Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worst Viruses in the Wild? MBR Rootkit?


  • Please log in to reply
9 replies to this topic

#1 noeC41p

noeC41p

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 07 June 2011 - 12:34 AM

When I look up information on viruses I usually find myself attempting to put together information from somewhat disparate sources. Being that I am not a computer scientist, or even a "techie," I do find myself asking these questions: What are the worst viruses out there? and how are they most commonly infected into computers?

MBR Rootkits: I have heard these are quite bad, as they hide before some code when the computer boots up. If I am wrong, correct me. Being unemployed allows me to start such discussions, so please, humor me and anyone else who is interested!

Thanks!

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:33 PM

Posted 07 June 2011 - 12:42 AM

You might start by taking a look here: How Malware Spreads - How did I get infected

I know it doesn't answer your initial question of 'worst' viruses. However IMHO, I don't know what your specific criteria for 'worst' is. Such as in psychological damage, financial damage, quantity of machines harvested and turned into spambots? Too many possibilities exist and all are the worst to their respective victims.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 noeC41p

noeC41p
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 07 June 2011 - 01:46 AM

Lol, "psychological damage." I meant worst as in hardest to get rid of. Which viruses get in so deep that the only next step is to light one's computer on fire. I have heard of viruses that can avoid Windows re-installs, something along those lines. Thanks for your response.

#4 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:01:33 PM

Posted 07 June 2011 - 05:03 AM

I have heard of viruses that can avoid Windows re-installs, something along those lines.


I guess that this could apply to the targeted person,with little knowledge? Very rarely happens when a Tech gets involved. Viruses and Malware target the uninformed.


I meant worst as in hardest to get rid of. Which viruses get in so deep that the only next step is to light one's computer on fire.


Very interesting! Some Viruses can actually destroy Hardware in the Computer, but a good Tech can Remove/replace them and get it working again.

Heaps of places to check it out on here, as Animal suggested.

Ray
What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?

#5 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:02:33 PM

Posted 07 June 2011 - 09:12 AM

I think back then the BIOS could be infected by a virus but nowadays the BIOS on the motherboard.

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:33 AM

Posted 10 June 2011 - 05:50 AM

Based a bit on what you use your computer for, the two "worst" types of malware are those that compromise sensitive data and those that corrupt legit files. In both cases the safest course of action is a reformat and reinstall of the Operating System.

Malware destroying hardware or surviving reformats is simply a myth. True, an infected machine will put its hardware under strain, which can shorten the lifespan of components, but it does not intentionally destroy hardware. Claims that malware survived a reformat are usually due to the fact that the system was reinfected after the reinstall (for example by using an infected flash drive or backup). Another possibility is that router settings are hijacked; the computer can be squeaky clean, but when using the internet you will still get redirected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 noeC41p

noeC41p
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 10 June 2011 - 02:01 PM

Thanks Elise! I was really curious about whether or not the reformat evasion was true. The reason I asked was because I just tried to reformat my stepfather's computer buy using Dell's "Data Safe Local Recovery" tool. It uses a partitioned section of the hard disc that has an image of the desktop in its original factory form. I followed the directions and completed the recovery, however, it didn't work. The virus was still there.

So what's up with this disc partition recovery business? Is it as effective as a straight Windows clean install? I ordered some recovery discs from Dell but I haven't tried to run them yet. I'm not sure if the discs will reinstall Windows in the traditional sense--a "clean install"--or just try to use the same Data Safe software? I guess what I'm wondering is if eventually I'm going to just have to buy Windows 7 at the store and install with those discs. Anyway, thanks for your valuable insight and time you spent replying to my posts. Have a great weekend!

#8 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:33 PM

Posted 10 June 2011 - 02:17 PM

Malware destroying hardware or surviving reformats is simply a myth.


Tell that to Stuxnet! :P Although I guess you could say it technically only affected the software that is controlling the hardware, but I'm sure something could be developed to over-clock a CPU or modify fan speeds. It just seems like the malware creators would rather work toward gaining control and gathering information more than anything. As for the recovery partition, I think it was included to simplify the process for reinstalling Windows, containing a base system image with all of the drivers preloaded, but I know it can be infected as well. I have some older OEM CDs that have the same function, but most of the large companies don't ship media anymore in lieu of the partition. Just like Elise stated before, reformat and reinstall is still the safest and cleanest way to go, plus you get to go back to one partition for the operating system and regain your 10gb! (or whatever the average size is now)
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:33 AM

Posted 10 June 2011 - 02:19 PM

It depends on how the drive image is restored (for example, is the MBR rewritten, or is it left alone and are only files/folders restored). This depends also on the application used to create the backup.

AFAIK Dell recovery disks should do the trick, as they allow you to reformat the drive before reinstalling.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:33 AM

Posted 10 June 2011 - 02:36 PM

but I'm sure something could be developed to over-clock a CPU or modify fan speeds.

Yes, but that is only possible if the malware is tuned to a specific piece of hardware. You can't expect malware to have large impact if it targets hardware, because there are so many hardware manufacturers/models.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users