Hello,
A rootkit can be implemented in several different ways, such as
through custom code in the master boot record, or a device driver
or a service in Windows.
Assuming there is nothing your friend wants to keep from the computer
(or it is backed up), all you need to do is erase the first sector
of the hard disk drive, which contains the master boot record code
and its associated partition table of data. Once that is gone, any
operating system installer will treat the hard disk drive as a blank
disk, and write a new MBR to the hard disk drive and create a new
partition table with it.
Regards,
Aryeh Goretsky
At 06:24 AM 6/25/2012, you wrote:
Message: 2
Date: Sun, 24 Jun 2012 19:39:18 -0400
From: "Rosen, Robert (NIH/NIAMS) [E]" <ros...@mail.nih.gov>
Subject: [Thinkpad] Rescue and Recovery format
To: "'thinkpad@stderr.org'" <thinkpad@stderr.org>
Message-ID:
<3b44deabc8c7dd4486670cc193a8c8fd09df897...@nihmlbxcms02.nih.gov>
Content-Type: text/plain; charset="iso-8859-1"
A friend got a root kit infection and wants to be sure a full low
level format is done. EZserv says they think using the recovery
partition does that but don't know for sure. Anyone know?
__________________________
Robert Rosen
Senior IT Technical Advisor
NIAMS - NIH
Sent from wireless handheld
Please consider the environment before printing this email.
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
