Sandboxie v2.86

Maybe this is normal to you. I don't accept this. Period. Hopefully member "grnxnm" can explain this to me how that is possible. This is not normal.
A Recovery CD has to write any image over a harddisk, no matter what happened to that harddisk. That is its job.
Only a physical damage is an acceptable reason and that didn't happen.

 

What does it mean? To ZERO the HD?

 

Very well said Bob!
Sandboxes keep u trouble free.

 

For me it means that the whole harddisk is overwritten with "0" from the first possible byte to the very last possible byte of the harddisk. In other words you have a NEW harddisk with nothing than zeroes instead of data.
I zero my harddisk for only one reason : to remove any trace of infections.
This is done by a special program of course, provided by Western Digital. It takes 20 minutes to zero my harddisk of 74gb

I zero my harddisk always when I install manually from scratch or when I restore a CLEAN image, which was created during an off-line installation.
I don't zero my harddisk, when I restore an image that has been on-line. I consider on-line images as possible infected, which doesn't necessarily mean that these images are really infected.

 

How does it differ from a format?
I zero my harddisk for only one reason : to remove any trace of infections.
I zero my harddisk always when I install manually from scratch or when I restore a CLEAN image\[/QUOTE]It,s ur choice but i am sure it is useless due to two reasons:

1- No malware will survive image restore/ format. So u might be just torturing ur HD or urself.
2- When u restore an image, u restore every thing, incluging ur file system etc, so no use of zero/ formatting HD before image restore?

I am not an aexpert. Correct me i I am wrong.

 

I'm not an expert either, I consider myself as a newbie+.
Did you never read about the erase methods in clean programs, these programs overwrite your free space 7 times or more to be sure it's clean ?
I'm not that crazy, but I like my disk zeroed before I reinstall it.

The popular CCleaner allows you to overwrite a free space 7 times. There must be a reason for this type of erasure.

 

Eric! that is done for privacy reasons not to delete malware.
I really surprize when people use such Erasers just to delete the software/ malware etc? Very strange indeed.

 

Ask the experts, not me, but they are never there when you need them.
Keep in mind that Peter wasn't even able to restore his image after a killdisk attack without having a zero program.

 

That is still debatable. Let him answer my Qs I posted above for him.
BTW, now u giving a logic that does not fit in ur scenario at all!

 

Never saw any expert etc advising to use Erase methods for uninstalling software/ deleting malware.
For privacy it,s OK. But i never mind that too. There is nothing so secret on my PC and I don,t think some one spying on me.

 

This problem doesn't interest me.
I'm more concerned why a recovery cd couldn't restore an image after a killdisk attack.

 

Let,s wait for Peter. What he has more to say!

 

I don't agree with Peter, I'm waiting for an answer of grnxnmn, who is the right person to ask and if he doesn't know, he knows people who can give him an answer.

 

I was referring to my Qs.

 

Bob D :

Exactly Bob D!
A whole better experience in browsing relaxing those permissions and a feeling of calm on the whole. Also no lose in usability, there is no trade-off in usability like in some programs and settings, (look at hardening, Vista and UAC.) Sandboxie is one of those nice programs that does not sacrifice user experience. You have still gotta be careful as to something like phishing scams but SB isnt a cure all.

 

Sorry for straying from the topic, but since zeroing the HD has been brought up, welcome to the world of forensics.

Keep in mind this link is almost two years old, but please pay particular attention to MattyMoose's and perfectcoding's posts:

http://www.webmasterworld.com/forum105/227.htm

 

Paragon Disk Manager maybe. It can image/restore and partition. So maybe.
(Yes, i realize Acronis has programs for that too)

 

Wow, interesting issue. If I understand this correctly, killdisk is screwing up the partition table such that it causes problems with imaging tools. Most image tools when they replace the MBR do not touch the partition table portion of the MBR but rather only the code portion. They leave the partition table portion up to partitioning tools.

This issue should be resolvable with the current version of the ShadowProtect Recovery Environment using the following technique:

1) boot the recovery environment on the killdisk-affected system
2) within the recovery environment, run the Tools | Partition Table Editor and zero out ALL of the partition table entries and save this change - WARNING - ONLY DO THIS IF YOU ARE WILLING TO LOSE ALL INFORMATION ON THAT PHYSICAL HARD DISK - I AM ONLY PROVIDING THESE INSTRUCTIONS UNDER THE ASSUMPTION THAT YOU HAVE BACKUP IMAGES OF YOUR VOLUMES
3) back in the recovery environment GUI, refresh
4) restore your backup images - when you restore you'll see that the disk is now blank/empty (has no partitions) and you'll be creating new partitions as you restore volumes to that disk.

If these steps don't work, then it's possible that you may need to reboot (and boot back into the recovery enviornment) on step 3, and then proceed to step 4.

A note on diskpart.exe - this is Microsoft's text-mode partitioning tool. It can be used to create/delete basics and dynamic volumes on MBR and GPT disks. It is not a disk-zeroing/wiping app. If you use diskpart.exe to delete all partitions on a particular disk then you are zeroing out the partition table portion of the MBR sector, but not zeroing out the disk itself.

 

That I can understand. I didn't expect that this problem was easy to fix.
Nevertheless, it's a challenge to fix it, especially when it has never been done before.
I also have lots of problems at work, that need to be fixed and seem to be impossible at first sight.
Looking at a problem from different angles often solves the problem. I always separate problems from one another, when they have nothing to do with eachother. I always split big problems in smaller problems, which are easier to fix. Etc. etc. etc. I do this all the time at work.
Of course at work, I know what I'm talking about. At Wilders I'm not so sure, my knowledge of Windows, Internet, Malware is rather poor, it only gets better every day, but rather slow.

I have no problem with time. I would have a problem, if it was completely ignored by StorageCraft.
As long it is on the list of things to do, I'm satisfied, even when it takes 10 years to fix it.
I'm not an animal, although I might sound like an animal sometimes. Diplomacy was never my strength and I can't talk in English, like I do in Dutch.
If you can tell people, that ShadowProtect even restores your system after a killdisk attack or any other destructive malware attack, you give them another good reason to buy ShadowProtect.

LOL. I already ditched ATI in my mind. I still use it, because I'm waiting for ShadowProtect Desktop v3.0.
My experience with ATI is that it doesn't listen to users. So when I talk about this at the Acronis Forums, I'm talking to a wall, they will thank me for choosing Acronis True Image and that's it.
I read the posts at their forums, I read the wish-list, I see the results and I'm not satisfied.
So why would I spend my time on ATI ? I prefer to spend my time on the very best.