Wiping your harddrive and reinstall of OS

[Dregg Heda]

I have another older computer infested with malware. How do I go about wiping harddrive completely clean and reinstalling the OS? Thanks!

[ThunderZ]

Some will say simply formatting the drive by booting from the OS disk will do the trick.

In cases such as yours I use this.

Create either the floppy or iso CD and boot the PC from them. Follow the on screen instructions. There are many other choices as well.

You will then need to format the disk to the file system of your choice, fat\fat32\NTFS with the OS disk when you do the install.

[Dregg Heda]

Thanks for the info ThunderZ!

[Searching_ _ _]

I suggest the UBCD that can dig a little deeper than just wiping. Sometimes wiping isn't enough. Unless you use HDDErase.
DBAN doesn't wipe hidden partitions, which some malware may create or attach to.

On the UBCD, Seatools 1.04 will tell you if the HDD has a physical size discrepancy, which will tell you if there is a hidden partition that a malware may have created. If so, then you can Reset Maxsize and rewipe.
HPA if it exists are usually in the hundreds of megs to gigs because they contain re-installation software. If the discrepancy is a few megs or less be suspicious.

Using Active @ Killdisk can reveal discrepancy if you have persistent unallocated space where the sizes differ from whole disk to unallocated.

Creating a hidden partition on the HDD would allow malware to remain and all your wiping would be for nothing.

[Mrkvonic]

Just plain simple format and you're good to go.
Cheers,
Mrk

[ThunderZ]

Quote:

Originally Posted by Searching_ _ _

DBAN doesn't wipe hidden partitions, which some malware may create or attach to.

News to me. The part about seeing\wiping hidden(?) partitions.

[mrfargoreed]

Quote:

Originally Posted by ThunderZ

News to me. The part about seeing\wiping hidden(?) partitions.

Same here. Whenever I've used DBAN it's blasted everything on my drive without any problems. In fact, whenever I've used a disk eraser to wipe my drive, I've often had problems, but whenever I've used DBAN my installations have been seamless. It's all I use to prepare my hard drive now.

[Searching_ _ _]

Quote:

Does DBAN wipe the Host Protected Area ("HPA")?

No.

http://www.dban.org/node/35

Quote:

Is it supposed to take that much time?

Yes.

There is no way to reduce wipe time and still fully wipe the media.

This statement is incorrect. It should say that with DBAN there is no way to reduce wipe time.
With drives produced in the last year or two HDDErase will wipe a supported drive at a rate of 100GB per second.
I just wish you could install windows this fast.

[ThunderZ]

Guess I have never run into a OEM PC with the BIOS locked HPA.

Have wiped many a PC (mostly Vista) with the "hidden" restore partition with no problems.

[Searching_ _ _]

Have you ever wiped a hard drive in 3 seconds?

[ThunderZ]

Quote:

Originally Posted by Searching_ _ _

Have you ever wiped a hard drive in 3 seconds?

If the question was directed at me, no. Not with Kill Disk or Dban.

[Kerodo]

Quote:

Originally Posted by Dregg Heda

I have another older computer infested with malware. How do I go about wiping harddrive completely clean and reinstalling the OS? Thanks!

Just put the OS CD in the drive, reboot off the CD, delete the partitions and start over again with a format and reinstall. That's all you really need.

[Searching_ _ _]

@Thunderz

How do you verify that a wiping program, whether DBAN, Killdisk, HDDErase, etc., has done a good job at erasing all partitions to its OOB sector size?

[Dregg Heda]

I dont think my comp comes with an HPA so DBAN should be enough to erase everything right?

Also Ive never done this before, so just to double check, I run DBAN or HDDErase or whatever and then once its done I plug in my recovery CD? What happens then? Will there be onscreen instructions for me to follow?

[ThunderZ]

Quote:

Originally Posted by Searching_ _ _

@Thunderz

How do you verify that a wiping program, whether DBAN, Killdisk, HDDErase, etc., has done a good job at erasing all partitions to its OOB sector size?

I do a bad thing. I "assume". Have no reason to believe otherwise and have never experienced or read anything to think otherwise.

[ThunderZ]

Quote:

Originally Posted by Dregg Heda

I dont think my comp comes with an HPA so DBAN should be enough to erase everything right?

Also Ive never done this before, so just to double check, I run DBAN or HDDErase or whatever and then once its done I plug in my recovery CD? What happens then? Will there be onscreen instructions for me to follow?

Have never used a restore disk only an OS disk.

Would think the procedure would be the same. Start the machine with the restore disk. It should prompt you to format the disk. Just follow the on screen prompts.

Have only ever had one shelf bought machine. Back then they came with an OS disk and additional software disks. No slip streamed disks.

Hopefully someone will verify this procedure.

[Dregg Heda]

Quote:

Originally Posted by Searching_ _ _

@Thunderz

How do you verify that a wiping program, whether DBAN, Killdisk, HDDErase, etc., has done a good job at erasing all partitions to its OOB sector size?

How does one go about ensuring that all the partitions have been erased?

[Searching_ _ _]

Quote:

Originally Posted by ThunderZ

I do a bad thing. I "assume".

Nothing wrong, sometimes I get involved while a quarter bubble off level.
My intentions were to be helpful, forgive me if I have offended or treated poorly.

Quote:

Originally Posted by Dregg Heda

How does one go about ensuring that all the partitions have been erased?

You must know your HDD maximum sector size. My max is 488,397,168.
That's 232.88GB of space.

1. A Hex Editor, run from a Live CD, like UBCD4Win.
This allows you to see while the HDD/OS is inactive.
For some reason, the original UBCD hex editors didn't work for me, reporting
the unallocated size not the max size, in sectors.
Hex editors include: HxD; Tiny Hex; WinHex...

2. Linux Live CD
Run a partitioning tool like gparted. You may have to mount the drive before the program can see sectors.
There are hex editors in linux also, but I'm limited in my knowledge of linux.

3. Original UBCD

Seatools 1.04
This will tell you if your HDD is reporting a size other than your max sectors. It will allow you to reset to maximum.

Killdisk
After wiping with your favorite program, use Killdisk to see what it says.
If it shows unallocated space still exists then your favorite program wasn't successful.

I don't always have the ability to run my wiping program of choice.
I learned these methods to verify if a wipe program was doing it's job.


Recovery disks are pretty intuitive, telling you what and when to do something.

[ThunderZ]

Quote:

Originally Posted by Searching_ _ _

Nothing wrong, sometimes I get involved while a quarter bubble off level.
My intentions were to be helpful, forgive me if I have offended or treated poorly.

No offense taken.

Always willing to learn new ideas and methods. New to me anyways......

[EASTER]

I use HDDErase then wipe again with either the HD's zero fill utility on top of that for good measure, then on a new XP install the installer flies and is completed in no time flat where i used to have to sit with a pot of coffee which seemed too long.

Wiping a HD fully really makes a difference all the way around.

[Searching_ _ _]

Quote:

Originally Posted by EASTER

I use HDDErase then wipe again with either the HD's zero fill utility on top of that for good measure, then on a new XP install the installer flies and is completed in no time flat where i used to have to sit with a pot of coffee which seemed too long.

Wiping a HD fully really makes a difference all the way around.

The secondary wipe with zeros after a Secure Erase session is unnecessary.

Quote:

NIST Special report 800-88 single pass processes such as is initiated by Secure Erase technology is an acceptable form of purge level sanitization… However, software based overwrite will NOT effectively CLEAR all recoverable data from the media surface. Referencing the NIST 800-88, you will note that software and externally initiated overwrite processes are classified as CLEAR level processes. Rather, they are susceptible to data recovery using keyboard level recovery efforts. Processes such as Degaussing and Secure Erase are classified as Purge level processes where they are not susceptible to laboratory level recovery efforts.

HDDErase is all that is needed. HDDErase accesses the Secure Erase function.

Unless of course you enjoy your coffee time.

[Franklin]

GParted live cd and delete the partition first then format/recreate as needed.

[TheKid7]

You could use CopyWipe (freeware) to make sure that the hard drive is wiped. It has nine (9) choices, the last of which is the "enhanced secure erase feature" which is built into newer hard drives. I have only used CopyWipe once (from bootable CD) to write all zeros to a 120 GB SATA1 hard drive (The process took around 2 hours).

CopyWipe:

http://www.terabyteunlimited.com/copywipe.php

User Manual (A table of the choices is on Page 20.):

http://www.terabyteunlimited.com/downloads/copywipe.pdf

Once I started to use DBAN (Darik's Boot-n-Nuke) on a hard drive and aborted when I saw how long it would take. Then I tried to install Windows XP Home but it would not recognize the hard drive. I wound up using FDISK to partition the hard drive. After that Windows XP Home recognized the hard drive so that I could do the install. If I came up with a problem like that again, I would probably use GParted (Puppy Linux Live CD) to do the partitioning and formatting.

[EASTER]

Quote:

Originally Posted by Searching_ _ _

The secondary wipe with zeros after a Secure Erase session is unnecessary.



HDDErase is all that is needed. HDDErase accesses the Secure Erase function.

Unless of course you enjoy your coffee time.

Possibly.

But for some it's like throwing out the garabage and then the truck finishes it up by carrying it off.

I agree HDDErase uses a solid dependable built in technique for the most part but remember any software can spit or burp and skip something.

That second wipe is dutyful for insurance against software/hardware interruptions at any point or position in time from the first one.

EASTER

[Fly]

(Assuming there is only one harddrive): Isn't it just enough to boot with the Windows XP CD, reformat and then reinstall everything again ? Wouldn't Windows also detect and subsequently reformat any hidden partitions ? And if if wouldn't detect a hidden partition, then how could malware reinfect the rest of your harddrive from that partition, since Windows couldn't even detect it ?