What Malware Requires Formatting Your Hard Drive

Discussion in 'malware problems & news' started by Brandonn2010, Jan 15, 2012.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    For my computer security website, I want to include a section that tells what infections you should format your hard drive for if your computer is infected by them.

    Right now I know Virut, Vitro, Sality, and Ramnit are some. Are there any others?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I've removed Virut without a reformat. Pretty much no malware requires a reformat - very very little will ever require it. Some might necessitate a bootCD but usually if you can boot up you can remove it.

    The only ones that force a reformat are the ones that install, screw up (not on purpose), and do serious damage.
     
  3. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Really? I heard you should format because:

    1. Infected files, even if cleaned are usually damaged from poor coding of the virus.

    2. A backdoor is opened on your computer so you can never really trust your PC again.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    there is certainly malware that merits reformat as cure
    computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Microsoft never actually said to reformat, the article got it wrong iirc. You just need to do a fixmbr or have an AV remove it.

    I got Virut and Vundo mixed up.

    Anyways, anything a Virus can do can almost always be undone. Opens a backdoor? It can be closed. Patches files? You can clean them.

    I've never seen a virus that couldn't be removed given the right amount of time/ motivation. Maybe an AV won't be able to do it (no definitions for it yet) but I've removed plenty of malware manually.
     
  6. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Couldn't it just be fixed with fixmbr? Like TDSS?
     
  7. guest

    guest Guest

    if i find ANY malware i all-ways reformat or reimage
    no trying to fix it
    error on the safe side
     
  8. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Yes, so as far as OP's question regarding "a section that tells what infections you should format your hard drive for if your computer is infected by them," I think there is no hard and fast answer. "Should" is the operative word here.

    Whether the response to a given infection should include reformatting your hard drive is more of a value judgment than anything. Maybe an infection can or can't be repaired to your satisfaction with currently available tools but the value of trying to do so rather than reformat, or not, can only be judged by the affected user/owner of the system.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very sensible approach!

    Google doodle takes you to scareware sites
    12 May 2011, 17:08
    http://www.h-online.com/security/news/item/Google-doodle-takes-you-to-scareware-sites-1242208.html
    ----
    rich
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    @Rmus I agree with that article and that is only one infection and it changed so many things and the only way is to reinstall Windows! And most Malware Hunters (Cleaners) will recommend that it is free of malware but to fully trust the system reinstall Windows is the only way unless you have a Clean Image!

    TH
     
  11. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Just keep a "clean" Image in a safe place and you do not need to be concerned with formatting.
     
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    +1 :thumb:
     
  13. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    Reimage or reinstall. Safety and stability first.
     
  14. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Win7 Antispyware 2012 that does the same, to anyone interested here's some removal instructions.

    hxxp://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

    I used sequentially Rkill, Malwarebytes, Combofix and finally the repairs from Windows Repair (All In One), from tweaking.com, and everything seemed to be repaired.
     
  15. BrandiCandi

    BrandiCandi Guest

    That.
    :thumb:

    The advice you want to give will totally depend on your audience. If you're talking to security professionals & nerds that can't leave their computers alone, then yes, you can compile a list of known crud that you should reformat after catching.

    However, if your audience is the unsophisticated user, then if it were my blog I would recommend that they seek out a professional's help or reformat themselves. An unsophisticated user could see a list of viruses, they'll compare it to the list that norton spits out. If there isn't anything that matches then they could think they were safe.
     
  16. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Oh no. I have a step-by-step guide for removing basic infections, then an advanced guide that involves creating a Dr.Web Live CD, then I recommend they sign up and ask for help on this forum if they don't succeed, then at the bottom I list what infections warrant a format and reinstall. If you want to see the guide, check the link in my signature.
     
Loading...
Thread Status:
Not open for further replies.