Cleaning a computer - any other views here?

Discussion in 'Computer Security' started by John D, Jan 22, 2009.

  1. John D

    John D Guest

    "Leythos" <> wrote in message
    news:...
    > In article <>,
    > says...
    >> When you say "Wiping and reinstalling" do you mean deleting all
    >> partitions and formatting or do you feel that it is satisfactory
    >> (say,
    >> on a single hard disk that has two partitions C: and D:) to reinstall
    >> Windows on the C: drive leaving data on D: intact? TIA

    >
    > Wipe, as in the entire physical drive, everything, period, nada left.
    >
    > --


    That is straight-forward advice ....... but I wonder how many (even
    'professionals') follow it!

    Are you just as confident that ........ I'll call them 'gremlins'
    .......... cannot remain within a computer if the hard drive is wiped as
    you describe (or even replaced with a new one)?

    What about gremlins hiding in, say, a RAM stick or somewhere on the
    motherboard? There again, how could you possibly know the answer?!! ;)
     
    John D, Jan 22, 2009
    #1
    1. Advertising

  2. John D

    Unruh Guest

    "John D" <John_D@Ican playgames.too> writes:

    >"Leythos" <> wrote in message
    >news:...
    >> In article <>,
    >> says...
    >>> When you say "Wiping and reinstalling" do you mean deleting all
    >>> partitions and formatting or do you feel that it is satisfactory
    >>> (say,
    >>> on a single hard disk that has two partitions C: and D:) to reinstall
    >>> Windows on the C: drive leaving data on D: intact? TIA


    The problem is that the bad guys could have installed mallware on D: which
    will allow them easy access later.

    >>
    >> Wipe, as in the entire physical drive, everything, period, nada left.
    >>
    >> --


    >That is straight-forward advice ....... but I wonder how many (even
    >'professionals') follow it!


    >Are you just as confident that ........ I'll call them 'gremlins'
    >......... cannot remain within a computer if the hard drive is wiped as
    >you describe (or even replaced with a new one)?


    >What about gremlins hiding in, say, a RAM stick or somewhere on the
    >motherboard? There again, how could you possibly know the answer?!! ;)


    Exactly how would they hide on the motherboard?
    If you had your ram stick plugged in at any time after the infection then
    yes, it should also be wiped.
     
    Unruh, Jan 22, 2009
    #2
    1. Advertising

  3. John D

    John D Guest

    "Unruh" <> wrote in message
    news:0c7el.7035$Db2.1044@edtnps83...
    > "John D" <John_D@Ican playgames.too> writes:
    >
    >>"Leythos" <> wrote in message
    >>news:...
    >>> In article <>,
    >>> says...
    >>>> When you say "Wiping and reinstalling" do you mean deleting all
    >>>> partitions and formatting or do you feel that it is satisfactory
    >>>> (say,
    >>>> on a single hard disk that has two partitions C: and D:) to
    >>>> reinstall
    >>>> Windows on the C: drive leaving data on D: intact? TIA

    >
    > The problem is that the bad guys could have installed mallware on D:
    > which
    > will allow them easy access later.
    >



    I'm pleased that you agree! :)




    >>>
    >>> Wipe, as in the entire physical drive, everything, period, nada
    >>> left.
    >>>
    >>> --

    >
    >>That is straight-forward advice ....... but I wonder how many (even
    >>'professionals') follow it!

    >
    >>Are you just as confident that ........ I'll call them 'gremlins'
    >>......... cannot remain within a computer if the hard drive is wiped
    >>as
    >>you describe (or even replaced with a new one)?

    >
    >>What about gremlins hiding in, say, a RAM stick or somewhere on the
    >>motherboard? There again, how could you possibly know the answer?!! ;)

    >
    > Exactly how would they hide on the motherboard?



    No idea if that is possible! Just asking :)


    > If you had your ram stick plugged in at any time after the infection
    > then
    > yes, it should also be wiped.



    How, please, does one 'wipe' a RAM stick?


    Thanks for responding btw!

    --
    John
     
    John D, Jan 22, 2009
    #3
  4. John D

    Unruh Guest

    "John D" <John_D@Ican playgames.too> writes:


    >"Unruh" <> wrote in message
    >news:0c7el.7035$Db2.1044@edtnps83...
    >> "John D" <John_D@Ican playgames.too> writes:
    >>
    >>>"Leythos" <> wrote in message
    >>>news:...
    >>>> In article <>,
    >>>> says...
    >>>>> When you say "Wiping and reinstalling" do you mean deleting all
    >>>>> partitions and formatting or do you feel that it is satisfactory
    >>>>> (say,
    >>>>> on a single hard disk that has two partitions C: and D:) to
    >>>>> reinstall
    >>>>> Windows on the C: drive leaving data on D: intact? TIA

    >>
    >> The problem is that the bad guys could have installed mallware on D:
    >> which
    >> will allow them easy access later.
    >>



    >I'm pleased that you agree! :)





    >>>>
    >>>> Wipe, as in the entire physical drive, everything, period, nada
    >>>> left.
    >>>>
    >>>> --

    >>
    >>>That is straight-forward advice ....... but I wonder how many (even
    >>>'professionals') follow it!

    >>
    >>>Are you just as confident that ........ I'll call them 'gremlins'
    >>>......... cannot remain within a computer if the hard drive is wiped
    >>>as
    >>>you describe (or even replaced with a new one)?

    >>
    >>>What about gremlins hiding in, say, a RAM stick or somewhere on the
    >>>motherboard? There again, how could you possibly know the answer?!! ;)

    >>
    >> Exactly how would they hide on the motherboard?



    >No idea if that is possible! Just asking :)



    >> If you had your ram stick plugged in at any time after the infection
    >> then
    >> yes, it should also be wiped.



    >How, please, does one 'wipe' a RAM stick?


    For this, just erase all files, including all hidden files.
     
    Unruh, Jan 23, 2009
    #4
  5. John D

    John D Guest

    "Unruh" <> wrote in message
    news:z29el.6233$PH1.2719@edtnps82...
    > "John D" <John_D@Ican playgames.too> writes:
    >
    >
    >>"Unruh" <> wrote in message
    >>news:0c7el.7035$Db2.1044@edtnps83...
    >>> "John D" <John_D@Ican playgames.too> writes:
    >>>
    >>>>"Leythos" <> wrote in message
    >>>>news:...
    >>>>> In article <>,
    >>>>> says...
    >>>>>> When you say "Wiping and reinstalling" do you mean deleting all
    >>>>>> partitions and formatting or do you feel that it is satisfactory
    >>>>>> (say,
    >>>>>> on a single hard disk that has two partitions C: and D:) to
    >>>>>> reinstall
    >>>>>> Windows on the C: drive leaving data on D: intact? TIA
    >>>
    >>> The problem is that the bad guys could have installed mallware on D:
    >>> which
    >>> will allow them easy access later.
    >>>

    >
    >
    >>I'm pleased that you agree! :)

    >
    >
    >
    >
    >>>>>
    >>>>> Wipe, as in the entire physical drive, everything, period, nada
    >>>>> left.
    >>>>>
    >>>>> --
    >>>
    >>>>That is straight-forward advice ....... but I wonder how many (even
    >>>>'professionals') follow it!
    >>>
    >>>>Are you just as confident that ........ I'll call them 'gremlins'
    >>>>......... cannot remain within a computer if the hard drive is wiped
    >>>>as
    >>>>you describe (or even replaced with a new one)?
    >>>
    >>>>What about gremlins hiding in, say, a RAM stick or somewhere on the
    >>>>motherboard? There again, how could you possibly know the answer?!!
    >>>>;)
    >>>
    >>> Exactly how would they hide on the motherboard?

    >
    >
    >>No idea if that is possible! Just asking :)

    >
    >
    >>> If you had your ram stick plugged in at any time after the infection
    >>> then
    >>> yes, it should also be wiped.

    >
    >
    >>How, please, does one 'wipe' a RAM stick?

    >
    > For this, just erase all files, including all hidden files.
    >


    Hi "Unruh"

    I think we are at cross purposes - no doubt due to me being less than
    clear. I'm sorry for any confusion.

    Please take a look here
    http://ask-leo.com/can_i_use_a_usb_ram_stick_to_increase_system_memory.html
    That item refers to what I now think *you* were referring . Correct?

    *I* was referring to 'system' RAM viz:
    http://lifehacker.com/software/feature/hack-attack-how-to-install-ram-138665.php

    I know that all memory on system RAM is *supposed* to die without
    power - when you study the construction, though, it seems quite feasible
    to me (a layman) that such an item *could* be configured to retain
    'gremlins', so to speak!

    I have been led to believe that the BIOS on a motherboad can be
    attacked/infected but I have no knowledge of how one may check and/or
    'clean' same.

    --
    John
     
    John D, Jan 23, 2009
    #5
  6. John D

    John D Guest

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >
    >> I have been led to believe that the BIOS on a motherboad can be
    >> attacked/infected but I have no knowledge of how one may check and/or
    >> 'clean' same.
    >>

    >
    > It can, but it isn't a likely attack route. The method varies
    > according to the make and model of motherboard, and some boards have a
    > jumper that must be set to allow any writing the flash ROM at all, or
    > have a hard-coded alarm that warns you when writing is being enabled.
    > So it is an unreliable and expensive method for a hacker.
    >
    > If you want to check, then look into your motherboard's flash update
    > utility (probably on the CD that came with it, or on the
    > manufacturer's website) and see if you can copy the existing flash
    > contents. If so then you can make a baseline copy, and periodically
    > repeat the process to make sure you continue to get the same data.
    >
    > You can probably find a security utility somewhere that will mirror
    > the BIOS area of the memory map, which is pretty much the same thing
    > in most cases
    >
    > And don't forget your tinfoil helmet to keep aliens from controlling
    > your brain.
    >
    >
    > Tim Jackson.


    I appreciate this information, Tim. Thank you for taking the time and
    trouble to post.

    In another group, Shenan Stanley MVP said .........

    "If the 'gremlin' was in the BIOS - the only writable media I know about
    that could act in the way you are implying internal to the machine with
    your "somewhere on the motherboard" comment - you've been more than
    infested with malware."

    Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
    deliberately attacked - so there!

    --
    John
     
    John D, Jan 23, 2009
    #6
  7. John D

    Leythos Guest

    In article <glatg0$2lk$>, John_D@Ican says...
    > "Leythos" <> wrote in message
    > news:...
    > > In article <>,
    > > says...
    > >> When you say "Wiping and reinstalling" do you mean deleting all
    > >> partitions and formatting or do you feel that it is satisfactory
    > >> (say,
    > >> on a single hard disk that has two partitions C: and D:) to reinstall
    > >> Windows on the C: drive leaving data on D: intact? TIA

    > >
    > > Wipe, as in the entire physical drive, everything, period, nada left.
    > >
    > > --

    >
    > That is straight-forward advice ....... but I wonder how many (even
    > 'professionals') follow it!
    >
    > Are you just as confident that ........ I'll call them 'gremlins'
    > ......... cannot remain within a computer if the hard drive is wiped as
    > you describe (or even replaced with a new one)?


    In my shop we wipe, delete all partitions, etc... I've yet to see
    ANYTHING make it past that - booting from clean media and then wiping
    the drive has always worked. Been doing this since the late 70's, never
    seen a wiped machine retain malware after a full wipe.

    > What about gremlins hiding in, say, a RAM stick or somewhere on the
    > motherboard? There again, how could you possibly know the answer?!! ;)


    Well, since I've not seen, actually myself, any malware that inserts
    itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
    and since I would NEVER keep any devices (USB memory) connected during
    the cleaning phase, it's not an issue. How could I know the answer? I
    use to actually design motherboards, the actual boards from the chip
    level, and in the old days I actually developed several chips (analog
    switches), so I know a little bit about computers.


    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, Jan 23, 2009
    #7
  8. John D

    Unruh Guest

    "John D" <John_D@Ican playgames.too> writes:


    >>
    >>>How, please, does one 'wipe' a RAM stick?

    >>
    >> For this, just erase all files, including all hidden files.
    >>


    >Hi "Unruh"


    >I think we are at cross purposes - no doubt due to me being less than
    >clear. I'm sorry for any confusion.


    >Please take a look here
    >http://ask-leo.com/can_i_use_a_usb_ram_stick_to_increase_system_memory.html
    >That item refers to what I now think *you* were referring . Correct?


    >*I* was referring to 'system' RAM viz:
    >http://lifehacker.com/software/feature/hack-attack-how-to-install-ram-138665.php


    It is completely erased every time the computer is switched off.


    >I know that all memory on system RAM is *supposed* to die without
    >power - when you study the construction, though, it seems quite feasible
    >to me (a layman) that such an item *could* be configured to retain
    >'gremlins', so to speak!


    No. Could someone develope a piece of ram that retained its memory despite
    power removal? possibly-- but exactly why would you buy it, especially
    since it is vastly slower than real ram.


    >I have been led to believe that the BIOS on a motherboad can be
    >attacked/infected but I have no knowledge of how one may check and/or
    >'clean' same.


    Buy a new computer. Anyway, the chances of anyone subv erting the bios and
    leaving the machine bootable is almost nill. Would it be possible?
    Yes.
    It is also possible that President Obama spends four hours each day
    personally going over the transcripts of all the conversations you have had that day
    Yes, it is possible.

    >--
    >John
     
    Unruh, Jan 23, 2009
    #8
  9. John D

    John D Guest

    I'm still considering how best to answer you, Tim!
    --
    John

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >> "Tim Jackson" <> wrote in message
    >> news:...
    >>> John D wrote:
    >>>
    >>>> I have been led to believe that the BIOS on a motherboad can be
    >>>> attacked/infected but I have no knowledge of how one may check
    >>>> and/or 'clean' same.
    >>>>
    >>> It can, but it isn't a likely attack route. The method varies
    >>> according to the make and model of motherboard, and some boards have
    >>> a jumper that must be set to allow any writing the flash ROM at all,
    >>> or have a hard-coded alarm that warns you when writing is being
    >>> enabled. So it is an unreliable and expensive method for a hacker.
    >>>
    >>> If you want to check, then look into your motherboard's flash update
    >>> utility (probably on the CD that came with it, or on the
    >>> manufacturer's website) and see if you can copy the existing flash
    >>> contents. If so then you can make a baseline copy, and periodically
    >>> repeat the process to make sure you continue to get the same data.
    >>>
    >>> You can probably find a security utility somewhere that will mirror
    >>> the BIOS area of the memory map, which is pretty much the same thing
    >>> in most cases
    >>>
    >>> And don't forget your tinfoil helmet to keep aliens from controlling
    >>> your brain.
    >>>
    >>>
    >>> Tim Jackson.

    >>
    >> I appreciate this information, Tim. Thank you for taking the time and
    >> trouble to post.
    >>
    >> In another group, Shenan Stanley MVP said .........
    >>
    >> "If the 'gremlin' was in the BIOS - the only writable media I know
    >> about that could act in the way you are implying internal to the
    >> machine with your "somewhere on the motherboard" comment - you've
    >> been more than infested with malware."
    >>
    >> Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
    >> deliberately attacked - so there!
    >>
    >> --
    >> John
    >>
    >>

    >
    > Deliberately attacked maybe, but actually compromised via the BIOS? I
    > find that hard to believe. Although it is theoretically possible, it
    > is pretty impracticable for the reasons I gave. I never heard reports
    > of an attack "in the wild" that works that way. I'd agree with the
    > MVP that this would be more than a simple infestation, and would look
    > to physical security, I think you must have folded the tinfoil
    > wrongly.
    >
    > What were the characteristics of this malware, how did you identify
    > it,
    > does it have name, what symptoms did it cause, how did you cure it? I
    > often find friends saying "my computer's got a virus" when actually
    > they've got a memory defect or some such hardware fault. I'm sure
    > readers here would be interested to hear technical details of such an
    > attack.
    >
    > I can't see why anyone would use such a method. If it was a personal
    > attack on a single computer, then a pick-axe would probably be easier.
    > If it was some sort of wild malware on the net it would have to be
    > very specific to a particular type of motherboard, and why should
    > someone want to take the time write that when there are much simpler
    > ways to achieve their objectives.
    >
    > Tim
     
    John D, Jan 25, 2009
    #9
  10. John D

    John D Guest

    "Leythos" <> wrote in message
    news:...
    > In article <glatg0$2lk$>, John_D@Ican says...
    >> "Leythos" <> wrote in message
    >> news:...
    >> > In article <>,
    >> > says...
    >> >> When you say "Wiping and reinstalling" do you mean deleting all
    >> >> partitions and formatting or do you feel that it is satisfactory
    >> >> (say,
    >> >> on a single hard disk that has two partitions C: and D:) to
    >> >> reinstall
    >> >> Windows on the C: drive leaving data on D: intact? TIA
    >> >
    >> > Wipe, as in the entire physical drive, everything, period, nada
    >> > left.
    >> >
    >> > --

    >>
    >> That is straight-forward advice ....... but I wonder how many (even
    >> 'professionals') follow it!
    >>
    >> Are you just as confident that ........ I'll call them 'gremlins'
    >> ......... cannot remain within a computer if the hard drive is wiped
    >> as
    >> you describe (or even replaced with a new one)?

    >
    > In my shop we wipe, delete all partitions, etc... I've yet to see
    > ANYTHING make it past that - booting from clean media and then wiping
    > the drive has always worked. Been doing this since the late 70's,
    > never
    > seen a wiped machine retain malware after a full wipe.
    >
    >> What about gremlins hiding in, say, a RAM stick or somewhere on the
    >> motherboard? There again, how could you possibly know the answer?!!
    >> ;)

    >
    > Well, since I've not seen, actually myself, any malware that inserts
    > itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
    > and since I would NEVER keep any devices (USB memory) connected during
    > the cleaning phase, it's not an issue. How could I know the answer? I
    > use to actually design motherboards, the actual boards from the chip
    > level, and in the old days I actually developed several chips (analog
    > switches), so I know a little bit about computers.
    >
    >
    > --
    > - Igitur qui desiderat pacem, praeparet bellum.
    > - Calling an illegal alien an "undocumented worker" is like calling a
    > drug dealer an "unlicensed pharmacist"
    > (remove 999 for proper email address)


    Thanks for posting, Leythos.

    I do not doubt your skill and experience. I'm simply a user who still
    has much to learn. Thank you for helping me! :)

    A silly question. You said "never seen a wiped machine retain malware
    after a full wipe." If a gremlin was *really* clever (and hid from view)
    just HOW would you know it was there? Perhaps one just has to assume
    that it's not ............ !

    --
    John
     
    John D, Jan 25, 2009
    #10
  11. John D

    Leythos Guest

    In article <glirsv$9hm$>, John_D@Ican says...
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <glatg0$2lk$>, John_D@Ican says...
    > >> "Leythos" <> wrote in message
    > >> news:...
    > >> > In article <>,
    > >> > says...
    > >> >> When you say "Wiping and reinstalling" do you mean deleting all
    > >> >> partitions and formatting or do you feel that it is satisfactory
    > >> >> (say,
    > >> >> on a single hard disk that has two partitions C: and D:) to
    > >> >> reinstall
    > >> >> Windows on the C: drive leaving data on D: intact? TIA
    > >> >
    > >> > Wipe, as in the entire physical drive, everything, period, nada
    > >> > left.
    > >> >
    > >> > --
    > >>
    > >> That is straight-forward advice ....... but I wonder how many (even
    > >> 'professionals') follow it!
    > >>
    > >> Are you just as confident that ........ I'll call them 'gremlins'
    > >> ......... cannot remain within a computer if the hard drive is wiped
    > >> as
    > >> you describe (or even replaced with a new one)?

    > >
    > > In my shop we wipe, delete all partitions, etc... I've yet to see
    > > ANYTHING make it past that - booting from clean media and then wiping
    > > the drive has always worked. Been doing this since the late 70's,
    > > never
    > > seen a wiped machine retain malware after a full wipe.
    > >
    > >> What about gremlins hiding in, say, a RAM stick or somewhere on the
    > >> motherboard? There again, how could you possibly know the answer?!!
    > >> ;)

    > >
    > > Well, since I've not seen, actually myself, any malware that inserts
    > > itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
    > > and since I would NEVER keep any devices (USB memory) connected during
    > > the cleaning phase, it's not an issue. How could I know the answer? I
    > > use to actually design motherboards, the actual boards from the chip
    > > level, and in the old days I actually developed several chips (analog
    > > switches), so I know a little bit about computers.
    > >
    > >
    > > --
    > > - Igitur qui desiderat pacem, praeparet bellum.
    > > - Calling an illegal alien an "undocumented worker" is like calling a
    > > drug dealer an "unlicensed pharmacist"
    > > (remove 999 for proper email address)

    >
    > Thanks for posting, Leythos.
    >
    > I do not doubt your skill and experience. I'm simply a user who still
    > has much to learn. Thank you for helping me! :)
    >
    > A silly question. You said "never seen a wiped machine retain malware
    > after a full wipe." If a gremlin was *really* clever (and hid from view)
    > just HOW would you know it was there? Perhaps one just has to assume
    > that it's not ............ !


    Because I have faith in the tools I use to wipe a drive at the lowest
    level and the tools that I use to detect malware (detect to a point).

    While I can't be 100.0% sure the machine is clean, I can be sure enough
    to warrant providing a signed certificate stating it's clean and my
    attorney and insurance provider have never found a problem with it or
    asked me to stop.


    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, Jan 26, 2009
    #11
  12. John D

    John D Guest

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >> "Tim Jackson" <> wrote in message
    >> news:...
    >>> John D wrote:
    >>>
    >>>> I have been led to believe that the BIOS on a motherboad can be
    >>>> attacked/infected but I have no knowledge of how one may check
    >>>> and/or 'clean' same.
    >>>>
    >>> It can, but it isn't a likely attack route. The method varies
    >>> according to the make and model of motherboard, and some boards have
    >>> a jumper that must be set to allow any writing the flash ROM at all,
    >>> or have a hard-coded alarm that warns you when writing is being
    >>> enabled. So it is an unreliable and expensive method for a hacker.
    >>>
    >>> If you want to check, then look into your motherboard's flash update
    >>> utility (probably on the CD that came with it, or on the
    >>> manufacturer's website) and see if you can copy the existing flash
    >>> contents. If so then you can make a baseline copy, and periodically
    >>> repeat the process to make sure you continue to get the same data.
    >>>
    >>> You can probably find a security utility somewhere that will mirror
    >>> the BIOS area of the memory map, which is pretty much the same thing
    >>> in most cases
    >>>
    >>> And don't forget your tinfoil helmet to keep aliens from controlling
    >>> your brain.
    >>>
    >>>
    >>> Tim Jackson.

    >>
    >> I appreciate this information, Tim. Thank you for taking the time and
    >> trouble to post.
    >>
    >> In another group, Shenan Stanley MVP said .........
    >>
    >> "If the 'gremlin' was in the BIOS - the only writable media I know
    >> about that could act in the way you are implying internal to the
    >> machine with your "somewhere on the motherboard" comment - you've
    >> been more than infested with malware."
    >>
    >> Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
    >> deliberately attacked - so there!
    >>
    >> --
    >> John
    >>
    >>

    >


    Hi Tim - in line replies

    > Deliberately attacked maybe, but actually compromised via the BIOS? I
    > find that hard to believe. Although it is theoretically possible, it
    > is pretty impracticable for the reasons I gave. I never heard reports
    > of an attack "in the wild" that works that way. I'd agree with the
    > MVP that this would be more than a simple infestation, and would look
    > to physical security, I think you must have folded the tinfoil
    > wrongly.


    I thought I had been asking questions about such matters, not telling
    you that *my* BIOS had been compromised! (Although I may have done it
    myself - see later!).

    > What were the characteristics of this malware, how did you identify
    > it,
    > does it have name, what symptoms did it cause, how did you cure it? I
    > often find friends saying "my computer's got a virus" when actually
    > they've got a memory defect or some such hardware fault. I'm sure
    > readers here would be interested to hear technical details of such an
    > attack.


    How did I cure it? I scrapped the PC and bought another box - hand-built
    by a mature student learning to be a computer technician at Exeter
    college.

    > I can't see why anyone would use such a method. If it was a personal
    > attack on a single computer, then a pick-axe would probably be easier.
    > If it was some sort of wild malware on the net it would have to be
    > very specific to a particular type of motherboard, and why should
    > someone want to take the time write that when there are much simpler
    > ways to achieve their objectives.


    The history is long and involved, but in the early part of 2006 I spent
    hundreds of hours experimenting - including using my PC as a Honey-pot
    (without any protection) and then opening up just about every file in
    System32 with Notepad to read all manner of messages hidden in amongst
    the gobbledegook! Instead of 'cleaning' I became quite adept at
    flattening and reinstalling Windows from scratch (I have a retail copy
    of XP Home and Microsoft disks - now for SP1, 2 and 3). I bought Norton
    Internet Security 2006 and Ghost and spent many hours experimenting with
    them too. I experimented with FDISK and used Darik's Boot and Nuke too.
    http://en.wikipedia.org/wiki/Darik's_Boot_and_Nuke

    I also downloaded - from what I thought/hoped was the bonio fido MSI
    (Motherboard) web site - a copy of an updated BIOS and 'flashed' same. I
    made and kept a 'BIOS Resue Disk' (Floppy). I'd like to email you a copy
    of same to see if you consider it to have been 'the real McCoy'. There
    is a text file called 'Copying' that begins ....

    GNU GENERAL PUBLIC LICENSE
    Version 2, June 1991

    Copyright (C) 1989, 1991 Free Software Foundation, Inc.
    675 Mass Ave, Cambridge, MA 02139, USA
    Everyone is permitted to copy and distribute verbatim copies
    of this license document, but changing it is not allowed.

    And ends like this .......

    If the program is interactive, make it output a short notice like this
    when it starts in an interactive mode:

    Gnomovision version 69, Copyright (C) 19yy name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type
    `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

    The hypothetical commands `show w' and `show c' should show the
    appropriate
    parts of the General Public License. Of course, the commands you use
    may
    be called something other than `show w' and `show c'; they could even be
    mouse-clicks or menu items--whatever suits your program.

    You should also get your employer (if you work as a programmer) or your
    school, if any, to sign a "copyright disclaimer" for the program, if
    necessary. Here is a sample; alter the names:

    Yoyodyne, Inc., hereby disclaims all copyright interest in the program
    `Gnomovision' (which makes passes at compilers) written by James
    Hacker.

    <signature of Ty Coon>, 1 April 1989
    Ty Coon, President of Vice

    ************************

    Might you have time to look? Please advise. Thanks.
     
    John D, Jan 26, 2009
    #12
  13. John D

    John D Guest

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >> "Tim Jackson" <> wrote in message
    >> news:...
    >>> John D wrote:
    >>>>
    >>>> In another group, Shenan Stanley MVP said .........
    >>>>
    >>>> "If the 'gremlin' was in the BIOS - the only writable media I know
    >>>> about that could act in the way you are implying internal to the
    >>>> machine with your "somewhere on the motherboard" comment - you've
    >>>> been more than infested with malware."
    >>>>
    >>>> Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
    >>>> deliberately attacked - so there!
    >>>>

    >>
    >> Hi Tim - in line replies
    >>
    >>> Deliberately attacked maybe, but actually compromised via the BIOS?
    >>> I find that hard to believe. Although it is theoretically possible,
    >>> it is pretty impracticable for the reasons I gave. I never heard
    >>> reports of an attack "in the wild" that works that way. I'd agree
    >>> with the MVP that this would be more than a simple infestation, and
    >>> would look to physical security, I think you must have folded the
    >>> tinfoil wrongly.

    >>
    >> I thought I had been asking questions about such matters, not telling
    >> you that *my* BIOS had been compromised! (Although I may have done it
    >> myself - see later!).
    >>


    Hello again, Tim :)

    > Perhaps I misunderstood. You described a BIOS attack, then said you
    > were certain your computer had been attacked. I made the perhaps
    > unwarranted assumption that the two statements were connected.


    It's not always easy to communicate in this medium and I thank you for
    your understanding. Perhaps it was me who didn't explain clearly!

    > While it is surely *possible*, I have never heard of it being done and
    > I think it quite *impracticable* as an attack.


    Others seem to think likewise. I'll agree.

    > And to another of your posts, what would be the point of a "gremlin"
    > that didn't do anything. And why should you care that you had it.


    Ah - difficult for me to explain, being a non-techie! Let's sufice to
    say that I have 'picked up' from who-knows-where the idea that just a
    "little bit of code" could remain within a machine even after normal
    cleaning. Next time the box is connected to the Internet I have gathered
    that additional "code" can in some way be added to that previously left
    behind and then relevant malware resurrect itself.

    You are, I'm sure, aware that some modern malware can (and does) lay
    hidden - but active - within a machine, yet without the knowledge of the
    user.

    The more-or-less sole purpose of malware nowadays is to steal money or
    sell 'sake-oil' products. I was bitten for £245 and didn't like that. I
    especially didn't like being threatened by email messages when I
    eventually had my funds reinstated by PayPal. That is when I involved
    the police and subsequently discussed matters with the (then) "National
    High-Tech Computer Crime Unit". They were good - but understaffed and
    far too busy! Now it's http://www.soca.gov.uk/

    > I understand that you want to explore the possibilities, but you have
    > to draw a line somewhere else you will spend the rest of your life
    > chasing the shoals of red herring that no doubt exist. I mean what if
    > someone had tunnelled under your house, removed your computer then
    > carefully reinstated everything including an identical but different
    > computer. Sure it's possible, but pointless. One might do that to an
    > ATM or a PoS terminal to capture PINs, but there has to be significant
    > value in it to justify such an expensive and risky operation.


    You make your point well, Tim. Perhaps, as this is a special day for me,
    it is time to let things go.

    I'll try.
    --
    John
     
    John D, Jan 26, 2009
    #13
  14. John D

    John D Guest

    Ooops!

    In my long reply I apologise for my typo - I meant "snake-oil"!

    Sorry.
     
    John D, Jan 26, 2009
    #14
  15. John D

    John D Guest

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >> Ooops!
    >>
    >> In my long reply I apologise for my typo - I meant "snake-oil"!
    >>
    >> Sorry.
    >>
    >>

    >
    > LOL
    >
    > Sake oil sounds like some sort of interesting Japanese cocktail.
    >
    > Tim


    Off-the-wall humour - *just* like my boy! :)))

    Manchester has much to answer for!

    Nick had his car stolen there. The police found it - intact. But, by the
    time Nick got to it, someone had trashed it and set it on fire! C'est la
    vie! Back to the bank of mum and dad!
     
    John D, Jan 26, 2009
    #15
  16. John D

    John D Guest

    "Tim Jackson" <> wrote in message
    news:...
    > John D wrote:
    >> Ooops!
    >>
    >> In my long reply I apologise for my typo - I meant "snake-oil"!
    >>
    >> Sorry.
    >>
    >>

    >
    > LOL
    >
    > Sake oil sounds like some sort of interesting Japanese cocktail.
    >
    > Tim


    If you would like a tincture, explore ....... motzarella.newusers -
    Pictures in groups?

    Thanks for your email message btw!
    --
    John
     
    John D, Jan 27, 2009
    #16
  17. John D

    John D Guest

    FWIW - I'd trust YOU to clean *my* machine if you were close by! :)))

    Thanks for your helpful comments, Leythos.
    --
    John


    "Leythos" <> wrote in message
    news:...
    >
    > While I can't be 100.0% sure the machine is clean, I can be sure
    > enough
    > to warrant providing a signed certificate stating it's clean and my
    > attorney and insurance provider have never found a problem with it or
    > asked me to stop.
    >
    >
    > --
    > - Igitur qui desiderat pacem, praeparet bellum.
    > - Calling an illegal alien an "undocumented worker" is like calling a
    > drug dealer an "unlicensed pharmacist"
    > (remove 999 for proper email address)
     
    John D, Jan 29, 2009
    #17
  18. John D

    Leythos Guest

    In article <glsg6j$2ct$>, John_D@Ican says...
    > FWIW - I'd trust YOU to clean *my* machine if you were close by! :)))
    >
    > Thanks for your helpful comments, Leythos.


    Thanks, but I don't "Clean" machines for people I like, I wipe and
    reinstall them.

    There are a number of people in this group that I would trust as much as
    I trust myself with networks. Not to offend anyone by omission, but
    David Lipman as well as Stuart and Dustin, are people I would actually
    trust to work on my systems and network.

    There is one person that goes by many nyms that I would never allow to
    have access to my trusted networks, but I won't mention his name.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, Jan 29, 2009
    #18
  19. John D

    John D Guest

    "Leythos" <> wrote in message
    news:...
    > In article <glsg6j$2ct$>, John_D@Ican says...
    >> FWIW - I'd trust YOU to clean *my* machine if you were close by!
    >> :)))
    >>
    >> Thanks for your helpful comments, Leythos.

    >
    > Thanks, but I don't "Clean" machines for people I like, I wipe and
    > reinstall them.
    >
    > There are a number of people in this group that I would trust as much
    > as
    > I trust myself with networks. Not to offend anyone by omission, but
    > David Lipman as well as Stuart and Dustin, are people I would actually
    > trust to work on my systems and network.
    >
    > There is one person that goes by many nyms that I would never allow to
    > have access to my trusted networks, but I won't mention his name.
    >
    > --


    Wipe and reinstall sounds good to me, Leythos!

    When you say Dustin I'm going to assume you mean Dustin Cook of
    BugHunter and Malwarebytes fame.

    The un-named I assume is the one that refers to you as The Stalker. ;)

    Stuart though ............ that rings no bell. Further clarification
    please! Many thanks.
    --
    John
     
    John D, Feb 4, 2009
    #19
  20. John D

    Leythos Guest

    In article <gmbn6j$19k$>, John_D@Ican says...
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <glsg6j$2ct$>, John_D@Ican says...
    > >> FWIW - I'd trust YOU to clean *my* machine if you were close by!
    > >> :)))
    > >>
    > >> Thanks for your helpful comments, Leythos.

    > >
    > > Thanks, but I don't "Clean" machines for people I like, I wipe and
    > > reinstall them.
    > >
    > > There are a number of people in this group that I would trust as much
    > > as
    > > I trust myself with networks. Not to offend anyone by omission, but
    > > David Lipman as well as Stuart and Dustin, are people I would actually
    > > trust to work on my systems and network.
    > >
    > > There is one person that goes by many nyms that I would never allow to
    > > have access to my trusted networks, but I won't mention his name.
    > >
    > > --

    >
    > Wipe and reinstall sounds good to me, Leythos!
    >
    > When you say Dustin I'm going to assume you mean Dustin Cook of
    > BugHunter and Malwarebytes fame.
    >
    > The un-named I assume is the one that refers to you as The Stalker. ;)
    >
    > Stuart though ............ that rings no bell. Further clarification
    > please! Many thanks.


    Sorry, not additional details possible.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    (remove 999 for proper email address)
     
    Leythos, Feb 4, 2009
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. m33p
    Replies:
    5
    Views:
    1,038
    Consultant
    Jul 8, 2003
  2. Networking Student
    Replies:
    4
    Views:
    1,342
    vreyesii
    Nov 16, 2006
  3. A Mate

    Kodak DX 740 - any views??

    A Mate, Jun 30, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    301
    Ronald Baird
    Jul 12, 2005
  4. Neil

    Anyone have any views on the camera?

    Neil, Jun 21, 2006, in forum: Digital Photography
    Replies:
    30
    Views:
    1,836
    J. Clarke
    Jul 7, 2006
  5. mmyvusenet

    Other views

    mmyvusenet, Nov 20, 2011, in forum: Digital Photography
    Replies:
    3
    Views:
    226
    Bruce
    Nov 21, 2011
Loading...

Share This Page