Robbie

Level 28
Verified
Content Creator
Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.
 
Rootkits is a more rare type of malware that instead of using your hard drive it uses other components, most commonly the MBR (Master Boot Record) to hide itself, which, altough doesnt cause a lot of damage to your system, they can do a lot of nasty things such as keylogging passwords to gain access to bank accounts, some even spy on you if you have a web camera, luckily, there are many tools that can be used to find them, however, if no tools work, the only thing left to do is to simply to reformat it.
 
Last edited:
9

93803123

Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.
Malicious code running at a low level such as hardware firmware is an example. Much firmware is not wiped when the operating system is reinstalled.
 
9

93803123

Anything that doesn't gets wiped out after formatting can cause damage.
Even recovered data may contain malware.
The average user could do this, but why would they want to ?

1. Bare metal any attached storage and start all over again
2. Wipe cloud storage or start all over again with newly created cloud storage
3. Flash BIOS and reinstall
4. Reinstall all drivers - not just on the system but also all attached peripherals

Good luck with all that.

Meanwhile, despite the above extraordinary efforts, one can still get infected again via multiple vectors - let's start with something basic - like the router.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Verified
Staff member
Except malware that infects bootloader sectors of the partition and hardware based malware (firmware malware), other malware cannot survive if you just delete the whole disk and repartition it. (It resets the MBR and PBR)
 

shmu26

Level 83
Verified
Trusted
Content Creator
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.
 

BoraMurdar

Community Manager
Verified
Staff member
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.
+1
Only people who hide secret Coca-Cola recipe on their hard drive should be afraid of this sophisticated hardware malware...