Removing RootKits

cyranodesade · External Since: Aug 05, 2007 Posts: 2

All,
I hope this is a simple question does Formatting a Hard Drive and then
FDisk /MBR remove any rootkits or hidden files on a hard drive??
If the answer is no then could you please point me to a good resource
for formatting the boot sector/MBR? Thanks in advance. - CES

Jerry · External Since: Aug 05, 2007 Posts: 1

Reformatting the drive removes everything. FDISK /MBR is redundant if you
just formatted.

The only other option is a manufacturer's low-level format and that program
is probably not available for a user.

"cyranodesade" <cyranodesade RemoveThis @gmail.com> wrote in message
news:1186350724.255616.20280@r34g2000hsd.googlegroups.com...
> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden files on a hard drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES
>

romanom · External Since: Jun 18, 2007 Posts: 24

If your formatting just to remove the rootkit you may try this freeware first:

http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0

It worked for me in finding and removing a Sony Music rootkit that Sony was
kind enough to install with Connect software, I guess to ensure I wasn't
passing on music to the Communist or something.

"Jerry" wrote:

> Reformatting the drive removes everything. FDISK /MBR is redundant if you
> just formatted.
>
> The only other option is a manufacturer's low-level format and that program
> is probably not available for a user.
>
> "cyranodesade" <cyranodesade.DeleteThis@gmail.com> wrote in message
> news:1186350724.255616.20280@r34g2000hsd.googlegroups.com...
> > All,
> > I hope this is a simple question does Formatting a Hard Drive and then
> > FDisk /MBR remove any rootkits or hidden files on a hard drive??
> > If the answer is no then could you please point me to a good resource
> > for formatting the boot sector/MBR? Thanks in advance. - CES
> >
>
>
>

Milo · External Since: Aug 06, 2007 Posts: 1

You can also use this application

Rootkit revealer
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

thanks

--
Milo
MSPSS

"cyranodesade" wrote:

> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden files on a hard drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES
>
>

Kerry Brown · External Since: Jun 12, 2006 Posts: 1622

"cyranodesade" <cyranodesade RemoveThis @gmail.com> wrote in message
news:1186350724.255616.20280@r34g2000hsd.googlegroups.com...
> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden files on a hard drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES
>

Yes it will remove the rootkit. You should figure how the rootkit got
installed and alter your computing habits so it doesn't happen again. One of
the reasons people ask this question is because they have done this then
become infected again because they didn't change their habits and the
rootkit got installed again by the same method it was the first time.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

Noddy · External Since: Aug 03, 2007 Posts: 26

"Jerry" <ChiefZekeNoSpam RemoveThis @MSN.com> wrote in message
news:%23nVlIu61HHA.5380@TK2MSFTNGP04.phx.gbl...
> Reformatting the drive removes everything. FDISK /MBR is redundant if you
> just formatted.

Format does not clear the mbr. If it did then Linux Grub or Lilo wouldn't be
left behind after a format, but it is and to get rid of it you run fdisk
/mbr. HDD manufacturers still provide what they call low level format
utilities but all they really are is a zero wipe utility which does
overwrite every sector on a HDD and is the best method to ensure you are
virus free. Or you can simply use Dban's quick wipe, same thing. Dban is
available as a separate download or on The Ultimate Boot Disk.

Tyler Larson · External Since: Aug 08, 2007 Posts: 4

Noddy wrote:
> "Jerry" <ChiefZekeNoSpam.DeleteThis@MSN.com> wrote in message
> news:%23nVlIu61HHA.5380@TK2MSFTNGP04.phx.gbl...
>> Reformatting the drive removes everything. FDISK /MBR is redundant if
>> you just formatted.
>
> Format does not clear the mbr. If it did then Linux Grub or Lilo
> wouldn't be left behind after a format, but it is and to get rid of it
> you run fdisk /mbr. HDD manufacturers still provide what they call low
> level format utilities but all they really are is a zero wipe utility
> which does overwrite every sector on a HDD and is the best method to
> ensure you are virus free. Or you can simply use Dban's quick wipe, same
> thing. Dban is available as a separate download or on The Ultimate Boot
> Disk.

The MBR is stored on sector 0, whereas partitions start at sector 1
(specifically to avoid overwriting the boot sector (MBR)). Therefore,
nothing you can do to the partition will affect the boot sector.
However, in the process of reinstalling windows, you'll automatically
write a new boot sector, since that's what SETUP does.