Are there Viruses like this?

I had instaled Avast home on desktop of one of my friends. One day he told me that while her daughter was searching on internet( may be music), she got some pop up alerts for a virus/ malware. He is not sure what his daughter replied to the popup. Anyway apparently the malware was able to run, the computer was shut down by her daughter/ or by the malware and after that she was never able to restart it again.

He took PC to a geeky friend who told him that all the HD is wiped away, even no data to recover by simple means. He had to format and reinstall OS.
My Q is that is there such a malware that just wipes away the HD. I know of KillDisk but even it just corrupts the partition table, u can get ur data if u boot from a CD etc.

Any ideas/ experience aout such a malware?

Thanks

 

Hello aigle,

Please see the following links.

http://www.grc.com/cih.htm
http://www.infectionvectors.com/hotzone/brick.htm
http://www.securityfocus.com/news/11374

I acknowledge that the above links are rather old and may or may not be relevent, but at least they give you an idea of what is out there. If I am not mistaken, I could have sworn that sometime this year there was a report of a virus or piece of malware that could erase parts of one's hard drive. I just can't recall where I read about it.

Hope this helps.


Peace & Love,

CogitoErgoSum

 

Hi, thanks. Very interesting read! I thought KillDisk is nastiest but seems Chernobyl is the most nasty one.
I am not sure how can I get samples for these( Chernobyl, W32.Mypics.Worm and W32.Blackmal.E@mm).

 

Maybe it's not-a-virus:RiskTool.Win32.Aefdisk32.11.

http://www.castlecops.com/t192727-New_Virus_Instantly_Blows_Away_All_Partitions_With_One_Click.html

thanatos

 

That seems a nasty one too. Thanks for the link.

 

You're welcome.

 

This may not relate to the situation of your friend. An online chatter that I know had her hard drive "wiped out" when she somehow got an infected email that harbored a hidden DOS command of "FORMAT C:\" which cleaned out the hard drive and she could not reboot it. She had to go to a library PC to inform me on what happened. She didn't realize of what was occurring until it was too late. I told her that if the malware executed that DOS command and it was not stopped immediately from running, then her drive was cleaned out. I never heard from her again.

 

Well, a HIPS should be able to stop this RiskTool.Win32.Aefdisk malware, that´s why parent-child process execution and low level disk control is so important. And it´s also a good idea to prevent certain file types (like .bat for example) from running, something you can do via software restriction policies in XP Pro. IMO HIPS should also offer this feature.

 

I think it's safe to assume that a virus or malware can do just about *anything* given half a chance... So wiping most of a HD clean is no great surprise...

 

Malware can do pretty much anything that a user can, and probably more. However, while it may have deleted your data (and you have to ask yourself why it would do that - much of today's malware is designed to make money), it is probably possible to recover your files using one of many data recovery tools available.

It is unlikely that the malware formatted your drive and then overwrote the data with garbage. It is, of course, possible, but I would try something like winhex to get your most important files back...

 

Here is another link regarding destructive viruses.

http://www.techweb.com/showArticle.jhtml?articleID=160200005


Peace & Love,

CogitoErgoSum

 

thanks

 

Hello aigle,

You are very welcome.


Peace & Love,

CogitoErgoSum