion of a virus flashing the BIOS of a computer and infecting the most basic of the computer's firmware with malicious code. Do you have instructions on either of your Web sites for the removal of a BIOS infection?

Such information would be truly invaluable.

They are not widespread at

Posted: Thu Dec 16, 2010 6:45 pm
by giedrius
They are not widespread at the moment, thus no, we have not that information. They haven't gained much popularity and I put them as theoretical example.
However, similar, and more common issue are infections of the routers instead of PC :
http://digital-rag.com/article.php/LinksysDlinkFirewallRouterAttacks
We cover that in our guide on solving Redirections due to malicious settings here: http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
As routers serve as DNS proxy servers on most common setup, this affects more PCs and can not be fixed by formating.
Though setting simple safe DNS servers (like google ones) fixes that problem.

Ubuntu LiveCD

Posted: Thu Dec 16, 2010 7:54 pm
by Guest
@ giedrius,

Do you recommend to recover that data with a Ubuntu LiveCD, then scan that data for the presence of the virus, and if clean or removable, then use it as "backup" and THEN reformat and clean install?

That might be an option for

Posted: Thu Dec 16, 2010 8:18 pm
by giedrius
That might be an option for more advanced users than average.
If one can boot from Linux CD, one can use various CD scanners made by antivirus vendors. I believe almost any of them offer such option.

Been awhile

Posted: Thu Dec 16, 2010 11:00 pm
by Guest
@ giedrius,

That might be an option for more advanced users than average."
It's been a while since I looked at your site . . . so you don't give instructions on how to do this?

If not (because you think this is for advanced users), how are the instructions for this any more difficult to follow than instructions for manual removal?

A BIOS Solution

Posted: Fri Dec 17, 2010 3:08 am
by The Shadow
"Other types of viruses WOULD not survive format and mbr reset with fdisk.

I guess in a round-about way, you have answered my question.

The solution to a BIOS infection, according the majority consensus on the Internet, is the same as the DBAN solution. Flash the BIOS. Users will have to check with their motherboard or computer manufacturer for instructions and software. It would, therefore, not be in your best interest to attempt to included detailed instructions on your Web sites.

But all of this is purely academic.

If a user would come with a

Posted: Fri Dec 17, 2010 7:01 am
by giedrius
If a user would come with a problem related to BIOS infection, that is what I would suggest. Or bring it to a person that CAN safely flash the BIOS.
There are still TONS of guides I have to write, I agree on that :)