Advice Request Can a malware file survive a Windows reinstall?

RoboMan · Sep 23, 2019

Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.

Venustus · Sep 23, 2019

It could be on the MBR which is not wiped in a format,or a bios infection?...Maybe others can be more forthcoming.

EndangeredPootis · Sep 23, 2019

Rootkits is a more rare type of malware that instead of using your hard drive it uses other components, most commonly the MBR (Master Boot Record) to hide itself, which, altough doesnt cause a lot of damage to your system, they can do a lot of nasty things such as keylogging passwords to gain access to bank accounts, some even spy on you if you have a web camera, luckily, there are many tools that can be used to find them, however, if no tools work, the only thing left to do is to simply to reformat it.

93803123 · Sep 23, 2019

Robbie said:
Good morning to y'all.

I was reading online about persistent malware, rootkits and kernel hooking. I read somewhere about specific malware that, despite hard, could gain persistence even after a format.

So I want to ask: how is this possible? What's the explanation behind it? If it hooks the kernel, this means the kernel isn't replaced/reinstalled when you clean install Windows?

Thanks in advance.

Malicious code running at a low level such as hardware firmware is an example. Much firmware is not wiped when the operating system is reinstalled.

Aleeyen · Sep 23, 2019

Anything that doesn't gets wiped out after formatting can cause damage.
Even recovered data may contain malware.

jetman · Sep 23, 2019

So what is the best way to clear an infected PC of potential malware ?

Apart from re-installing Windows, what other steps could the average user take ?

93803123 · Sep 23, 2019

jogs said:
Anything that doesn't gets wiped out after formatting can cause damage.
Even recovered data may contain malware.

The average user could do this, but why would they want to ?

1. Bare metal any attached storage and start all over again
2. Wipe cloud storage or start all over again with newly created cloud storage
3. Flash BIOS and reinstall
4. Reinstall all drivers - not just on the system but also all attached peripherals

Good luck with all that.

Meanwhile, despite the above extraordinary efforts, one can still get infected again via multiple vectors - let's start with something basic - like the router.

BoraMurdar · Sep 23, 2019

Except malware that infects bootloader sectors of the partition and hardware based malware (firmware malware), other malware cannot survive if you just delete the whole disk and repartition it. (It resets the MBR and PBR)

blackice · Sep 23, 2019

BoraMurdar said:
Except malware that infects bootloader sectors of the partition and hardware based malware (firmware malware), other malware cannot survive if you just delete the whole disk and repartition it. (It resets the MBR and PBR)

If you have a clean image backup can’t you just reimage?

BoraMurdar · Sep 23, 2019

blackice said:
If you have a clean image backup can’t you just reimage?

That's basically the same thing, just automated

Just making sure that the image isn't compromised and there would be no practical difference.

blackice · Sep 23, 2019

BoraMurdar said:
That's basically the same thing, just automated Just making sure that the image isn't compromised and there would be no practical difference.

That’s why I keep weekly images for 5 weeks. Makes it pretty easy to revert. I’ve only had to do it once. And I only had a small suspicion there was an issue, but it’s so easy to do why not?

shmu26 · Sep 23, 2019

Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.

BoraMurdar · Sep 23, 2019

shmu26 said:
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.

+1
Only people who hide secret Coca-Cola recipe on their hard drive should be afraid of this sophisticated hardware malware...

floalma · Sep 24, 2019

What's mean GPT ?

shmu26 said:
Nowadays, most people are using GPT when they install Windows, so that gets rid of the MBR problem.
And malware infecting the firmware is almost impossible these days, because modern Windows systems use Secure boot.
So a clean reinstall on a GPT partition should be secure enough.

Venustus · Sep 24, 2019

Windows Setup: Installing using the MBR or GPT partition style

docs.microsoft.com

shmu26 · Sep 24, 2019

floalma said:
What's mean GPT ?

It's the new and preferred partition table, it replaces the old MBR.
Before you create a partition, the disk needs to have a partition table.

Search

Search

Advice Request Can a malware file survive a Windows reinstall?

RoboMan

Level 38

Venustus

Level 59

EndangeredPootis

Level 10

93803123

Aleeyen

Level 22

jetman

Level 10

93803123

BoraMurdar

Super Moderator

blackice

Level 39

BoraMurdar

Super Moderator

blackice

Level 39

shmu26

Level 85

BoraMurdar

Super Moderator

floalma

Level 4

Venustus

Level 59

Windows Setup: Installing using the MBR or GPT partition style

shmu26

Level 85

You may also like...