Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using DBAN to remove malware


  • Please log in to reply
10 replies to this topic

#1 bolipereira

bolipereira

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 13 October 2016 - 08:05 PM

I have some questions: does wiping my HDD with DBAN delete it's MBR? Will it destroy any sort of possible malware hidden in there? How to know if the MBR has been deleted? 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,983 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 13 October 2016 - 08:23 PM

If you zero out the drive with DBAN then the MBR is deleted and any malware also. Instead of DBAN you may want to look at the bootable version of Partition Wizard. You can burn the iso to disk or create a bootable USB flash drive with Rufus. Wipe the drive.

 

If the computer is OEM and has a recovery partiton doing a factory reset will also delete the existing MBR.



#3 bolipereira

bolipereira
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 14 October 2016 - 10:10 AM

I know I'm being kinda paranoid, but is there a way for me to check my MBR for viruses without any OS installed to the HDD, like through a bootable USB with an anti rootkit software?

#4 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:11:22 AM

Posted 14 October 2016 - 10:19 AM

"...is there a way for me to check my MBR for viruses..."

I took it to mean you're asking about a presently existing MBR.

I think Avast had or still has a small utility that will check MBR; I don't have their exact url for that utility.  I think it's called aswMBR.exe.  I googled and got this:

https://www.google.com/search?q=what+does+aswMBR.exe+do%3F&oq=what+does+aswMBR.exe+do%3F&aqs=chrome..69i57.7155j0j1&sourceid=chrome&ie=UTF-8


Edited by RolandJS, 14 October 2016 - 10:29 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 JohnC_21

JohnC_21

  • Members
  • 23,983 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 14 October 2016 - 10:25 AM

If you wipe the drive then there will be no MBR.



#6 bolipereira

bolipereira
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 14 October 2016 - 10:31 AM

Thanks Roland, but I wanted to know if there is any software that doesn't require an OS to work, one that can boot from a USB Drive

#7 bolipereira

bolipereira
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 14 October 2016 - 10:35 AM

I was going through some topics and I noticed that in some cases the malware persisted even after a DBAN pass, this is why I'm asking. If I download Partition Wizard, will there be an option like "delete MBR"?

#8 JohnC_21

JohnC_21

  • Members
  • 23,983 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 14 October 2016 - 10:45 AM

If you wipe the drive then the MBR does not exist. There will be no Windows malware after a drive wipe as no Windows file system is present.



#9 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:11:22 AM

Posted 14 October 2016 - 04:03 PM

JohnC said it best, and, I do not know if aswMBR.exe can be run from within a WinPE environment [USB or DVD boot].


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:22 PM

Posted 15 October 2016 - 03:20 AM

There are some tools designed for offline MBR checking, but they need knowledge to operate properly. User-friendly antirootkit scanners that check the MBR like MBAR or aswMBR tend to need Windows to run.

#11 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 19 October 2016 - 11:11 PM

Hello,

 

Would you like to explain your situation a little more before you do any drastic measures?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users