Boot sectors and virii

Archived from groups: microsoft.public.windowsxp.general (More info?)

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never
had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.
They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?
--
Thanks in advance
Croaker
11 answers Last reply
More about boot sectors virii
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Yes, there are still virii out there that live in the MBR. But, most tools
    these days have more than adequate boot sector scans. I haven't had to do a
    LLF for a virus in a very long time (unless you count trying to overcome a
    bad RedHat LILO install in the test lab :) )

    Seems to me that these "techs" have forgotten the cardinal rule of
    performing non-destructive data handling whenever possible.

    "Croaker" <brianlane@comcast.net> wrote in message
    news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
    > Are there virii/trojans that will survive a format and reinstall of
    > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > previous install of XP and run through setup to reformat(NTFS) the
    > entire partition and then reinstall XP, Does this not rewrite the master
    > boot record, after wiping the partiion clean?
    >
    > I ask this because when i clean XP boxes I have never had to resort to
    > formatting and reinstalling. I usually can fix the installation. I was
    > talking to some "techs" that insisted the only way to be sure you get
    > rid of all trojans and virii is to do a low level format. I have never
    > had to resort to thirrd party stuff to fix windows, and these guys were
    > the kind of guys who would reformat at the very hint of corruption.
    > They never attempt to fix an XP installation they just reformat and
    > reinstall. I think its some wierd throwback to the 98/ME era when
    > formattiing was a way of life. Anyway I had no real world experience
    > with an uncleanable boot sector virus that survived a clean and repair
    > and maybe a MBR rewrite, let alone a format/install (without the disk
    > wiping low level dealie). Are they speaking truth?
    > --
    > Thanks in advance
    > Croaker
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <euUNlMsdFHA.3488@tk2msftngp13.phx.gbl>, j9@1aprop.com
    says...
    > Yes, there are still virii out there that live in the MBR. But, most tools
    > these days have more than adequate boot sector scans. I haven't had to do a
    > LLF for a virus in a very long time (unless you count trying to overcome a
    > bad RedHat LILO install in the test lab :) )
    >
    > Seems to me that these "techs" have forgotten the cardinal rule of
    > performing non-destructive data handling whenever possible.
    >
    > "Croaker" <brianlane@comcast.net> wrote in message
    > news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
    > > Are there virii/trojans that will survive a format and reinstall of
    > > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > > previous install of XP and run through setup to reformat(NTFS) the
    > > entire partition and then reinstall XP, Does this not rewrite the master
    > > boot record, after wiping the partiion clean?
    > >
    > > I ask this because when i clean XP boxes I have never had to resort to
    > > formatting and reinstalling. I usually can fix the installation. I was
    > > talking to some "techs" that insisted the only way to be sure you get
    > > rid of all trojans and virii is to do a low level format. I have never
    > > had to resort to thirrd party stuff to fix windows, and these guys were
    > > the kind of guys who would reformat at the very hint of corruption.
    > > They never attempt to fix an XP installation they just reformat and
    > > reinstall. I think its some wierd throwback to the 98/ME era when
    > > formattiing was a way of life. Anyway I had no real world experience
    > > with an uncleanable boot sector virus that survived a clean and repair
    > > and maybe a MBR rewrite, let alone a format/install (without the disk
    > > wiping low level dealie). Are they speaking truth?
    > > --
    > > Thanks in advance
    > > Croaker
    >
    >
    >
    Well then I would ask this. Does the master boot record get rewritten
    after a format during a fresh install? Does rewriting the MBR get rid
    of these virii/trojans? Do these virii survive a reformat and
    reinstall? Thank you for your patience, this is for my own knowledge at
    this point.
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Croaker wrote:
    > Are there virii/trojans that will survive a format and reinstall of
    > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > previous install of XP and run through setup to reformat(NTFS) the
    > entire partition and then reinstall XP, Does this not rewrite the master
    > boot record, after wiping the partiion clean?
    >
    > I ask this because when i clean XP boxes I have never had to resort to
    > formatting and reinstalling. I usually can fix the installation. I was
    > talking to some "techs" that insisted the only way to be sure you get
    > rid of all trojans and virii is to do a low level format. I have never
    > had to resort to thirrd party stuff to fix windows, and these guys were
    > the kind of guys who would reformat at the very hint of corruption.
    > They never attempt to fix an XP installation they just reformat and
    > reinstall. I think its some wierd throwback to the 98/ME era when
    > formattiing was a way of life. Anyway I had no real world experience
    > with an uncleanable boot sector virus that survived a clean and repair
    > and maybe a MBR rewrite, let alone a format/install (without the disk
    > wiping low level dealie). Are they speaking truth?

    FYI the plural of virus is viruses not virii.

    --
    Rock
    MS MVP Windows - Shell/User
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Croaker" <brianlane@comcast.net> wrote in message
    news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
    > Are there virii/trojans that will survive a format and reinstall of
    > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > previous install of XP and run through setup to reformat(NTFS) the
    > entire partition and then reinstall XP, Does this not rewrite the master
    > boot record, after wiping the partiion clean?
    >

    Formatting only resets the file table for a quick format, or writes a new
    file table for the partition you're formatting (C:). Does nothing to any
    other partition, or the master boot record.

    The partition boot record incorporates the new file table in the process.
    If there is a redirect in the parittion boot record to a boot sector virus,
    then nothing changes. Not all boot viruses use this scheme.

    > I ask this because when i clean XP boxes I have never had to resort to
    > formatting and reinstalling. I usually can fix the installation. I was
    > talking to some "techs" that insisted the only way to be sure you get
    > rid of all trojans and virii is to do a low level format. I have never

    Trojans don't affect the master boot record or the paritition boot record.
    A very limited few viruses, a small handful, can inhabit the general disk
    area where the master boot record is kept. But, not within the mbr itself.
    They are extremely rare. A virus inhabiting the paritition boot record can
    be removed by simply removing and restoring the partition that may be
    infected. These are uncommon as well.

    > had to resort to thirrd party stuff to fix windows, and these guys were
    > the kind of guys who would reformat at the very hint of corruption.

    Low level formats of ide hard drives are done at the factory only.

    Writing zeroes, ones, or a combination, or a repeated combination is
    typically referred to as a "medium" level format. Many unknowing users call
    this a low-level format. The writes overwrite all on the hard disk writable
    area including the area where the master boot record is stored.

    > They never attempt to fix an XP installation they just reformat and
    > reinstall. I think its some wierd throwback to the 98/ME era when
    > formattiing was a way of life. Anyway I had no real world experience
    > with an uncleanable boot sector virus that survived a clean and repair
    > and maybe a MBR rewrite, let alone a format/install (without the disk
    > wiping low level dealie). Are they speaking truth?
    > --
    > Thanks in advance
    > Croaker

    They're speaking the truth as they know it. My take on this is they want
    your PC fixed so they can get you out the door the first time. The
    so-called "low-level" format will take 24 hours or so, or more, and will do
    it without user intervention after starting. And, it will result in a clean
    hard drive irregardless of what underlying problems there were that
    orginated from the original data on that hard drive. Depending on what's
    infected on the PC, their ability to remove the infection harmlessly, and so
    on, can cost many man hours and lessen their ability to work on many PCs at
    the same time. Makes plain business sense to me..
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Rock" <rock@mail.nospam.net> wrote in message
    news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
    > Croaker wrote:
    > > Are there virii/trojans that will survive a format and reinstall of
    > > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > > previous install of XP and run through setup to reformat(NTFS) the
    > > entire partition and then reinstall XP, Does this not rewrite the master
    > > boot record, after wiping the partiion clean?
    > >
    > > I ask this because when i clean XP boxes I have never had to resort to
    > > formatting and reinstalling. I usually can fix the installation. I was
    > > talking to some "techs" that insisted the only way to be sure you get
    > > rid of all trojans and virii is to do a low level format. I have never
    > > had to resort to thirrd party stuff to fix windows, and these guys were
    > > the kind of guys who would reformat at the very hint of corruption.
    > > They never attempt to fix an XP installation they just reformat and
    > > reinstall. I think its some wierd throwback to the 98/ME era when
    > > formattiing was a way of life. Anyway I had no real world experience
    > > with an uncleanable boot sector virus that survived a clean and repair
    > > and maybe a MBR rewrite, let alone a format/install (without the disk
    > > wiping low level dealie). Are they speaking truth?
    >
    > FYI the plural of virus is viruses not virii.
    >
    > --
    > Rock
    > MS MVP Windows - Shell/User
    >

    No, both are correct. Its just a matter of choice which spelling to use to
    describe the plural. Personally, I prefer "viruses" for simplicity sake.
    But, have no problem with others that prefer "virii" or "viri". They
    communicate the meaning obviously as you evidently understood the word, so
    did I.
    http://en.wikipedia.org/wiki/Virii
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Croaker" <brianlane@comcast.net> wrote in message news:MPG.1d2287779bc0ff4f98968e@msnews.microsoft.com...

    > Well then I would ask this. Does the master boot record get rewritten
    > after a format during a fresh install? Does rewriting the MBR get rid
    > of these virii/trojans? Do these virii survive a reformat and
    > reinstall? Thank you for your patience, this is for my own knowledge at
    > this point.

    There are "stealth type" viruses that load from the MBR, that also
    have the ability to hide themselves from detection if booted from
    the infected hard drive. In that case, you generally need to boot from
    known clean removable media (floppy) and check the MBR. Getting rid of
    them without a complete wipe of the mbr can be tricky, but not impossible.

    Google on "stealth virus master boot record" for examples.

    A "fresh install" will write the MBR code if there is none in place already.
    I don't remember if that's true if code is already in place. I wouldn't
    chance it either way if I suspected a MBR virus.

    Format is just concerned with the particular volume ("drive X:") being
    formatted, and doesn't touch the mbr. Though that may effect a volume
    boot sector virus.
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Lil' Dave wrote:
    > "Rock" <rock@mail.nospam.net> wrote in message
    > news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
    >
    >>Croaker wrote:
    >>
    >>>Are there virii/trojans that will survive a format and reinstall of
    >>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    >>>previous install of XP and run through setup to reformat(NTFS) the
    >>>entire partition and then reinstall XP, Does this not rewrite the master
    >>>boot record, after wiping the partiion clean?
    >>>
    >>>I ask this because when i clean XP boxes I have never had to resort to
    >>>formatting and reinstalling. I usually can fix the installation. I was
    >>>talking to some "techs" that insisted the only way to be sure you get
    >>>rid of all trojans and virii is to do a low level format. I have never
    >>>had to resort to thirrd party stuff to fix windows, and these guys were
    >>>the kind of guys who would reformat at the very hint of corruption.
    >>>They never attempt to fix an XP installation they just reformat and
    >>>reinstall. I think its some wierd throwback to the 98/ME era when
    >>>formattiing was a way of life. Anyway I had no real world experience
    >>>with an uncleanable boot sector virus that survived a clean and repair
    >>>and maybe a MBR rewrite, let alone a format/install (without the disk
    >>>wiping low level dealie). Are they speaking truth?
    >>
    >>FYI the plural of virus is viruses not virii.
    >>
    >>--
    >>Rock
    >>MS MVP Windows - Shell/User
    >>
    >
    >
    > No, both are correct. Its just a matter of choice which spelling to use to
    > describe the plural. Personally, I prefer "viruses" for simplicity sake.
    > But, have no problem with others that prefer "virii" or "viri". They
    > communicate the meaning obviously as you evidently understood the word, so
    > did I.
    > http://en.wikipedia.org/wiki/Virii
    >
    >

    No true. Virii is not correct.


    --
    Rock
    MS MVP Windows - Shell/User
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Rock" <rock@mail.nospam.net> wrote in message
    news:%23ojMRo6dFHA.1448@TK2MSFTNGP09.phx.gbl...
    > Lil' Dave wrote:
    > > "Rock" <rock@mail.nospam.net> wrote in message
    > > news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
    > >
    > >>Croaker wrote:
    > >>
    > >>>Are there virii/trojans that will survive a format and reinstall of
    > >>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    > >>>previous install of XP and run through setup to reformat(NTFS) the
    > >>>entire partition and then reinstall XP, Does this not rewrite the
    master
    > >>>boot record, after wiping the partiion clean?
    > >>>
    > >>>I ask this because when i clean XP boxes I have never had to resort to
    > >>>formatting and reinstalling. I usually can fix the installation. I
    was
    > >>>talking to some "techs" that insisted the only way to be sure you get
    > >>>rid of all trojans and virii is to do a low level format. I have never
    > >>>had to resort to thirrd party stuff to fix windows, and these guys were
    > >>>the kind of guys who would reformat at the very hint of corruption.
    > >>>They never attempt to fix an XP installation they just reformat and
    > >>>reinstall. I think its some wierd throwback to the 98/ME era when
    > >>>formattiing was a way of life. Anyway I had no real world experience
    > >>>with an uncleanable boot sector virus that survived a clean and repair
    > >>>and maybe a MBR rewrite, let alone a format/install (without the disk
    > >>>wiping low level dealie). Are they speaking truth?
    > >>
    > >>FYI the plural of virus is viruses not virii.
    > >>
    > >>--
    > >>Rock
    > >>MS MVP Windows - Shell/User
    > >>
    > >
    > >
    > > No, both are correct. Its just a matter of choice which spelling to use
    to
    > > describe the plural. Personally, I prefer "viruses" for simplicity
    sake.
    > > But, have no problem with others that prefer "virii" or "viri". They
    > > communicate the meaning obviously as you evidently understood the word,
    so
    > > did I.
    > > http://en.wikipedia.org/wiki/Virii
    > >
    > >
    >
    > No true. Virii is not correct.
    >
    >
    > --
    > Rock
    > MS MVP Windows - Shell/User
    >

    Whatever...
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Rock wrote:
    >
    > No true. Virii is not correct.

    Agreed.
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Where the hell is Miss Perspicia Tick when you really need her??
    On Wed, 22 Jun 2005 21:14:35 -0700, Rock <rock@mail.nospam.net> wrote:

    >Lil' Dave wrote:
    >> "Rock" <rock@mail.nospam.net> wrote in message
    >> news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
    >>
    >>>Croaker wrote:
    >>>
    >>>>Are there virii/trojans that will survive a format and reinstall of
    >>>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
    >>>>previous install of XP and run through setup to reformat(NTFS) the
    >>>>entire partition and then reinstall XP, Does this not rewrite the master
    >>>>boot record, after wiping the partiion clean?
    >>>>
    >>>>I ask this because when i clean XP boxes I have never had to resort to
    >>>>formatting and reinstalling. I usually can fix the installation. I was
    >>>>talking to some "techs" that insisted the only way to be sure you get
    >>>>rid of all trojans and virii is to do a low level format. I have never
    >>>>had to resort to thirrd party stuff to fix windows, and these guys were
    >>>>the kind of guys who would reformat at the very hint of corruption.
    >>>>They never attempt to fix an XP installation they just reformat and
    >>>>reinstall. I think its some wierd throwback to the 98/ME era when
    >>>>formattiing was a way of life. Anyway I had no real world experience
    >>>>with an uncleanable boot sector virus that survived a clean and repair
    >>>>and maybe a MBR rewrite, let alone a format/install (without the disk
    >>>>wiping low level dealie). Are they speaking truth?
    >>>
    >>>FYI the plural of virus is viruses not virii.
    >>>
    >>>--
    >>>Rock
    >>>MS MVP Windows - Shell/User
    >>>
    >>
    >>
    >> No, both are correct. Its just a matter of choice which spelling to use to
    >> describe the plural. Personally, I prefer "viruses" for simplicity sake.
    >> But, have no problem with others that prefer "virii" or "viri". They
    >> communicate the meaning obviously as you evidently understood the word, so
    >> did I.
    >> http://en.wikipedia.org/wiki/Virii
    >>
    >>
    >
    >No true. Virii is not correct.
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On 24 Jun 2005 03:03:02 -0500, Plato <|@|.|> wrote:

    >Rock wrote:
    >>
    >> No true. Virii is not correct.
    >
    >Agreed.

    It could be that he was talking about common usage, like "Unii"
    (that's people who work on Unix boxes... IOW, the plural of Eunuch)
Ask a new question

Read More

Boot Windows XP