COMPLETELY erasing a drive 2

[atmosphere]

Im having tons of problems!!! viruses and corrupted partitions. I want to try completely wiping clean my hard drive, not just a regular format. I heard about low level format but i also heard that its not good for the hard drive. Could you also comment on what a master boot record is should i delete it, and what writing zeros to the hard drive is, should i do it?

 

[SESaskDFC]

Howdy:

If you simply do an fdisk and then format, all will be gone..

Murray

 

[paparazi]

All of the top hard drive manufactures have free hard drive utility tools available FREE from the downloads part of there websites.
All involve downloading and executing to produce a "bootable floppy" that contains the tools you need.
Best use the tools from the manufacturer of drive you have
ie: Maxtor's (maxblast) etc etc.
Set first boot device in the bios to floppy drive (usually is already set like this)
Restart with the bootable floppy in the drive
Follow the instructions
Low level format (write 0's and 1's to HD)
Carry out S.M.A.R.T test, the tool carries out a factory settings check and reports any problems.
Low level formatting can take hours depending on the size of your hard drive
Running these tools can often recover a "hopeless case" infact most manufactures will insist that these tools are used before considering excepting a warranty return.
Martin

Replying helps further our knowledge, without comment leaves us wondering.

 

[doneb]

viruses have set up system partition on your hard drive using old IBM OS2 techbology called Initial Microcode Load
IML. You can low level format until the cows come home and won't wipe this partition out. OS2 fdisk will wipe it out.
Only problem is You probably wont be able to boot with OS2 start disk. viruses wont allow it.
every floppy you have made with this machine will have this virus hidden and every cd you burn will also have it. Virus scan wont detect this because the virus has already disabled your anti virus program.
This partition contains new bios in control of your system.

 

[Grenage]

doneb,

Out of all the posts you have made you always say that it's a virus that has created a partition that.....

What are your reasons for assuming this is the case?

 

[zepper]

The drive zeroing utils you can DL from your drive mfr will wipe everything including IML partitions. But if you want to make sure your data is gone beyond recovery, use Eraser (free DL). But since Eraser works from within Win, you will have to clean the virus, if any, first.
.bh.


He who dares not offend cannot be honest. -- Thomas Paine.

 

[SESaskDFC]

doneb:

You keep referring to a virus in all of your posts giving basically the same answer for all..

Which virus is doing this and what is the basis for your diagnostics??

Murray

 

[feb]

Fdisk then Format should do it.
My understanding of low level format is that it sets out drive parameters, so if you do this make sure its done by a program from your drive manufacturer.

 

[jusycyn]

No fdisk and format sometimes does not do the job. And yes I have seen a virus that does get into the partition. I am posting because I hope this helps someone. I am a technician and have seen this virus many times on many computers. I have never seen any discussion of it. It is never detected by any antivirus software-hence the lack of information about it from the anti-virus folks. They probably don't know how to fix it. It infects all Windows versions whether you have a FAT32 partition or an NTFS partition. It is diagnosed easily. Run fdsik from a Windows 98 startup disk. In Windows 98 you can just type in fdisk at the DOS prompt from within Windows. Press 4 to display the partition information. Compare the number of megabytes that are reported in the drive(s) and the number of total megabytes shown in the text line below that. They must be exactly the same. If you have more than 1 partition the total sum can't be more than 1 megabyte misreported. If it is 2 or more (I've seen as many as 16MB missing) you have the virus. Interestingly in Window XP the missing megabytes are ALWAYS 7MB difference. If you run something that reports 10ths of MBs like Partition Magic you will find that the number is ALWAYS 7.4 MB in Windows XP. One classic and common symptom of this virus is, surprisingly, the modem acts, diagnoses and dials normally but can NEVER connect to your Internet Provider.
I have been 100% successful curing the virus and getting the modem to connect again and fdisk to report correctly by using Patition Magic. It's pretty easy to merge the missing megabytes back into the existing primary partition in Windows 98 and Me. All is cured without formatting and reloading Windows. It is a little trickier to merge the missing megabytes back into the primary NTFS partition in Windows XP. Here you have to mess around with it a bit and wind up resizing the primary partition to encompass the missing megabytes instead. All is then cured without formatting and reloading Windows. Before I discovered I could cure it "on the fly" with Partition Magic I would always delete the partitions and create a new partition and reload Windows. Without Partiton Magic that's what you have to do. That's all you can do to fix it.
I'm not sure I'm buying the story about this virus being in your BIOS though. That seems like a figment of your imagination.
But that's not what I started to write about. I started to write about serious errors on the hard drive that are not cured by deleting the partitions and recreating the partitions and formatting. Sometimes you can't complete the creation of the partition or if you can, then sometimes you can't complete the format--that's when you know you have a problem. These errors can often be cured by writing zeroes to the drive. Then repartition and format and reload. It's a pain because you have to use the zero writing utility specific to each drive manufacturer. But they are free for download from each company.
I'm griping today with a Windows XP computer in my shop that had the missing megabyte virus and then he tried to fix the problem and made a serious hard drive error that I am now trying to write zeroes to his Samsung drive to fix. My gripe for the day is that Samsung has the utility available but I can't download it from their site. But anyway maybe this bitch session will enlighten someone. Lots of people know about curing hard drives with the zeroes but I'd like to hear if anyone else has ever heard of this virus. I'm pretty good with computers but I'm no genius. Am I the only one on the planet that has encountered this and even figured out a way to fix it? Actually come to think of it I can't be. I learned about this virus and the fdisk comparison trick from a Gateway tech. But the only way he knew of to cure it was to repartition and format. The Partition Magic cure was my idea.

 

[Grunt2002]

Hello,

jusycyn : never heard of that. If real - I don't doubt on your word , this tip should be rewarded as deserved.

About virus "bios" set on the hdd : ???
...bios is the exclusive hardware system start software, I give a cookie to anyone showing me a system powering up skipping the post. Now, bios are flashable. One can imagine a very smart virus that flashes the bios in order to insert itself into it. Never heard of that, though. Guess it would be quite a fat virus deploying itself with its own bios library.
Cmos can be customized, too. So I don't see why it would be impossible to boot from a clean w2k install cd for sample, delete every single partition on the infected hdd and format it, re-partition and install.
Should be clean after that.

Grunt

 

[Peahippo]

Let's go over hard disk drive (hdd) organization. This is a good overview of the data:

http://www.billssite.com/tu1611.002.html

It shows the 1st level, called "low-level formatting" (LLF) or "physical formatting". That's done by the manufacturer, and you can probably re-do it yourself with a program written by the mfr or a knowledgable person. LLF has changed over the years; generally, you are able to do less with it than with hdds from the 1990s. For instance, older disks could be re-LLF'd to change the number of sectors used; for instance, if you got a drive with 16 sectors, you could try to LLF it as 8, making larger sectors. But things changed, as physical organiztion became more virtualized (famously, lying to the computer's BIOS to get around size limitations). Nowadays, you'd have to be a greater expert with hdds to understand LLF ... but still there should be place for virii to hide here.

The 2nd level is where the virii trouble starts: "partitioning". All those sectors can be cut up into contiguous chunks called partitions, and which partition you use for which OS is your decision. There are now many types of partitions (here's a list:

http://www.win.tue.nl/~aeb/partitions/partition_types-1.html).

Partitions have nothing whatsoever to with each other except through two linkages: the OS currently running, and the Partition Table (PT). The PT was written to the "first" sector as soon as the first partition of any kind was made. According to this link (

http://www.datarescue.com/laboratory/partition.htm),

the PT contains "executable code" and the "Master Boot Record" (MBR). The MBR is a directory of the partitions on that hdd. So, the trouble is really in that section of executable code. Drive overlays and boot managers try to fit themselves into that tiny space (446 bytes), as well as particularly ambitious virii.

Hence, if you boot from a floppy disk and then wipe out your partitions, I find it hard to believe that a virus is still on the hard disk (in the virulent sense, since the 1s and 0s still exist across the now-unaccounted sectors on the disk platters). Now perhaps I'm not entirely educated in when the PT is written. If LLF writes the PT, then a virus is still in those 446 bytes, and adding a new partition may not overwrite them. If so, then it's true that something must be done about the PT if an infection in it is suspected. But you can use things like Partition Magic to re-write the code in the PT. But you can also do that with simple partition programs, like PART.EXE ... and we don't need to surf the mfr's website for their LLF software.

 

[killerush]

If you want some good info on completely removing any data from a hard drive go to

http://www.eridium.com.au/

for some
easy to follow articles.

cheers

 

[Retired2]

You can DL Killdisk its a freeware/shareware program that write all o's to the hard disk then low-level format drive re-fdisk

 

[MontyW]

Formatting your hard drive DOES NOT remove or erase your data! Are you aware that when you delete a file, format a disk, or partition a hard drive, that your data has not been removed? Did you know there are many programs that can recover your data? By using WipeDrive, you can securely overwrite and remove ALL of your data giving you the peace of mind you deserve.
The program you need is WipeDrive,Formerly know as CleanDrive. If you replace a drive ANYWHERE in your organization your "safe" data is easy pickings with an undelete program and just a little knowledge

http://www.accessdata.com/Product07_Overview.htm?ProductNum=07

Regards.
MontyW

Regards
Montyw