Can a virus survive Fdisk+format?

orestis34 · 11-Apr-2008, 06:21 AM #1

OK, I know there have been quite many discussions on this matter, but I've not been able to draw a definite conclusion. Is it possible (=has this been demonstrated) that a virus can survive fdisk+format? That is, if I clear my CMOS, my windows XP installation CD (authentic and clean) and select to delete my partition, then format, will there be ANY chance that a virus could have survived that?

Thanks

lotuseclat79 · 09:46 AM

Only if your BIOS has been compromised. Download the following PDF document here for more information (928+KB). The document is a slide presentation by John Heasman, Implementing and Detecting An ACPI BIOS Rootkit, a speaker at the Black Hat USA 2006 conference.

I would not, however, advise you to look up your MB BIOS at the MB Mfg web site for the latest version to burn. Instead, you might email the Mfg about whether there is a utility that can verify that your BIOS has not been compromised. If it works, don't fix it is the philosophy because more folks than you can imagine try to update their BIOS and end up needing to get a new BIOS chip installed at their local PC shops, i.e. the procedure is usually easy to muck up if you do not follow precisely the Mfg instructions to the T on updating the BIOS.

-- Tom

orestis34 · 19-May-2008, 05:47 AM #3

Flashing the newest BIOS version will kill the virus is it's installed there?

What other locations besides the BIOS could a virus be installed? Could it be installed in the software of a router? Or in the printer?

lotuseclat79 · 19-May-2008, 08:43 AM #4

Hi orestis34,

If malware of any kind is installed in the BIOS, then flashing the BIOS with any authorized version will expunge the malware - if the flash is done properly which most users manage to munge up when they try do do it.

Malware could effectively be hidden in other devices that use their own BIOS to boot up like a video card, router, or yes even a printer.

The key, as always, is, as I said before, to contact the mfgr to see if they have any method to validate and verify that the BIOS is untampered.

-- Tom

mrss · 19-May-2008, 09:19 AM #5

You can always reset your router to factory defaults - every one I've owned has a reset pin - to clear the login/password and any bogus DNS gateway entrees.

lotuseclat79 · 20-May-2008, 09:20 AM #6

And, with respect to all routers, after installing it, change the default admin password!

A web page of the default admin passwords of routers has been published on the Internet, and not changing the admin password of a newly installed router is a well-known malware attack vector vulnerability for anyone whom has not changed their's!

-- Tom

lotuseclat79 · 20-May-2008, 05:59 PM #7

Here's what can happen if you do not change your router's default admin password upon installing it - you could get PhlashDanced, also Link.

Note: the first link's title is erroneous, as the damage is not permanent, i.e. the chip will not boot, until the firmware is replaced either by reflashing it with valid firmware or replacing the chip. Either way, the chip may need to be removed to effect the change, unless you are lucky and can flahs it over a network (local).

-- Tom

orestis34 · 27-May-2008, 02:49 AM #8

Phlashdanced? WTF! Although the article is somewhat interesting, the guy must be a bit ridiculous...

What is mfgr? I tried to find a site or something, but couldn't, do you have a link?

lotuseclat79 · 27-May-2008, 10:07 AM #9

Hi orestis34,

"mfgr" is a well-known abbreviation for - manufacturer!

-- Tom

Newuser12345215 · 28-May-2008, 10:32 AM **#10**

Are there viruses that can alter your BIOS/CMOS settings and/or potentially cause your computer to fry or be destroyed?

lotuseclat79 · 28-May-2008, 04:58 PM **#11**

Hi Newuser12345215,

A fried computer is likely one that overheats which can destroy components on the Motherboard - so, yes, there are, but they may be targeted techniques, rather than in the wild. Read post #2.

-- Tom

orestis34 · 25-Jun-2008, 11:04 AM **#12**

OK, apart from the extreme cases (that a virus may store itself in some weird component's memory like the printer or the router), the main 3 places where it can store itself on a normal PC are the HDD, the RAM and the BIOS cmos memory?

lotuseclat79 · 26-Jun-2008, 11:10 AM **#13**

Also, in Video BIOS - if the video chip has a separate bios.

When the system is powered down, RAM, at least most out there rather than the newer kind that survives power-off, loses memory state - so, HDD, PC bios, and video chip bios.

-- Tom

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)