Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reformat C drive; Windows 7 machine


  • Please log in to reply
5 replies to this topic

#1 morris4408

morris4408

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 03 April 2014 - 05:32 PM

Machine was compromised by a hack on the house router, it is the last machine in need of a reformat.  Presently running Windows 7 with service pack 1 installed.  Multiple Malware and antivirus programs were run and the machine "appears" to be clean, but due to the nature of the (focused and aggressive) hack I do not trust the indications I am seeing.  

Was advised by IT specialists who cleaned my work asset that the only way to be certain the Windows 7 machine is truly problem free is a reformat of the entire drive.  Looking for a step-by-step walkthrough that will enable me to do this.



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 03 April 2014 - 05:40 PM

I would download the bootable version of Partition Wizard. Burn the iso file using isoburner or if you have a Windows 7 computer, just double click the iso file and let Windows 7 use its own burner. Boot the CD on the infected computer and wipe the drive with zeros. Doing it this way has no chance of infecting another computer by attaching the drive to another computer. You can do zero the disk with the Windows 7 install disk but it is more involved. After the drive is wiped, install Windows 7.



#3 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 03 April 2014 - 06:23 PM

Assuming you will be reinstalling Windows 7...what medium will you be using to do that? Doing a clean install

will reformat the drive.

 

Did you find the malware that compromised the router?

 

Do you need to allow remote access to your computer? If not, you should go into the router and change the settings

to prevent remote administration/ access. While in the settings, check that the firewall is active and set a new strong

password. Very important to get the latest security update for your router.

 

It is possible if your computer is networked with other computers such as your place of business that the entire network

was compromised and not necessarily by malware that originated on your computer.

 

Here is a link to an article I read this morning pertaining to your problem.

Users face serious threat as hackers take aim at routers, embedded devices | PCWorld

 

Copied from article:  ......Many users are often the bigger problem because they don’t even change the default admin password on their devices, leaving the door wide open for attackers.......

..........

For those users who do feel knowledgeable enough to configure their own routers, Eiram advises disabling access to the administration interface from the Internet, as that is usually the most commonly vulnerable feature.

“Ensuring other services are not remotely accessible is also a good idea, since we do see vulnerability reports in those as well,” he said. “The problem here is that it is sometimes not even clear to users that a service is active and listening remotely. Finally, checking for updates regularly is important and usually possible from within the the web-based management interface.”........


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 morris4408

morris4408
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 03 April 2014 - 07:28 PM

 Router was swapped out for a new asset following the hack, passwords altered, in-line firewall added.  Original hack was into a server during server hardening/maintenance.  Large datafiles extraction took place, passwords and logins stored there were then used to access the home business router.  All computers at the house, to include my work laptop were compromised.  Logs of all activity beginning with the server were examined in detail and provided to server management folks for future reference.  I am now left with the last of the cleanup procedures.


Edited by morris4408, 03 April 2014 - 07:28 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:11 PM

Posted 03 April 2014 - 09:07 PM

Okay....if you still have the original hdd in the computer and it came with Windows 7 factory installed, then 

 you can reinstall Windows 7 using Recovery in Control Panel, under Advanced recovery methods. This method reinstalls Windows 7, either from a recovery image provided by your computer manufacturer, or from your original Windows 7 installation files. You need to reinstall all of the programs that you added, and restore all of your files from a backup. For more information, see Choosing an advanced recovery method. Be sure to allow Windows to reformat the entire disk.

 

I'm sure you likely have thought about the possibility that all personal info on the computers has been compromised

including banking, credit cards, saved passwords...especially to sites that save your CC info, PayPal, etc.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:05:11 PM

Posted 04 April 2014 - 10:59 AM

morris4408

 

There are several ways to sanitize a HDD that's been infected with malicious presence.  As JohnC_21 mentioned, Partition Wizard is one method. 

 

DISKPART has a "clean" command which will mark all content for deletion so when you re-install the OS or clone/image, all previous content will be overwritten.

 

There's also a utility in DISKPART which will overwrite the HDD (secure erase).  The "clean all" command will do this, which will write over all sectors and zero them as well. 

 

To boot into the CMD prompt (to use the Clean or Clean All commands outside of the OS), a Windows Install or a System Repair disc is required. 

 

There's also some other freeware out there, such as DBAN ("Darik's Boot & Nuke"), "Killdisk", and others.

 

I would not recommend formatting and re-installing, since in some cases, a malicious presence can survive a format.  There's a post in the "Cryptolocker" thread here where a member formatted and re-installed the OS (Windows 7 or 8 if I recall) and the malicious infection survived the re-install.  The member had to install the OS again but the 2nd time, they deleted the partitions on the infected HDD before installing the OS.  According to the post, that fixed his issue.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users