Would using "Restore Hard disk frm image" wipe all traces of MBR/First Track malware?

Discussion in 'Paragon Partition Manager Product Line' started by dialxdrop, Oct 11, 2010.

Thread Status:
Not open for further replies.
  1. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    If I were to load the Paragon Disk Manager from DOS, and run the command "Restore Hard Disk from Image" to restore a clean MBR/First tract, would this completely eliminate 100% ANY and ALL traces of malware that existed in the MBR/First tract? If not how can I eliminate all traces? (besides doing a full disk format)

    And besides the data in the partition and first tract/mbr, Can harmful malware exist anywhere else? (Harmful malware refers to any location on a HD that malware could activate itself on start up and cause damage)

    If the first question is true, and that data in the partition would be the only other area, then by deleting/formating the partitions and running the Restore HD MBR image command, this should wipe out all traces of any dangerous malware, correct?

    And lastly, to create a clean MBR, all you would need to do is install Windows XP, and it will create a new clean MBR and just immediately save the MBR/First track image using Paragon, would this work?
     
  2. Mech_An

    Mech_An Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    855
    Restore MBR & First track will probably remove MBR rootkit. But I never tried this.

    Usually malware 'lives' in Windows startup, not in MBR. I would recommend you to:
    * boot from Paragon Recovery CD
    * transfer all important files to any external drive
    * restore system partition + MBR or entire system Hard Disk from backup. Restored Windows will be clean if it was backed up in clean state.

    Also you can try to use free tools to remove malware by Kaspersky or Dr.Web:
    http://www.kaspersky.com/virus-removal-tools
    http://www.freedrweb.com/cureit/
     
  3. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    Hey Thanks for that,

    but the thing is I don't have any MBR viruses or rootkits for that matter but I want to know how to totally obliterate all traces of malware on a PC 100% without doing a full HD wipe like Secure Erase (which will undoubtedly do the job).

    I am also very familiar and already use those steps you've mentioned, which will defeat traditional malware.

    However I want a comprehensive solution that will defeat ALL traces of malware from a HD. Now I've read a few forum threads on this subject, and consensus seems to imply that the only guaranteed 100% effective method is a full HD wipe and methods such as just restoring the MBR can probably eliminate MBR malware but not 100% guarantee it. (Obviously you have to restore the partition also if it is infected)

    So I am assuming there is no 100% definitive way to eliminate all traces of harmful malware besides doing a full HD wipe? I mean there has to be another way to obliterate ALL traces of MBR malware, right?

    And also besides the MBR and partition (Windows startup etc) malware, are there any other locations that harmful malware can exist in?
     
    Last edited: Oct 12, 2010
  4. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    Does anyone know?

    What about doing a full hard disk format? (Whether its using XP's hard disk manager, or Paragon HD manager)

    Since a full HD wipe takes more time, would a full hard disk format eliminate all traces of malware 100%?

    Ex: Let's say your hard disk is infected with the most sophisticated type of malware in every location possible, MBR, Root kit,bad sectors etc etc., would a simple full HD format take care of it 100%?
     
  5. Mech_An

    Mech_An Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    855
    full format will 'kill' 100% of malware
     
  6. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    that's not exactly true
     
  7. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    +1

    Yes, I also agree. I've been doing a little research on the matter and there seems to be situations that malware can in fact survive a simple format. ALthough the chances are very slim. And it remains that the ONLY way to remove malware 100% is the Secure Erase command and similar commands.

    Steve1955, do you know if there is an added benefit to doing a format and then a partition + mbr image restore? Or is doing an image restore as effective at removing malware?
     
  8. Mech_An

    Mech_An Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    855
    Well, you can additionally use Wipe Hard Disk wizard from Paragon program. It makes all data on hard disk un-restorable. I suppose, & malware too.
     
  9. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I think simple format is enough. After format, restore clean image via Bootable CD/flash and you should be fine as restoring image via Bootable CD/flash also overwrite MBR and boot sectors. Malwares on other partitions can be eliminated via scanning (preferably via Boot CD). Wiping HDD due to malware is not a wise decision. Wiping means overwriting your all existing data which is simply overkill except when you want to sale your HDD.
     
  10. Mech_An

    Mech_An Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    855
    Boyfriend,

    I agree, but steve1955 & dialxdrop said we are wrong.

    I never had malware, which can't be deleted via re-format.
     
  11. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @steve1955 & dialxdrop: Any reference, article, malware name, sample?

    During quick format, whole file system is written again, which renders data unreadable, but still recoverable manually (malware cannot recover itself automatically as none malware has included recuva in its code :D ). During full format, whole file system is written along with checking disk for bad sectors. How a malware can survive format (quick/full)?
     
  12. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35

    Well there are a couple of ways that malware can survive a format:

    Here is one threat:
    https://www.wilderssecurity.com/showthread.php?t=199662&highlight=mbr

    and there is another attack that I learned from Searching___(There is a thread which I can't remember at the top of my head), and basically malware can become reactivated with Chkdisk since a format will not completely wipe the data 100%.

    From: http://www.ehow.com/about_5045592_formatting-hard-drive.html

    "Formatting a hard disk drive will overwrite the data on the drive. However, the data hasn't exactly been erased. The formatting process only removes the operating system's ability to read the data on the drive. Data needs to be rewritten to the drive and then reformatted again to ensure that data is no longer accessible "
     
    Last edited: Oct 19, 2010
  13. Mech_An

    Mech_An Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    855
    Wiping will overwrite all data with custom number of symbols according to select algorithm. So I suppose, that wiping + restore from clean backup will solve all issues with malware.
     
Loading...
Thread Status:
Not open for further replies.