In order to remove exectued malware, reinstall your operating system

  • Thread starter Thread starter Thor Kottelin
  • Start date Start date
From: "~BD~"


< snip >

| I'm fairly confident that many people with a single, partitioned, hard drive
| will simply wipe their C: drive, re-install Windows and think they are
| starting afresh - clean! Any malware 'worth its salt' will simply hide on
| another partition and then 'jump back' again onto C: once Windows has been
| re-installed. That is how I read matters in simple terms. Do you agree? TIA

| Dave

| **********************************************************

| TIA for any further comment/guidance.

| D.

No !

The following is untrue...

"Any malware 'worth its salt' will simply hide on another partition and then 'jump back'
again onto C: once Windows has been re-installed."





--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
From: "~BD~"


| I'm afraid I don't know the answer to your question, Thor!
sad.gif


| I've re-read what I said and it sounds very flimsy and non-technical - I'm
| sorry about that!

| However, it was the comment by 'Chaslang' to which I was really referring.
| He must have had a good reason for saying that all partitions should be
| deleted to make sure that a disk was *really* clean.

| I've read about MBR infections. Could same activate malware on any
| unformatted partition? ( I do not know the answer btw!)

| Perhaps someone else will comment further.

| Dave


If it is a Boot Sector Infector, a true virus, that infects other media such as a "NYB" or
"Form" virus. However, they don't live well on NTFS.

If it is a Trojan such as the Win32:MBRoot it is using the MBR to stay rooted on the
platform to make removal difficult.

Using the Master Boot Record does NOT mean "Any malware 'worth its salt' will simply hide
on another partition and then 'jump back' again onto C: once Windows has been
re-installed."

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
From: "Root Kit"

| On Wed, 25 Jun 2008 17:36:01 -0400, "David H. Lipman"
| wrote:

>>From: "Root Kit"

>>| On Tue, 24 Jun 2008 20:00:10 -0400, kurt wismer
>>| wrote:

>>>>and analysis will be hard after you've flattened the box... analysis
>>>>first, then removal...

>>| Since an infected machine cannot be trusted, you cannot do proper
>>| analysis on the infected system anyway. If you want to do such a thing
>>| you can keep a mirror of the system for later analysis.

>>First you must define "infected".

| Well, that could probably start a whole new discussion, so how about
| sticking to the subject which indicated "executed malware"?

>>Infected with a password stealing Trojan is quite different from being infected with a
>>simple adware BHO.

| Once again (since you seem so determined to use proper terms): AdWare
| is not malware. AdWare is just a user self-induced annoyance.

>>One might consider the system to be compramised to the point of wiping and reinstalling
>>if
>>one was infected with a password stealing Trojan but that is not the case with a with a
>>simple adware BHO.

| Since adware is not malware we can't disagree here.

Adware *is* most definitely malware.

You need to dig up Marco Guiliani's writeup on the Gromozon malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"David H. Lipman" wrote in message
news:%23KR0IF91IHA.524@TK2MSFTNGP05.phx.gbl...
> From: "~BD~"


> No !
>
> The following is untrue...
>
> "Any malware 'worth its salt' will simply hide on another partition and
> then 'jump back'
> again onto C: once Windows has been re-installed."
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

Thank you for your reply, David. As I said earlier ...................

"I read the Major Geeks thread '-jen' posted with interest. Perhaps the most
pertinent point, IMO, made by the 'helper' - Chaslang' - was:-

"That is really the safest thing to do based on the infections you had. Also
DO NOT just reinstall over your current version of Windows. You MUST DELETE
YOUR PARTITION, re-partition, format, and then reinstall from scratch to be
sure you are clean. Just a simple reinstalling could leave things hanging
around.""

Please will you/can you explain why 'Chaslang' may have said this? There
*must* have been a reason. *I* believe he is right!

Do you, personally, feel it unecessary to delete ones partitioning (thus
losing all data) before re-partitioning, formating and then reinstalling
from scratch?

Perhaps malware can remain resident in other areas inside a computer, not
just on the HD.

Is this possible? If so, where else could it hide ........ and for how long
after power curtailed?

Dave
 
"Root Kit" wrote in message
news:s4g664l1pnho40418jc31cvhpgi2fh7ids@4ax.com...

> Once again (since you seem so determined to use proper terms): AdWare
> is not malware. AdWare is just a user self-induced annoyance.

There *is* overlap between adware and malware. Some adware
is easily fit into the trojan category since 'trojan' is defined
subjectively.
The trojan's payload happens to be adware related.

Just because something is one does not exclude it from being the other
also.
 
On Thu, 26 Jun 2008 17:19:38 -0400, "David H. Lipman"
wrote:

>Adware *is* most definitely malware.

It actually isn't. Get your facts right.

>You need to dig up Marco Guiliani's writeup on the Gromozon malware.

You need to dig up a clue.
 
From: "Root Kit"

| On Thu, 26 Jun 2008 17:19:38 -0400, "David H. Lipman"
| wrote:

>>Adware *is* most definitely malware.

| It actually isn't. Get your facts right.

>>You need to dig up Marco Guiliani's writeup on the Gromozon malware.

| You need to dig up a clue.

I don't need to.
I have read many articles and technical documents written by researchers and have directly
and indirectly examined many samples.

Adware is a class of malware. Actually a sub-class of Trojans.

Now if you tell me Adware LinkOptimizer is NOT malware, I must believe that you are
actually a malware proponent spreading FUD.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
On Thu, 26 Jun 2008 19:16:18 -0400, "David H. Lipman"
wrote:

>Now if you tell me Adware LinkOptimizer is NOT malware, I must believe that you are
>actually a malware proponent spreading FUD.

Sure. And I must believe you are paid by the big security companies to
advocate malware removal nonsense.
 
On Thu, 26 Jun 2008 23:38:00 GMT, Root Kit
wrote:

>On Thu, 26 Jun 2008 19:16:18 -0400, "David H. Lipman"
> wrote:
>
>>Now if you tell me Adware LinkOptimizer is NOT malware, I must believe that you are
>>actually a malware proponent spreading FUD.
>
>Sure. And I must believe you are paid by the big security companies to
>advocate malware removal nonsense.

BTW, as far as LinkOptimizer is concerned, it's a malware which (among
other things) happens to display advertisements. This does not make it
adware. You seem to have a problem focusing - which is a bit
disappointing considering your determination to be precise.
 
Whether adware is malware (was: In order to remove exectued malware, reinstall your operating system)

"Root Kit" wrote in message
news:uv68641kd93flg3n8ukr9rub5o639nl7hl@4ax.com...
> On Thu, 26 Jun 2008 17:19:38 -0400, "David H. Lipman"
> wrote:
>
>>Adware *is* most definitely malware.
>
> It actually isn't. Get your facts right.

I agree with you. As an example, Windows Live Messenger is adware and
freeware, but not e.g. shareware or malware. Eudora can also be used in an
adware, freeware mode, or it can be paid for.

I do admit that several online resources confusingly categorize adware as
malware. Others, such as the Jargon file, Wikipedia and Wiktionary, make
the distinction.

http://www.catb.org/jargon/html/A/adware.html
http://en.wikipedia.org/wiki/Adware
http://en.wiktionary.org/wiki/adware

--
Thor Kottelin
http://www.anta.net/

Antivirus, firewall, parental control: http://www.anta.net/sw/norman/
 
"David H. Lipman" wrote in message
news:OG%23$iu91IHA.4852@TK2MSFTNGP05.phx.gbl...
> From: "~BD~"
>
> Please do NOT hijack someone else's thread.
> Jen did not reply to this thread.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>

Point taken. Sorry. Please answer my questions though. I reiterate:-

Do you, personally, feel it unecessary to delete ones partitioning on a
single HD (thus
losing all data) before re-partitioning, formating and then reinstalling
from scratch?

Perhaps malware can remain resident in other areas inside a computer, not
just on the HD.

Is this possible? If so, where else could it hide ........ and for how long
after power curtailed?

Dave
 
From: "~BD~"

< snip >

| Point taken. Sorry. Please answer my questions though. I reiterate:-

| Do you, personally, feel it unecessary to delete ones partitioning on a
| single HD (thus
| losing all data) before re-partitioning, formating and then reinstalling
| from scratch?

| Perhaps malware can remain resident in other areas inside a computer, not
| just on the HD.

| Is this possible? If so, where else could it hide ........ and for how long
| after power curtailed?

| Dave


Create your own thread, fully explain your POV with supporting evidence and we'll see
where it takes us.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"Volodymyr M. Shcherbyna" wrote in message
news:%23ATEdBt0IHA.4572@TK2MSFTNGP03.phx.gbl...
> Well, the best way to clean machine is to leave it in the right place, pay
> money and get it after some time cleaned and "cured". There are many ways
> of how to get rid of viruses. One of the way - debug machine using WinDbg
> kernel debuger, and with the help of it force the "bad" code to stop
> execution.
>
> Re-installation of OS is not the best solution.
>
> --
> V.

You say "Re-installation of OS is not the *best* solution Volodymyr.

My question to you ................ Although maybe not *the* best solution
........... Will re-installation of OS *always* leave one with a totally
clean machine?

Did you note my comment to David Lipman? Viz:-

"Do you, personally, feel it unecessary to delete ones partitioning on a
single HD (thus losing all data) before re-partitioning, formating and then
reinstalling from scratch?

Perhaps malware can remain resident in other areas inside a computer, not
just on the HD.

Is this possible? If so, where else could it hide ........ and for how long
after power curtailed?"

I'd very much appreciate your view(s). TIA.

Dave
 
Back
Top