All,
I hope this is a simple question does Formatting a Hard Drive and then
FDisk /MBR remove any rootkits or hidden unwanted files on a hard
drive??
If the answer is no then could you please point me to a good resource
for formatting the boot sector/MBR? Thanks in advance. - CES

If you delete all partitions on a hard drive, and then create and format new
partitions, a new MBR is created. The old one is gone. I do not know of any
malware that will survive this action but there "may" be some out there that
can.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

"cyranodesade" <cyranodesade@gmail.com> wrote in message
news:1186350638.153572.257410@q75g2000hsh.googlegroups.com...
> All,
> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden unwanted files on a hard
> drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES
>

> I hope this is a simple question does Formatting a Hard Drive and then
> FDisk /MBR remove any rootkits or hidden unwanted files on a hard
> drive??
> If the answer is no then could you please point me to a good resource
> for formatting the boot sector/MBR? Thanks in advance. - CES

FDISK is a DOS/Windows 9x command ... there is no FDISK in Vista (or XP, or
Windows 2000).

The steps to recreate the MBR on Vista are described in Microsoft
KnowledgeBase article 927392:
http://support.microsoft.com/kb/927392
Basically, you boot up from the Vista DVD, go to the Repair option, and run
"bootrec /fixmbr". You can also format the hard disk, using the Repair
console.

As to whether this will reliably remove any rootkits ... well, disinfection
is not the stated or tested purpose of this "bootrec /fixmbr" command,
although that might be a side-effect. /fixmbr will rewrite the MBR. If you
have a virus in your MBR, I expect it will be over-written. Rootkits per se
(as opposed to viruses) usually live in the filesystem, disguising
themselves as legitimate operating system components. Formatting would
likely remove these; but again - formatting wasn't designed as an anti-virus
measure, as such. It's a good start. If you suspect you have a virus or
rootkit, the only reliable way to tackle it is to get a current version of a
reputable anti-virus program, with current signatures, and run a full scan
on your system. Rootkits by definition, are difficult to detect; but most of
the main, current anti-virus apps know how to detect the known rootkits.

Hope it helps,
--
Andrew McLaren
amclar (at) optusnet dot com dot au