Sign in with
Sign up | Sign in
Your question

Boot sectors and virii

Last response: in Windows XP
Share
June 22, 2005 12:14:46 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Are there virii/trojans that will survive a format and reinstall of
Windows XP PRO/Home using the XP setup (through the cd)? If I have a
previous install of XP and run through setup to reformat(NTFS) the
entire partition and then reinstall XP, Does this not rewrite the master
boot record, after wiping the partiion clean?

I ask this because when i clean XP boxes I have never had to resort to
formatting and reinstalling. I usually can fix the installation. I was
talking to some "techs" that insisted the only way to be sure you get
rid of all trojans and virii is to do a low level format. I have never
had to resort to thirrd party stuff to fix windows, and these guys were
the kind of guys who would reformat at the very hint of corruption.
They never attempt to fix an XP installation they just reformat and
reinstall. I think its some wierd throwback to the 98/ME era when
formattiing was a way of life. Anyway I had no real world experience
with an uncleanable boot sector virus that survived a clean and repair
and maybe a MBR rewrite, let alone a format/install (without the disk
wiping low level dealie). Are they speaking truth?
--
Thanks in advance
Croaker

More about : boot sectors virii

Anonymous
June 22, 2005 12:14:47 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Yes, there are still virii out there that live in the MBR. But, most tools
these days have more than adequate boot sector scans. I haven't had to do a
LLF for a virus in a very long time (unless you count trying to overcome a
bad RedHat LILO install in the test lab :)  )

Seems to me that these "techs" have forgotten the cardinal rule of
performing non-destructive data handling whenever possible.

"Croaker" <brianlane@comcast.net> wrote in message
news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
> Are there virii/trojans that will survive a format and reinstall of
> Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> previous install of XP and run through setup to reformat(NTFS) the
> entire partition and then reinstall XP, Does this not rewrite the master
> boot record, after wiping the partiion clean?
>
> I ask this because when i clean XP boxes I have never had to resort to
> formatting and reinstalling. I usually can fix the installation. I was
> talking to some "techs" that insisted the only way to be sure you get
> rid of all trojans and virii is to do a low level format. I have never
> had to resort to thirrd party stuff to fix windows, and these guys were
> the kind of guys who would reformat at the very hint of corruption.
> They never attempt to fix an XP installation they just reformat and
> reinstall. I think its some wierd throwback to the 98/ME era when
> formattiing was a way of life. Anyway I had no real world experience
> with an uncleanable boot sector virus that survived a clean and repair
> and maybe a MBR rewrite, let alone a format/install (without the disk
> wiping low level dealie). Are they speaking truth?
> --
> Thanks in advance
> Croaker
June 22, 2005 1:22:49 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <euUNlMsdFHA.3488@tk2msftngp13.phx.gbl>, j9@1aprop.com
says...
> Yes, there are still virii out there that live in the MBR. But, most tools
> these days have more than adequate boot sector scans. I haven't had to do a
> LLF for a virus in a very long time (unless you count trying to overcome a
> bad RedHat LILO install in the test lab :)  )
>
> Seems to me that these "techs" have forgotten the cardinal rule of
> performing non-destructive data handling whenever possible.
>
> "Croaker" <brianlane@comcast.net> wrote in message
> news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
> > Are there virii/trojans that will survive a format and reinstall of
> > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> > previous install of XP and run through setup to reformat(NTFS) the
> > entire partition and then reinstall XP, Does this not rewrite the master
> > boot record, after wiping the partiion clean?
> >
> > I ask this because when i clean XP boxes I have never had to resort to
> > formatting and reinstalling. I usually can fix the installation. I was
> > talking to some "techs" that insisted the only way to be sure you get
> > rid of all trojans and virii is to do a low level format. I have never
> > had to resort to thirrd party stuff to fix windows, and these guys were
> > the kind of guys who would reformat at the very hint of corruption.
> > They never attempt to fix an XP installation they just reformat and
> > reinstall. I think its some wierd throwback to the 98/ME era when
> > formattiing was a way of life. Anyway I had no real world experience
> > with an uncleanable boot sector virus that survived a clean and repair
> > and maybe a MBR rewrite, let alone a format/install (without the disk
> > wiping low level dealie). Are they speaking truth?
> > --
> > Thanks in advance
> > Croaker
>
>
>
Well then I would ask this. Does the master boot record get rewritten
after a format during a fresh install? Does rewriting the MBR get rid
of these virii/trojans? Do these virii survive a reformat and
reinstall? Thank you for your patience, this is for my own knowledge at
this point.
Related resources
June 22, 2005 2:55:16 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Croaker wrote:
> Are there virii/trojans that will survive a format and reinstall of
> Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> previous install of XP and run through setup to reformat(NTFS) the
> entire partition and then reinstall XP, Does this not rewrite the master
> boot record, after wiping the partiion clean?
>
> I ask this because when i clean XP boxes I have never had to resort to
> formatting and reinstalling. I usually can fix the installation. I was
> talking to some "techs" that insisted the only way to be sure you get
> rid of all trojans and virii is to do a low level format. I have never
> had to resort to thirrd party stuff to fix windows, and these guys were
> the kind of guys who would reformat at the very hint of corruption.
> They never attempt to fix an XP installation they just reformat and
> reinstall. I think its some wierd throwback to the 98/ME era when
> formattiing was a way of life. Anyway I had no real world experience
> with an uncleanable boot sector virus that survived a clean and repair
> and maybe a MBR rewrite, let alone a format/install (without the disk
> wiping low level dealie). Are they speaking truth?

FYI the plural of virus is viruses not virii.

--
Rock
MS MVP Windows - Shell/User
Anonymous
June 22, 2005 4:35:30 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Croaker" <brianlane@comcast.net> wrote in message
news:MPG.1d22777cc4f0c4898968c@msnews.microsoft.com...
> Are there virii/trojans that will survive a format and reinstall of
> Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> previous install of XP and run through setup to reformat(NTFS) the
> entire partition and then reinstall XP, Does this not rewrite the master
> boot record, after wiping the partiion clean?
>

Formatting only resets the file table for a quick format, or writes a new
file table for the partition you're formatting (C:) . Does nothing to any
other partition, or the master boot record.

The partition boot record incorporates the new file table in the process.
If there is a redirect in the parittion boot record to a boot sector virus,
then nothing changes. Not all boot viruses use this scheme.

> I ask this because when i clean XP boxes I have never had to resort to
> formatting and reinstalling. I usually can fix the installation. I was
> talking to some "techs" that insisted the only way to be sure you get
> rid of all trojans and virii is to do a low level format. I have never

Trojans don't affect the master boot record or the paritition boot record.
A very limited few viruses, a small handful, can inhabit the general disk
area where the master boot record is kept. But, not within the mbr itself.
They are extremely rare. A virus inhabiting the paritition boot record can
be removed by simply removing and restoring the partition that may be
infected. These are uncommon as well.

> had to resort to thirrd party stuff to fix windows, and these guys were
> the kind of guys who would reformat at the very hint of corruption.

Low level formats of ide hard drives are done at the factory only.

Writing zeroes, ones, or a combination, or a repeated combination is
typically referred to as a "medium" level format. Many unknowing users call
this a low-level format. The writes overwrite all on the hard disk writable
area including the area where the master boot record is stored.

> They never attempt to fix an XP installation they just reformat and
> reinstall. I think its some wierd throwback to the 98/ME era when
> formattiing was a way of life. Anyway I had no real world experience
> with an uncleanable boot sector virus that survived a clean and repair
> and maybe a MBR rewrite, let alone a format/install (without the disk
> wiping low level dealie). Are they speaking truth?
> --
> Thanks in advance
> Croaker

They're speaking the truth as they know it. My take on this is they want
your PC fixed so they can get you out the door the first time. The
so-called "low-level" format will take 24 hours or so, or more, and will do
it without user intervention after starting. And, it will result in a clean
hard drive irregardless of what underlying problems there were that
orginated from the original data on that hard drive. Depending on what's
infected on the PC, their ability to remove the infection harmlessly, and so
on, can cost many man hours and lessen their ability to work on many PCs at
the same time. Makes plain business sense to me..
Anonymous
June 22, 2005 4:44:12 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Rock" <rock@mail.nospam.net> wrote in message
news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
> Croaker wrote:
> > Are there virii/trojans that will survive a format and reinstall of
> > Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> > previous install of XP and run through setup to reformat(NTFS) the
> > entire partition and then reinstall XP, Does this not rewrite the master
> > boot record, after wiping the partiion clean?
> >
> > I ask this because when i clean XP boxes I have never had to resort to
> > formatting and reinstalling. I usually can fix the installation. I was
> > talking to some "techs" that insisted the only way to be sure you get
> > rid of all trojans and virii is to do a low level format. I have never
> > had to resort to thirrd party stuff to fix windows, and these guys were
> > the kind of guys who would reformat at the very hint of corruption.
> > They never attempt to fix an XP installation they just reformat and
> > reinstall. I think its some wierd throwback to the 98/ME era when
> > formattiing was a way of life. Anyway I had no real world experience
> > with an uncleanable boot sector virus that survived a clean and repair
> > and maybe a MBR rewrite, let alone a format/install (without the disk
> > wiping low level dealie). Are they speaking truth?
>
> FYI the plural of virus is viruses not virii.
>
> --
> Rock
> MS MVP Windows - Shell/User
>

No, both are correct. Its just a matter of choice which spelling to use to
describe the plural. Personally, I prefer "viruses" for simplicity sake.
But, have no problem with others that prefer "virii" or "viri". They
communicate the meaning obviously as you evidently understood the word, so
did I.
http://en.wikipedia.org/wiki/Virii
Anonymous
June 22, 2005 10:26:32 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Croaker" <brianlane@comcast.net> wrote in message news:MPG.1d2287779bc0ff4f98968e@msnews.microsoft.com...

> Well then I would ask this. Does the master boot record get rewritten
> after a format during a fresh install? Does rewriting the MBR get rid
> of these virii/trojans? Do these virii survive a reformat and
> reinstall? Thank you for your patience, this is for my own knowledge at
> this point.

There are "stealth type" viruses that load from the MBR, that also
have the ability to hide themselves from detection if booted from
the infected hard drive. In that case, you generally need to boot from
known clean removable media (floppy) and check the MBR. Getting rid of
them without a complete wipe of the mbr can be tricky, but not impossible.

Google on "stealth virus master boot record" for examples.

A "fresh install" will write the MBR code if there is none in place already.
I don't remember if that's true if code is already in place. I wouldn't
chance it either way if I suspected a MBR virus.

Format is just concerned with the particular volume ("drive X:") being
formatted, and doesn't touch the mbr. Though that may effect a volume
boot sector virus.
June 23, 2005 1:14:35 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Lil' Dave wrote:
> "Rock" <rock@mail.nospam.net> wrote in message
> news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
>
>>Croaker wrote:
>>
>>>Are there virii/trojans that will survive a format and reinstall of
>>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
>>>previous install of XP and run through setup to reformat(NTFS) the
>>>entire partition and then reinstall XP, Does this not rewrite the master
>>>boot record, after wiping the partiion clean?
>>>
>>>I ask this because when i clean XP boxes I have never had to resort to
>>>formatting and reinstalling. I usually can fix the installation. I was
>>>talking to some "techs" that insisted the only way to be sure you get
>>>rid of all trojans and virii is to do a low level format. I have never
>>>had to resort to thirrd party stuff to fix windows, and these guys were
>>>the kind of guys who would reformat at the very hint of corruption.
>>>They never attempt to fix an XP installation they just reformat and
>>>reinstall. I think its some wierd throwback to the 98/ME era when
>>>formattiing was a way of life. Anyway I had no real world experience
>>>with an uncleanable boot sector virus that survived a clean and repair
>>>and maybe a MBR rewrite, let alone a format/install (without the disk
>>>wiping low level dealie). Are they speaking truth?
>>
>>FYI the plural of virus is viruses not virii.
>>
>>--
>>Rock
>>MS MVP Windows - Shell/User
>>
>
>
> No, both are correct. Its just a matter of choice which spelling to use to
> describe the plural. Personally, I prefer "viruses" for simplicity sake.
> But, have no problem with others that prefer "virii" or "viri". They
> communicate the meaning obviously as you evidently understood the word, so
> did I.
> http://en.wikipedia.org/wiki/Virii
>
>

No true. Virii is not correct.


--
Rock
MS MVP Windows - Shell/User
Anonymous
June 23, 2005 11:42:34 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Rock" <rock@mail.nospam.net> wrote in message
news:%23ojMRo6dFHA.1448@TK2MSFTNGP09.phx.gbl...
> Lil' Dave wrote:
> > "Rock" <rock@mail.nospam.net> wrote in message
> > news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
> >
> >>Croaker wrote:
> >>
> >>>Are there virii/trojans that will survive a format and reinstall of
> >>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
> >>>previous install of XP and run through setup to reformat(NTFS) the
> >>>entire partition and then reinstall XP, Does this not rewrite the
master
> >>>boot record, after wiping the partiion clean?
> >>>
> >>>I ask this because when i clean XP boxes I have never had to resort to
> >>>formatting and reinstalling. I usually can fix the installation. I
was
> >>>talking to some "techs" that insisted the only way to be sure you get
> >>>rid of all trojans and virii is to do a low level format. I have never
> >>>had to resort to thirrd party stuff to fix windows, and these guys were
> >>>the kind of guys who would reformat at the very hint of corruption.
> >>>They never attempt to fix an XP installation they just reformat and
> >>>reinstall. I think its some wierd throwback to the 98/ME era when
> >>>formattiing was a way of life. Anyway I had no real world experience
> >>>with an uncleanable boot sector virus that survived a clean and repair
> >>>and maybe a MBR rewrite, let alone a format/install (without the disk
> >>>wiping low level dealie). Are they speaking truth?
> >>
> >>FYI the plural of virus is viruses not virii.
> >>
> >>--
> >>Rock
> >>MS MVP Windows - Shell/User
> >>
> >
> >
> > No, both are correct. Its just a matter of choice which spelling to use
to
> > describe the plural. Personally, I prefer "viruses" for simplicity
sake.
> > But, have no problem with others that prefer "virii" or "viri". They
> > communicate the meaning obviously as you evidently understood the word,
so
> > did I.
> > http://en.wikipedia.org/wiki/Virii
> >
> >
>
> No true. Virii is not correct.
>
>
> --
> Rock
> MS MVP Windows - Shell/User
>

Whatever...
Anonymous
June 24, 2005 7:03:02 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Rock wrote:
>
> No true. Virii is not correct.

Agreed.
June 24, 2005 8:32:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Where the hell is Miss Perspicia Tick when you really need her??
On Wed, 22 Jun 2005 21:14:35 -0700, Rock <rock@mail.nospam.net> wrote:

>Lil' Dave wrote:
>> "Rock" <rock@mail.nospam.net> wrote in message
>> news:uS3y37udFHA.3012@tk2msftngp13.phx.gbl...
>>
>>>Croaker wrote:
>>>
>>>>Are there virii/trojans that will survive a format and reinstall of
>>>>Windows XP PRO/Home using the XP setup (through the cd)? If I have a
>>>>previous install of XP and run through setup to reformat(NTFS) the
>>>>entire partition and then reinstall XP, Does this not rewrite the master
>>>>boot record, after wiping the partiion clean?
>>>>
>>>>I ask this because when i clean XP boxes I have never had to resort to
>>>>formatting and reinstalling. I usually can fix the installation. I was
>>>>talking to some "techs" that insisted the only way to be sure you get
>>>>rid of all trojans and virii is to do a low level format. I have never
>>>>had to resort to thirrd party stuff to fix windows, and these guys were
>>>>the kind of guys who would reformat at the very hint of corruption.
>>>>They never attempt to fix an XP installation they just reformat and
>>>>reinstall. I think its some wierd throwback to the 98/ME era when
>>>>formattiing was a way of life. Anyway I had no real world experience
>>>>with an uncleanable boot sector virus that survived a clean and repair
>>>>and maybe a MBR rewrite, let alone a format/install (without the disk
>>>>wiping low level dealie). Are they speaking truth?
>>>
>>>FYI the plural of virus is viruses not virii.
>>>
>>>--
>>>Rock
>>>MS MVP Windows - Shell/User
>>>
>>
>>
>> No, both are correct. Its just a matter of choice which spelling to use to
>> describe the plural. Personally, I prefer "viruses" for simplicity sake.
>> But, have no problem with others that prefer "virii" or "viri". They
>> communicate the meaning obviously as you evidently understood the word, so
>> did I.
>> http://en.wikipedia.org/wiki/Virii
>>
>>
>
>No true. Virii is not correct.
Anonymous
June 24, 2005 10:52:03 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On 24 Jun 2005 03:03:02 -0500, Plato <|@|.|> wrote:

>Rock wrote:
>>
>> No true. Virii is not correct.
>
>Agreed.

It could be that he was talking about common usage, like "Unii"
(that's people who work on Unix boxes... IOW, the plural of Eunuch)
!