Cleaning a computer - any other views here?

"Leythos" <> wrote in message
news: om...
> In article <>,
> says...
>> When you say "Wiping and reinstalling" do you mean deleting all
>> partitions and formatting or do you feel that it is satisfactory
>> (say,
>> on a single hard disk that has two partitions C: and D to reinstall
>> Windows on the C: drive leaving data on D: intact? TIA
>
> Wipe, as in the entire physical drive, everything, period, nada left.
>
> --

That is straight-forward advice ....... but I wonder how many (even
'professionals') follow it!

Are you just as confident that ........ I'll call them 'gremlins'
.......... cannot remain within a computer if the hard drive is wiped as
you describe (or even replaced with a new one)?

What about gremlins hiding in, say, a RAM stick or somewhere on the
motherboard? There again, how could you possibly know the answer?!!

John D

"John D" <John_D@Ican playgames.too> writes:

>"Leythos" <> wrote in message
>news:. com...
>> In article <>,
>> says...
>>> When you say "Wiping and reinstalling" do you mean deleting all
>>> partitions and formatting or do you feel that it is satisfactory
>>> (say,
>>> on a single hard disk that has two partitions C: and D to reinstall
>>> Windows on the C: drive leaving data on D: intact? TIA

The problem is that the bad guys could have installed mallware on D: which
will allow them easy access later.

>>
>> Wipe, as in the entire physical drive, everything, period, nada left.
>>
>> --

>That is straight-forward advice ....... but I wonder how many (even
>'professionals') follow it!

>Are you just as confident that ........ I'll call them 'gremlins'
>......... cannot remain within a computer if the hard drive is wiped as
>you describe (or even replaced with a new one)?

>What about gremlins hiding in, say, a RAM stick or somewhere on the
>motherboard? There again, how could you possibly know the answer?!!

Exactly how would they hide on the motherboard?
If you had your ram stick plugged in at any time after the infection then
yes, it should also be wiped.

Unruh

"Unruh" <unruh-> wrote in message
news:0c7el.7035$Db2.1044@edtnps83...
> "John D" <John_D@Ican playgames.too> writes:
>
>>"Leythos" <> wrote in message
>>news: .com...
>>> In article <>,
>>> says...
>>>> When you say "Wiping and reinstalling" do you mean deleting all
>>>> partitions and formatting or do you feel that it is satisfactory
>>>> (say,
>>>> on a single hard disk that has two partitions C: and D to
>>>> reinstall
>>>> Windows on the C: drive leaving data on D: intact? TIA
>
> The problem is that the bad guys could have installed mallware on D:
> which
> will allow them easy access later.
>


I'm pleased that you agree!




>>>
>>> Wipe, as in the entire physical drive, everything, period, nada
>>> left.
>>>
>>> --
>
>>That is straight-forward advice ....... but I wonder how many (even
>>'professionals') follow it!
>
>>Are you just as confident that ........ I'll call them 'gremlins'
>>......... cannot remain within a computer if the hard drive is wiped
>>as
>>you describe (or even replaced with a new one)?
>
>>What about gremlins hiding in, say, a RAM stick or somewhere on the
>>motherboard? There again, how could you possibly know the answer?!!
>
> Exactly how would they hide on the motherboard?


No idea if that is possible! Just asking


> If you had your ram stick plugged in at any time after the infection
> then
> yes, it should also be wiped.


How, please, does one 'wipe' a RAM stick?


Thanks for responding btw!

--
John

John D

"John D" <John_D@Ican playgames.too> writes:


>"Unruh" <unruh-> wrote in message
>news:0c7el.7035$Db2.1044@edtnps83...
>> "John D" <John_D@Ican playgames.too> writes:
>>
>>>"Leythos" <> wrote in message
>>>news: b.com...
>>>> In article <>,
>>>> says...
>>>>> When you say "Wiping and reinstalling" do you mean deleting all
>>>>> partitions and formatting or do you feel that it is satisfactory
>>>>> (say,
>>>>> on a single hard disk that has two partitions C: and D to
>>>>> reinstall
>>>>> Windows on the C: drive leaving data on D: intact? TIA
>>
>> The problem is that the bad guys could have installed mallware on D:
>> which
>> will allow them easy access later.
>>


>I'm pleased that you agree!




>>>>
>>>> Wipe, as in the entire physical drive, everything, period, nada
>>>> left.
>>>>
>>>> --
>>
>>>That is straight-forward advice ....... but I wonder how many (even
>>>'professionals') follow it!
>>
>>>Are you just as confident that ........ I'll call them 'gremlins'
>>>......... cannot remain within a computer if the hard drive is wiped
>>>as
>>>you describe (or even replaced with a new one)?
>>
>>>What about gremlins hiding in, say, a RAM stick or somewhere on the
>>>motherboard? There again, how could you possibly know the answer?!!
>>
>> Exactly how would they hide on the motherboard?


>No idea if that is possible! Just asking


>> If you had your ram stick plugged in at any time after the infection
>> then
>> yes, it should also be wiped.


>How, please, does one 'wipe' a RAM stick?

For this, just erase all files, including all hidden files.

Unruh

"Unruh" <unruh-> wrote in message
news:z29el.6233$PH1.2719@edtnps82...
> "John D" <John_D@Ican playgames.too> writes:
>
>
>>"Unruh" <unruh-> wrote in message
>>news:0c7el.7035$Db2.1044@edtnps83...
>>> "John D" <John_D@Ican playgames.too> writes:
>>>
>>>>"Leythos" <> wrote in message
>>>>news: eb.com...
>>>>> In article <>,
>>>>> says...
>>>>>> When you say "Wiping and reinstalling" do you mean deleting all
>>>>>> partitions and formatting or do you feel that it is satisfactory
>>>>>> (say,
>>>>>> on a single hard disk that has two partitions C: and D to
>>>>>> reinstall
>>>>>> Windows on the C: drive leaving data on D: intact? TIA
>>>
>>> The problem is that the bad guys could have installed mallware on D:
>>> which
>>> will allow them easy access later.
>>>
>
>
>>I'm pleased that you agree!
>
>
>
>
>>>>>
>>>>> Wipe, as in the entire physical drive, everything, period, nada
>>>>> left.
>>>>>
>>>>> --
>>>
>>>>That is straight-forward advice ....... but I wonder how many (even
>>>>'professionals') follow it!
>>>
>>>>Are you just as confident that ........ I'll call them 'gremlins'
>>>>......... cannot remain within a computer if the hard drive is wiped
>>>>as
>>>>you describe (or even replaced with a new one)?
>>>
>>>>What about gremlins hiding in, say, a RAM stick or somewhere on the
>>>>motherboard? There again, how could you possibly know the answer?!!
>>>>
>>>
>>> Exactly how would they hide on the motherboard?
>
>
>>No idea if that is possible! Just asking
>
>
>>> If you had your ram stick plugged in at any time after the infection
>>> then
>>> yes, it should also be wiped.
>
>
>>How, please, does one 'wipe' a RAM stick?
>
> For this, just erase all files, including all hidden files.
>

Hi "Unruh"

I think we are at cross purposes - no doubt due to me being less than
clear. I'm sorry for any confusion.

Please take a look here
http://ask-leo.com/can_i_use_a_usb_r..._memor y.html
That item refers to what I now think *you* were referring . Correct?

*I* was referring to 'system' RAM viz:
http://lifehacker.com/software/featu...ram-138665.php

I know that all memory on system RAM is *supposed* to die without
power - when you study the construction, though, it seems quite feasible
to me (a layman) that such an item *could* be configured to retain
'gremlins', so to speak!

I have been led to believe that the BIOS on a motherboad can be
attacked/infected but I have no knowledge of how one may check and/or
'clean' same.

--
John

John D

"Tim Jackson" <> wrote in message
news:yc-dnYIInuYkH-...
> John D wrote:
>
>> I have been led to believe that the BIOS on a motherboad can be
>> attacked/infected but I have no knowledge of how one may check and/or
>> 'clean' same.
>>
>
> It can, but it isn't a likely attack route. The method varies
> according to the make and model of motherboard, and some boards have a
> jumper that must be set to allow any writing the flash ROM at all, or
> have a hard-coded alarm that warns you when writing is being enabled.
> So it is an unreliable and expensive method for a hacker.
>
> If you want to check, then look into your motherboard's flash update
> utility (probably on the CD that came with it, or on the
> manufacturer's website) and see if you can copy the existing flash
> contents. If so then you can make a baseline copy, and periodically
> repeat the process to make sure you continue to get the same data.
>
> You can probably find a security utility somewhere that will mirror
> the BIOS area of the memory map, which is pretty much the same thing
> in most cases
>
> And don't forget your tinfoil helmet to keep aliens from controlling
> your brain.
>
>
> Tim Jackson.

I appreciate this information, Tim. Thank you for taking the time and
trouble to post.

In another group, Shenan Stanley MVP said .........

"If the 'gremlin' was in the BIOS - the only writable media I know about
that could act in the way you are implying internal to the machine with
your "somewhere on the motherboard" comment - you've been more than
infested with malware."

Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
deliberately attacked - so there!

--
John

John D

In article <glatg0$2lk$>, John_D@Ican says...
> "Leythos" <> wrote in message
> news: om...
> > In article <>,
> > says...
> >> When you say "Wiping and reinstalling" do you mean deleting all
> >> partitions and formatting or do you feel that it is satisfactory
> >> (say,
> >> on a single hard disk that has two partitions C: and D to reinstall
> >> Windows on the C: drive leaving data on D: intact? TIA
> >
> > Wipe, as in the entire physical drive, everything, period, nada left.
> >
> > --
>
> That is straight-forward advice ....... but I wonder how many (even
> 'professionals') follow it!
>
> Are you just as confident that ........ I'll call them 'gremlins'
> ......... cannot remain within a computer if the hard drive is wiped as
> you describe (or even replaced with a new one)?

In my shop we wipe, delete all partitions, etc... I've yet to see
ANYTHING make it past that - booting from clean media and then wiping
the drive has always worked. Been doing this since the late 70's, never
seen a wiped machine retain malware after a full wipe.

> What about gremlins hiding in, say, a RAM stick or somewhere on the
> motherboard? There again, how could you possibly know the answer?!!

Well, since I've not seen, actually myself, any malware that inserts
itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
and since I would NEVER keep any devices (USB memory) connected during
the cleaning phase, it's not an issue. How could I know the answer? I
use to actually design motherboards, the actual boards from the chip
level, and in the old days I actually developed several chips (analog
switches), so I know a little bit about computers.


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(remove 999 for proper email address)

Leythos

"John D" <John_D@Ican playgames.too> writes:


>>
>>>How, please, does one 'wipe' a RAM stick?
>>
>> For this, just erase all files, including all hidden files.
>>

>Hi "Unruh"

>I think we are at cross purposes - no doubt due to me being less than
>clear. I'm sorry for any confusion.

>Please take a look here
>http://ask-leo.com/can_i_use_a_usb_r..._memor y.html
>That item refers to what I now think *you* were referring . Correct?

>*I* was referring to 'system' RAM viz:
>http://lifehacker.com/software/featu...ram-138665.php

It is completely erased every time the computer is switched off.


>I know that all memory on system RAM is *supposed* to die without
>power - when you study the construction, though, it seems quite feasible
>to me (a layman) that such an item *could* be configured to retain
>'gremlins', so to speak!

No. Could someone develope a piece of ram that retained its memory despite
power removal? possibly-- but exactly why would you buy it, especially
since it is vastly slower than real ram.


>I have been led to believe that the BIOS on a motherboad can be
>attacked/infected but I have no knowledge of how one may check and/or
>'clean' same.

Buy a new computer. Anyway, the chances of anyone subv erting the bios and
leaving the machine bootable is almost nill. Would it be possible?
Yes.
It is also possible that President Obama spends four hours each day
personally going over the transcripts of all the conversations you have had that day
Yes, it is possible.

>--
>John

Unruh

I'm still considering how best to answer you, Tim!
--
John

"Tim Jackson" <> wrote in message
news: et...
> John D wrote:
>> "Tim Jackson" <> wrote in message
>> news:yc-dnYIInuYkH-...
>>> John D wrote:
>>>
>>>> I have been led to believe that the BIOS on a motherboad can be
>>>> attacked/infected but I have no knowledge of how one may check
>>>> and/or 'clean' same.
>>>>
>>> It can, but it isn't a likely attack route. The method varies
>>> according to the make and model of motherboard, and some boards have
>>> a jumper that must be set to allow any writing the flash ROM at all,
>>> or have a hard-coded alarm that warns you when writing is being
>>> enabled. So it is an unreliable and expensive method for a hacker.
>>>
>>> If you want to check, then look into your motherboard's flash update
>>> utility (probably on the CD that came with it, or on the
>>> manufacturer's website) and see if you can copy the existing flash
>>> contents. If so then you can make a baseline copy, and periodically
>>> repeat the process to make sure you continue to get the same data.
>>>
>>> You can probably find a security utility somewhere that will mirror
>>> the BIOS area of the memory map, which is pretty much the same thing
>>> in most cases
>>>
>>> And don't forget your tinfoil helmet to keep aliens from controlling
>>> your brain.
>>>
>>>
>>> Tim Jackson.
>>
>> I appreciate this information, Tim. Thank you for taking the time and
>> trouble to post.
>>
>> In another group, Shenan Stanley MVP said .........
>>
>> "If the 'gremlin' was in the BIOS - the only writable media I know
>> about that could act in the way you are implying internal to the
>> machine with your "somewhere on the motherboard" comment - you've
>> been more than infested with malware."
>>
>> Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
>> deliberately attacked - so there!
>>
>> --
>> John
>>
>>
>
> Deliberately attacked maybe, but actually compromised via the BIOS? I
> find that hard to believe. Although it is theoretically possible, it
> is pretty impracticable for the reasons I gave. I never heard reports
> of an attack "in the wild" that works that way. I'd agree with the
> MVP that this would be more than a simple infestation, and would look
> to physical security, I think you must have folded the tinfoil
> wrongly.
>
> What were the characteristics of this malware, how did you identify
> it,
> does it have name, what symptoms did it cause, how did you cure it? I
> often find friends saying "my computer's got a virus" when actually
> they've got a memory defect or some such hardware fault. I'm sure
> readers here would be interested to hear technical details of such an
> attack.
>
> I can't see why anyone would use such a method. If it was a personal
> attack on a single computer, then a pick-axe would probably be easier.
> If it was some sort of wild malware on the net it would have to be
> very specific to a particular type of motherboard, and why should
> someone want to take the time write that when there are much simpler
> ways to achieve their objectives.
>
> Tim

John D

"Leythos" <> wrote in message
news: om...
> In article <glatg0$2lk$>, John_D@Ican says...
>> "Leythos" <> wrote in message
>> news: om...
>> > In article <>,
>> > says...
>> >> When you say "Wiping and reinstalling" do you mean deleting all
>> >> partitions and formatting or do you feel that it is satisfactory
>> >> (say,
>> >> on a single hard disk that has two partitions C: and D to
>> >> reinstall
>> >> Windows on the C: drive leaving data on D: intact? TIA
>> >
>> > Wipe, as in the entire physical drive, everything, period, nada
>> > left.
>> >
>> > --
>>
>> That is straight-forward advice ....... but I wonder how many (even
>> 'professionals') follow it!
>>
>> Are you just as confident that ........ I'll call them 'gremlins'
>> ......... cannot remain within a computer if the hard drive is wiped
>> as
>> you describe (or even replaced with a new one)?
>
> In my shop we wipe, delete all partitions, etc... I've yet to see
> ANYTHING make it past that - booting from clean media and then wiping
> the drive has always worked. Been doing this since the late 70's,
> never
> seen a wiped machine retain malware after a full wipe.
>
>> What about gremlins hiding in, say, a RAM stick or somewhere on the
>> motherboard? There again, how could you possibly know the answer?!!
>>
>
> Well, since I've not seen, actually myself, any malware that inserts
> itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
> and since I would NEVER keep any devices (USB memory) connected during
> the cleaning phase, it's not an issue. How could I know the answer? I
> use to actually design motherboards, the actual boards from the chip
> level, and in the old days I actually developed several chips (analog
> switches), so I know a little bit about computers.
>
>
> --
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> (remove 999 for proper email address)

Thanks for posting, Leythos.

I do not doubt your skill and experience. I'm simply a user who still
has much to learn. Thank you for helping me!

A silly question. You said "never seen a wiped machine retain malware
after a full wipe." If a gremlin was *really* clever (and hid from view)
just HOW would you know it was there? Perhaps one just has to assume
that it's not ............ !

--
John

John D