No more FDISR as we know it? Im confused.

I don't see the killdisk as a threat anymore and I'm ready for this destructive attack and any other destructive attack.
I restore my clean system partition back in 10 minuts in case that happens. If I want to zero my harddisk completely, it will take another 20m extra. So killdisk = peanuts.
The only thing that still scares me are HARDWARE VIRUSES, which are also rare and more ghost stories, than real proof, but I assume they do exist.

 

Rustock.C isn't destructive like KillDisk. Rustock is a family of clever backdoors/spambots.
KillDisk does low-level disk access to the sectors occupied by the MBR/PBR and writes garbage in them.
It's said that Rustock does direct access to disk aswell. Suppose that it writes its code in the last sector of the hard disk. The filesystem reports this sector as free space, so FD-ISR won't see that there's real data on it and it won't copy/update from Freeze Storage to Frozen Snapshot in that sector (because there's no discrepancy between them). Pure theory, but it might be possible.

There's no such thing as hardware viruses. Viruses are code and code needs to be stored. The lowest level of code is firmware and other microcodes.

 

OK Lucas thanks for the info.
I never considered FDISR as the perfect tool and I mentioned this more than once at Wilders, but FDISR will do its job in most situations, not in exceptional situations like you mentioned. That's why I have also a solution for these situations and hopefully I will never get in a situation, I can't really handle myself.
In my newbie time, I wasn't aware of any "danger" and visited every website and downloaded everything without any restriction. My computer was heavily infected in those days, but I always could re-install my computer from scratch without troubles, which I've done often in that period.
I'm well covered now and it will be a matter of very bad luck, when I get in a situation, I can't handle.
So I take my chances with my simple approach. The only thing I still can do is installing some additional security softwares to stop the installation/execution of malware, but I have to find and understand them first, which is often a problem for a newbie (internet/malware) like me.
If I would have a better technical knowledge, I would have done alot better.
I don't work in the anti-malware industry, I work in the transport sector and mainly on mainframes, not PC's and our computer department consider PC's more as toys than computers.

 

Yes, BIOS rootkits etc etc!

 

Yes, the described situation is really exceptional and only in the theorical domain with very basic analysis.

I never managed to get infected, even doing risky browsing. It's my very skeptical nature (and a healthy dosis of common sense) who probably saved me from free screensavers, $1,000,000 prizes and the like. Reading about security only augmented that skepticism, extending it to executable attachments, warez sites, spoofed extensions, suspect ads and such.

Certainly you're very well covered. I have a similar disaster recovery setup, except for the boot-to-restore part.

Again, I'll suggest you this excellent article in Castlecops' Wiki. Once you understand the key concepts displayed there, you'll see that your choices of security software and your use of common sense will offer almost all the protection you will ever need.

I'm a student and part-time worker. The PC and related items are only a (nice) hobby. I'm no malware analyst, so I know that someday I'll make the wrong decision and/or I'll be byppased by a clever (targeted?) 0-day.
Obviously, this doesn't worry me and I also know that my files will be back in clean state and the system will be rebuilt in little time.

 

BIOS is a kind of firmware:

 

I wrote YES!

 

D'oh, I thought you were accepting the existence of hardware viruses. Language barriers at work

 

Many thanks for the link, I will read it for sure and get smarter.

 

Interesting theory, but just how possible is it?
Why is that sector of the disk empty, one presumes it is empty for a reason. The malware does not write itself to the disk, but rather convnces the system to write it to the disk, therefore if the system writes it to the disk in this location, why would it consider this sector to be empty?
Sorry I'm no computer expert either, a lot of this sort of discussion goes over my head, to me something is empty.....or it's not.

 

If system writes whatever to disk it keeps timestamp and attributes of that specific file so FDISR should be aware of this.

 

Oke ,You can put quite some mal. stuff in there[sector],hope that your security can kill this at moment of excecution.

 

The question for me is : can I get rid of Rustock, the same way like I do with Killdisk :
zero my harddisk + restore an image of system partition ?

It doesn't really matter to me, where Rustock and Killdisk are writing their stuff.
When I zero my harddisk, everything is replaced with zeroes from the first byte to the last byte.
After that my harddisk is like a new harddisk, that's what Western Digital is telling me.
It is not difficult to zero my harddisk, it works the same way like my SP Recovery CD.

I'm not afraid of losing my system partition, I'm afraid of not being able to fix it at all.
I can zero my harddisk in two different ways with a double set of CD's.
I can restore my system partition in 4 different ways, the only difference is the time it takes.
Even when my external harddisk fails, I still have a double set of DVD's to get my clean images back.

Once you know how to solve a problem, it's not a problem anymore.

 

Yes, the zero tool (and DBAN) talks directly to the disk controller. Please remember, that there's no evidence of the existence of Rustock.C. At the moment, the most advanced malware are Rustock.B (whitepaper) and Trojan.Srizbi

 

OK. Thanks. That's a comfort. I also have DBAN as second zero method, but I prefer WD Zero Tool, which is provided by the manufacturer himself. I might have a third zero tool, but I still have to explore SeaTools, which I might use to zero my external Seagate Harddisk, just in case.

Yes, those two malware look very advanced, but they do make "changes", which can be detected by FDISR. Maybe not all of them, but it might be just enough to cripple these malware or disable them completely.
Those two are also smarter than Killdisk, they keep your computer alive and don't kill the goose with the golden eggs and that's what I always would do as a malware-writer, if I was one.

 

Most of todays malware is profit-driven. Still, there are some "old school" malware (file infectors) which are really annoying, hard to remove (with scanners) and might infect data. Virut is one of these file infectors.

 

File infectors are useless against FD-ISR. It is nothing short of a MIRACLE as it recovers ALL your data/settings completely & 100% Intact again thanks to LEAPFROG!!!
Although NOD32 was able to recover at least 2 snapshots by cleaning ,my entire compliment of archives & snapshots were rendered totally destroyed.
This is why i harp so loudly a lot over saving FD archives to an alternative disk then putting it away for just these type occurances. Even a novice with FD-ISR would have been left groping in total frustration over this kind of complete disruption, but with FD-ISR's archives you are SAVED by the bell (Leapfrog!)

I proceeded one by one to DELETE then WIPE each partition (3) thoroughly then reinstall XP to defaults, then reinstall FD-ISR, and there my friends is your system's Super-Magician
Connect up the archive HD and return those saved archives right straight back to true form again as snapshots, just as you left them before interruption.

There is absolutely not one other app that comes near to this PERFECT recovery short of an imaging app, which i didn't even need to turn to for help. FD-ISR does it all and totally recovered everything just as it was.

 

It's unbelievable that some users are complaining about FDISR, regarding its speed/space and don't see the many other advantages of FDISR with regard to other ISR-softwares that offer much less and don't use FDISR for that reason.

 

Theres another vital advantage in that not once has FD-ISR ever induced a BSOD, not once The same cannot be said for the likes of the other ISR apps, i've read their complaints, and also read complaints where ALL their so-called snapshots were dumped when the program malfunctioned for whatever reason. I won't mention them for sake of inciting jealously which also almost always leads to flames and poor excuses.

FD-ISR is one of those ISR's that defies the odds time & time again, and will continue to, that is the earlier Leapfrog/Raxco versions. I can only imagine what it must be like to read all the successful rescue/restore stories on FD-ISR but be helpless now to obtain any of these former releases.

Erik's boot-to-restore FREEZE process is one of the most interesting of all. In that way he is mutually assured a safe return home each and every trip made in that snapshot.

 

BSOD ? with windows XP ? god that brings back memories

 

I've never seen a BSOD with Windows XP. Plenty with Windows 95 and some with Windows 98, but not any with XP.

 

Well too bad that Joanna has being talking about "stealth by design" malware for almost a year now.

They are non-persistant malware that leaves no harddisk traces .

 

So when I zero my harddisk, the malware of Joanna is still there or what ?

 

just looked her up on google and get the impression she is talking about servers
reinfecting at reboot i.e with a work station all bets are off ?