Advice Request Can a malware file survive a Windows reinstall?

Please provide comments and solutions that are helpful to the author of this topic.

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Rootkits is a more rare type of malware that instead of using your hard drive it uses other components, most commonly the MBR (Master Boot Record) to hide itself, which, altough doesnt cause a lot of damage to your system, they can do a lot of nasty things such as keylogging passwords to gain access to bank accounts, some even spy on you if you have a web camera, luckily, there are many tools that can be used to find them, however, if no tools work, the only thing left to do is to simply to reformat it.
 
Last edited:
9

93803123

Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.

Malicious code running at a low level such as hardware firmware is an example. Much firmware is not wiped when the operating system is reinstalled.
 
9

93803123

Anything that doesn't gets wiped out after formatting can cause damage.
Even recovered data may contain malware.

The average user could do this, but why would they want to ?

1. Bare metal any attached storage and start all over again
2. Wipe cloud storage or start all over again with newly created cloud storage
3. Flash BIOS and reinstall
4. Reinstall all drivers - not just on the system but also all attached peripherals

Good luck with all that.

Meanwhile, despite the above extraordinary efforts, one can still get infected again via multiple vectors - let's start with something basic - like the router.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Except malware that infects bootloader sectors of the partition and hardware based malware (firmware malware), other malware cannot survive if you just delete the whole disk and repartition it. (It resets the MBR and PBR)
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
That's basically the same thing, just automated :giggle: Just making sure that the image isn't compromised and there would be no practical difference.
That’s why I keep weekly images for 5 weeks. Makes it pretty easy to revert. I’ve only had to do it once. And I only had a small suspicion there was an issue, but it’s so easy to do why not?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.
+1
Only people who hide secret Coca-Cola recipe on their hard drive should be afraid of this sophisticated hardware malware...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top