Cleaning a computer - any other views here?

Discussion in 'Computer Security' started by John D, Jan 22, 2009.

  1. John D

    John D Guest

    That is straight-forward advice ....... but I wonder how many (even
    'professionals') follow it!

    Are you just as confident that ........ I'll call them 'gremlins'
    .......... cannot remain within a computer if the hard drive is wiped as
    you describe (or even replaced with a new one)?

    What about gremlins hiding in, say, a RAM stick or somewhere on the
    motherboard? There again, how could you possibly know the answer?!! ;)
     
    John D, Jan 22, 2009
    #1
    1. Advertisements

  2. John D

    Unruh Guest

    The problem is that the bad guys could have installed mallware on D: which
    will allow them easy access later.
    Exactly how would they hide on the motherboard?
    If you had your ram stick plugged in at any time after the infection then
    yes, it should also be wiped.
     
    Unruh, Jan 22, 2009
    #2
    1. Advertisements

  3. John D

    John D Guest


    I'm pleased that you agree! :)




    No idea if that is possible! Just asking :)


    How, please, does one 'wipe' a RAM stick?


    Thanks for responding btw!
     
    John D, Jan 22, 2009
    #3
  4. John D

    Unruh Guest

    For this, just erase all files, including all hidden files.
     
    Unruh, Jan 23, 2009
    #4
  5. John D

    John D Guest

    Hi "Unruh"

    I think we are at cross purposes - no doubt due to me being less than
    clear. I'm sorry for any confusion.

    Please take a look here
    http://ask-leo.com/can_i_use_a_usb_ram_stick_to_increase_system_memory.html
    That item refers to what I now think *you* were referring . Correct?

    *I* was referring to 'system' RAM viz:
    http://lifehacker.com/software/feature/hack-attack-how-to-install-ram-138665.php

    I know that all memory on system RAM is *supposed* to die without
    power - when you study the construction, though, it seems quite feasible
    to me (a layman) that such an item *could* be configured to retain
    'gremlins', so to speak!

    I have been led to believe that the BIOS on a motherboad can be
    attacked/infected but I have no knowledge of how one may check and/or
    'clean' same.
     
    John D, Jan 23, 2009
    #5
  6. John D

    John D Guest

    I appreciate this information, Tim. Thank you for taking the time and
    trouble to post.

    In another group, Shenan Stanley MVP said .........

    "If the 'gremlin' was in the BIOS - the only writable media I know about
    that could act in the way you are implying internal to the machine with
    your "somewhere on the motherboard" comment - you've been more than
    infested with malware."

    Even whilst wearing my tinfoil helmet, my last PC was, I'm certain,
    deliberately attacked - so there!
     
    John D, Jan 23, 2009
    #6
  7. John D

    Leythos Guest

    In my shop we wipe, delete all partitions, etc... I've yet to see
    ANYTHING make it past that - booting from clean media and then wiping
    the drive has always worked. Been doing this since the late 70's, never
    seen a wiped machine retain malware after a full wipe.
    Well, since I've not seen, actually myself, any malware that inserts
    itself into the BIOS NVRAM/EEPROM, nor into the same for a Video Card,
    and since I would NEVER keep any devices (USB memory) connected during
    the cleaning phase, it's not an issue. How could I know the answer? I
    use to actually design motherboards, the actual boards from the chip
    level, and in the old days I actually developed several chips (analog
    switches), so I know a little bit about computers.
     
    Leythos, Jan 23, 2009
    #7
  8. John D

    Unruh Guest

    It is completely erased every time the computer is switched off.

    No. Could someone develope a piece of ram that retained its memory despite
    power removal? possibly-- but exactly why would you buy it, especially
    since it is vastly slower than real ram.

    Buy a new computer. Anyway, the chances of anyone subv erting the bios and
    leaving the machine bootable is almost nill. Would it be possible?
    Yes.
    It is also possible that President Obama spends four hours each day
    personally going over the transcripts of all the conversations you have had that day
    Yes, it is possible.
     
    Unruh, Jan 23, 2009
    #8
  9. John D

    John D Guest

    I'm still considering how best to answer you, Tim!
     
    John D, Jan 25, 2009
    #9
  10. John D

    John D Guest

    Thanks for posting, Leythos.

    I do not doubt your skill and experience. I'm simply a user who still
    has much to learn. Thank you for helping me! :)

    A silly question. You said "never seen a wiped machine retain malware
    after a full wipe." If a gremlin was *really* clever (and hid from view)
    just HOW would you know it was there? Perhaps one just has to assume
    that it's not ............ !
     
    John D, Jan 25, 2009
    #10
  11. John D

    Leythos Guest

    Because I have faith in the tools I use to wipe a drive at the lowest
    level and the tools that I use to detect malware (detect to a point).

    While I can't be 100.0% sure the machine is clean, I can be sure enough
    to warrant providing a signed certificate stating it's clean and my
    attorney and insurance provider have never found a problem with it or
    asked me to stop.
     
    Leythos, Jan 26, 2009
    #11
  12. John D

    John D Guest

     
    John D, Jan 26, 2009
    #12
  13. John D

    John D Guest

    Hello again, Tim :)
    It's not always easy to communicate in this medium and I thank you for
    your understanding. Perhaps it was me who didn't explain clearly!
    Others seem to think likewise. I'll agree.
    Ah - difficult for me to explain, being a non-techie! Let's sufice to
    say that I have 'picked up' from who-knows-where the idea that just a
    "little bit of code" could remain within a machine even after normal
    cleaning. Next time the box is connected to the Internet I have gathered
    that additional "code" can in some way be added to that previously left
    behind and then relevant malware resurrect itself.

    You are, I'm sure, aware that some modern malware can (and does) lay
    hidden - but active - within a machine, yet without the knowledge of the
    user.

    The more-or-less sole purpose of malware nowadays is to steal money or
    sell 'sake-oil' products. I was bitten for £245 and didn't like that. I
    especially didn't like being threatened by email messages when I
    eventually had my funds reinstated by PayPal. That is when I involved
    the police and subsequently discussed matters with the (then) "National
    High-Tech Computer Crime Unit". They were good - but understaffed and
    far too busy! Now it's http://www.soca.gov.uk/
    You make your point well, Tim. Perhaps, as this is a special day for me,
    it is time to let things go.

    I'll try.
     
    John D, Jan 26, 2009
    #13
  14. John D

    John D Guest

    Ooops!

    In my long reply I apologise for my typo - I meant "snake-oil"!

    Sorry.
     
    John D, Jan 26, 2009
    #14
  15. John D

    John D Guest

    Off-the-wall humour - *just* like my boy! :)))

    Manchester has much to answer for!

    Nick had his car stolen there. The police found it - intact. But, by the
    time Nick got to it, someone had trashed it and set it on fire! C'est la
    vie! Back to the bank of mum and dad!
     
    John D, Jan 26, 2009
    #15
  16. John D

    John D Guest

    If you would like a tincture, explore ....... motzarella.newusers -
    Pictures in groups?

    Thanks for your email message btw!
     
    John D, Jan 27, 2009
    #16
  17. John D

    John D Guest

    FWIW - I'd trust YOU to clean *my* machine if you were close by! :)))

    Thanks for your helpful comments, Leythos.
     
    John D, Jan 29, 2009
    #17
  18. John D

    Leythos Guest

    Thanks, but I don't "Clean" machines for people I like, I wipe and
    reinstall them.

    There are a number of people in this group that I would trust as much as
    I trust myself with networks. Not to offend anyone by omission, but
    David Lipman as well as Stuart and Dustin, are people I would actually
    trust to work on my systems and network.

    There is one person that goes by many nyms that I would never allow to
    have access to my trusted networks, but I won't mention his name.
     
    Leythos, Jan 29, 2009
    #18
  19. John D

    John D Guest

    Wipe and reinstall sounds good to me, Leythos!

    When you say Dustin I'm going to assume you mean Dustin Cook of
    BugHunter and Malwarebytes fame.

    The un-named I assume is the one that refers to you as The Stalker. ;)

    Stuart though ............ that rings no bell. Further clarification
    please! Many thanks.
     
    John D, Feb 4, 2009
    #19
  20. John D

    Leythos Guest

    Sorry, not additional details possible.
     
    Leythos, Feb 4, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.