So killdisk virus will kill FDISR and make disk unrecoverable?

Was reading somewhere that FDISR is vulnerable to the killdisk virus? So even if we hava an offline archive it won't help? What do you do to protect from killdisk then, just shadowprotect image?

 

Yes FDISR itself is very vulnerable for killdisk virus.
Even the Recovery CD of an Image Backup software can't be used.
You first have to zero your harddisk and then you can use a Recovery CD to restore an image from your external harddisk.

Sandboxie was able to stop killdisk.
I don't know what kind of file killdisk is, if it is an executable, Anti-Executable will stop it as an unauthorized executable on my computer.

I consider killdisk as peanuts. Not a problem.

 

I'd like to run killdisk virus against powershadow to see what happens. However I'll leave that up to someone else that has vmware and can do the test inside a vm.

 

Theres a lot of stir lately due to KillDisk virus tests that mention zeroing the disk. Can someone please post an example link to the program or programs that safely & completely zero the drive? I assume it must be run from a DVD/CD or even floppy, thanks.

 

Peter uses DiskPart. I think it's also on a CD, because Peter's disk was heavily corrupted by killdisk. Even his Recovery CD of ShadowProtect didn't work.

I use a tool from Western Digital, which can only be used on these harddisks :
WD Raptor WD740GD HDD 74gb 10000rpm SATA 8mb Cache 4.5ms.
I downloaded an iso-file and burned it on a CD.
It zeroes my harddisk in 20 minutes, after that it's like a new harddisk.

If I was you I would go to the manufacturer's website of your harddisk(s) and see if it provides tools to do things to your harddisk. If not, you have to use a general tool to zero your harddisk.

 

WoW. That's rough indeed. Scary thought.

Thanks, i'll do that. I think i even have DiskPart somewhere here in this stack of HD's, it's just a matter of digging it out.

 

Yes indeed scary, I couldn't even believe it, you don't expect this at all.
After zeroing his harddisk, Peter's Recovery CD worked again and he could restore an image from his external harddisk.

I prefer to zero my harddisk after each malware attack because you never know for sure, if there are any leftovers on your harddisk.

 

I've used Darik's boot and nuke that completely nukes your hard drive with anything you want, zeros' or random data. I think you can make it from Eraser ver 5.82 as well.

This is a huge list of disk zeroing utilities.


http://dban.sourceforge.net/

 

Thanks Horus37

I didn't know that Darik's was the same as say a DiskPart in it's zeroing function, and since i been using Eraser since it's inception i have their Nuker too. I'll just use that.

Regards EASTER

 

Just in case, the Seagate Diagnostic program available from their website will zero any drive apparently. Not just their own drives.
This Killdisk sounds terrible!!

 

I doubt it can take down powershadow. Kill disk can't take down some sandbox type applications and I'm assuming that since this powershadow runs virtualized I'd lean towards 51% that it will survive an assault.

Here is a link to powershadow for a free 30 day trial.

http://powershadowsecurity.com/default.aspx

Just download the 2.6 version that only runs on XP NOT vista. It is fully in english so you don't have to worry about chinese.

When you initially run it it will install a preboot like FDISR does. The very first time you see this preboot screen you have to select the normal UNSHADOWED seletion to go into first so it installs correctly the first time. After that, the next time you boot and see the preboot screen you can pick the single shadow mode first. Then have at it. Even if it locks up the computer or BSOD's the computer the computer will still be protected by powershadow. I don't know if it works on raid 0 though.

Sounds like a good test for Easter to try. He's more familiar with it. Why don't you sent him the kill disk virus and see. Either way I'd be surprised if it can take down powershadow.

 

I only have to know if killdisk virus is an executable or NOT.
If it is an executable, Anti-Executable will stop it and AE is on my computer.
If AE isn't able to stop it. No problem. ShadowProtect will solve it after zeroing my harddisk. I'm getting tired of repeating myself.

Peter has experience with the killdisk virus.

 

OK. It doesn't really matter. I will kill it anyway. Thanks for the info.
It's a pity that killdisk doesn't zero my harddisk.

 

Just a quick question about killdisk. Shouldnt most AV´s detect it nowadays?

 

Easter has thrown some nasty stuff at it too and it didn't do anything to powershadow either. I've landed on some bad websites that planted a few viruses on me and when I logged out of powershadow it erased it like coming out of a sandbox on reboot, nothing. It erases Before shutdown unlike a frozen snapshot that does it after a reboot. Not bad for powershadow being it's free. I'm a bit surprised though that killdisk didn't at least lock it up or BSOD the puter. Feel a little better now. All this talk of boot sector viruses and kill disk and cmos chip virus and bios viruses makes one a bit on edge.

How do you know it executed correctly and fully implanted into the system with a full killdisk load? Since powershadow is only a virtualizer and not a denier of running services or executables I'm wondering what happens when killdisk unleashes on an unprotected computer? Does it need a reboot to do it's thing?

 

Peter2150 how did you managed to get Killdisk ? was it as part of your testing or
did it happen naturally ?

 

Looks like yet another WINNER! Go Power Shadow!!!

I suspected it would pass also but don't have the KillDisk trojan to test it on. BTW, i have a test box with XP Pro plus VMware so i would take steps accordingly. In case anyone hasn't experienced it or even run into it, i turned loose a pretty good disaster virus named HardDrive Killer which i would almost bet KillDisk is patterned after. It sunk my laptop at a time when i was still rather green in this area. Time & testing makes for great experience and precaution. LoL

 

As long I can fix it with FDISR and Image Backup, I'm not scared of any infection.
I'm only afraid of hardware infections, because I can't handle them and there isn't much info about them either.
The rest is peanuts as long you keep your archives/images up-to-date.

 

That is oh so true Erik and is the KEY to it all.

I keep my archives completely up-to-date but i'm ATM limited to a single Image backup right now. That will change soon. I envision storing at least 3 FULL BACKUP IMAGES on 3 separate external media (METAL), to have at disposal, to turn to in the event of any major disaster.
I'm waiting only another day or so (the 10th) to pick up another Hard Drive 60GB to run a test restore on because i don't dare chance an upset to my current structure that FD-ISR has so masterfully made possible.