Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SPINRITE and SATA drives


  • Please log in to reply
2 replies to this topic

#1 gnometorule

gnometorule

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 17 February 2009 - 10:52 AM

In order to safely restore a deeply rootkit infected computer, I wanted to go the route Eraser -> SPINRITE -> OS reinstall. It seems that for IDE drives SPINRITE was considered far and away the best solution in the past.

However, all updates to Steve's web page have stopped in 2006 (forum discussions are active, nothing else). What makes me suspicious is...

('a) He himself posted in 2006 there might be need for a SPINRITE 6.1 to make it fully functional with SATA drives. But it does not seem that project was ever finished (or even started?)

('b) Recent Forum discussions there seem to hover around issues SPINRITE has, or might have?, with correctly dealing with SATA drives. I am by no means a harddrive guru, and advice given there to make it work appear to often involve 'simple twists to the motherboard', which, at this point, I am somewhat uncomfortable doing.

Opinions?
Alternatives? (for my task it matters to have a program to repair harddrives so that any rootkit that might be hiding in a hd broken area would be killed).

Edited by gnometorule, 17 February 2009 - 10:53 AM.


BC AdBot (Login to Remove)

 


#2 fairjoeblue

fairjoeblue

  • Members
  • 1,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:00 PM

Posted 17 February 2009 - 02:54 PM

Since you are going to reinstall the OS why not just use the OS disk to delete the partition & reformat it ?
That will get rid of everything that is on the hard drive.
OCZ StealthXstream 700W,Gigabyte GA-EP45-UD3R , E8500, Arctic Freezer Pro 7, 3GB G.Skill PC8500,Gigabyte Radeon HD 4850 OC [1GB ], Seagate 250GB SATA II X2 in RAID 0, Samsung SATA DVD burner.

#3 gnometorule

gnometorule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 17 February 2009 - 03:25 PM

Simple OS reformat will not touch logically bad sectors. The SMART firmware of modern hds keeps track of those bad sectors (and works, of course, outside the OS), then directs requests around them. So for the purposes of the OS, they are, sort of, invisible. To the best of my knowledge, some rootkits take advantage of this and hide in the logically bad sectors of hds (every hd should have these sectors just by regular use). SPINRITE used to be able to correct these logical flaws and overwrite them, in the process eliminating any rootkits hiding there (as SPINRITE has its own OS that can furthermore be started from a bootable CD/DVD, it would not be affected by the presence of the rootkit).

So a simple OS + reformat using the WINDOWS disc could see you still have rootkits left. You are right, I should not need the Eraser step because of the Symantec reformat, but was wondering if SPINRITE is able to perform as well for SATA drives as it used to for IDE drives, because there are the indications mentioned that it might not.

Edited by gnometorule, 17 February 2009 - 03:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users