Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to completely reformat the hard drive - including hidden partitions


  • Please log in to reply
13 replies to this topic

#1 RootNoot

RootNoot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 PM

Posted 06 August 2018 - 03:31 PM

I know there are a lot of ways to look up how to do this, but I have genuinely tried and failed twice now, so I could really benefit from some pro tips.

 

1. First the speccs:

 

I'm using this Acer laptop 

 

https://www.amazon.com/Acer-VN7-592G-71ZL-15-6-inch-Notebook-Windows/dp/B015XBKY6U/ref=sr_1_4?ie=UTF8&qid=1533584833&sr=8-4&keywords=acer+aspire+nitro+black+edition

 

with the 64-bit Windows 10 Home os, version 1803, build 17134.165

 

Toshiba MQ01ABD100 drive

 

 

2. The context:

 

So my trouble started when I got some kind of remote access trojan a few months ago. I had started noticing random wifi networks popping up all the time and by the time I realized what it was, it was way too late and my system was completely infected. I managed to get the situation under control by disconnecting from the internet and running a full system boot scan with avast and then just deleting pretty much everything on my hard drive. I decided that the only way to make sure the malware was taken care of was to do a complete reformat of my hard drives and reinstall windows without keeping or transferring any of my old data (note: I know this sounds like it should be in the malware forums, but I'm not concerned with removing a specific malware, I'm wanting to completely reformat the drive, so I thought it went better in the disk management topic).

 

My main concern is that, even when reinstalling an operating system, a lot of malware programs have rootkits, and since avast had found malware in its boot scan, this is very likely the case for me. So I looked into how to completely wipe my hard drive, and everyone recommends DBAN above all others, so I threw it on a usb and ran it (after having to revert to version 2.2.8 because they've broken the newest version since coming out with their paid options).

 

So I ran DBAN and this is where I really messed up because I forgot to plug in the power chord and the computer died while it was performing the dodshort wipe. I know this can often brick hard drives, but luckily I was able to plug in my windows 10 installation usb with no problems and run windows. I thought I may have gotten lucky but looked into it more and it turns out DBAN is no longer as thorough or secure as it was according to this techlogon article:

 

https://techlogon.com/2012/07/07/securely-erase-a-hard-drive-dban-may-not-be-sufficient/

 

So if I wanted to completely wipe the drive, including all hidden partitions, I needed to use this Secure Erase feature to do so. So I bought Parted Magic, booted it into my ram and ran the Secure Erase program with the enhanced overwrite enabled. This time I made sure to plug in the power cable and the wipe completed. I reinstalled windows again and thought that was the end of it.

 

But then I started setting everything up, and for one, I noticed the same random wifis that were from the remote access trojan still appearing, and for another I installed Bulk Crap Uninstaller to remove bloatware and found that a huge number of my programs were apparently installed before I completely wiped my hard drive (screenshot attached). If I wiped my hard drive on 8/5/2018, how could most of these programs have been installed on 4/11/2018 with a few going as far back as 2016 when I first bought this laptop? That, and when I reinstalled windows 10, it didn't need me to provide my product key, so it must have found it somewhere on the drive to automatically activate.

 

This seems to prove that some hidden or reserved partitions must not have been wiped with Parted Magic's secure erase feature, and with the malware I was dealing with I seriously want to just completely wipe the damn thing and start over.

 

 

3. The problem

 

So overall, my problem is that I don't know how to wipe absolutely everything on my drive and completely start fresh. How can I securely wipe every single partition, including hidden and reserved sections, to make sure that I'm really dealing with a clean, uninfected laptop?

 

 

Thanks for your time,

 

RootNoot


Edited by RootNoot, 06 August 2018 - 04:12 PM.


BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:48 PM

Posted 06 August 2018 - 04:29 PM

This will remove all data back to factory clean.

 

https://www.lifewire.com/use-the-format-command-to-write-zeros-to-a-hard-drive-2626162


Honesty & Integrity Above All!


#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,166 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:48 PM

Posted 06 August 2018 - 05:09 PM

Another option is if you know someone (colleges often have them, as do certain big businesses) with a magnetic degausser that is used to wipe drives you can have yours degaussed before doing a full format, because after degaussing the drive has absolutely no formatting of any kind and needs to be configured from scratch.

 

Also, see my post regarding Doing a Completely Clean Install of Windows 10.  Step 5 will wipe your drive as far as existing partitions go from an existence and accessibility perspective.  It is not a write obliterate but it essentially "unformats" the disk such that all existing data on it is not accessible anymore and then you are reformatting the drive for use again.  The old data is there, but as nothing but a sea of dead zeros and ones.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#4 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:48 PM

Posted 06 August 2018 - 08:17 PM

Degaussing a hard drive can basically destroy it by removing the factory start up files!


Edited by OldPhil, 06 August 2018 - 08:22 PM.

Honesty & Integrity Above All!


#5 RolandJS

RolandJS

  • Members
  • 4,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:48 PM

Posted 08 August 2018 - 10:21 AM

DoD format or a simple One-pass-Zero-fill, from a USB or DVD boot, should be enough.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:48 PM

Posted 08 August 2018 - 11:49 AM

Spoke with a friend at Stony Brook U, they only use the degausser to destroy sensitive materials on drives they are discarding.


Honesty & Integrity Above All!


#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,166 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:48 PM

Posted 08 August 2018 - 12:00 PM

Spoke with a friend at Stony Brook U, they only use the degausser to destroy sensitive materials on drives they are discarding.

 

Which is the general practice.  If what you said earlier is correct then one would not want to degauss a drive one intended to reuse.  It's in the long mists of memory, but I thought I had recalled someone I knew reusing degaussed drives that were going to be discarded after they had been degaussed.  I could be entirely mistaken, though, and the effort required to find that equipment to begin with makes virtually any of the other alternatives discussed far preferable anyway.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#8 Rocky Bennett

Rocky Bennett

  • Members
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:08:48 PM

Posted 08 August 2018 - 05:29 PM

If this were me I would just use a live Linux USB and use Gparted and delete all partitions and then reformat the drive. I would do this in different steps to ensure the data is corrupted, although it will not delete the data per say.


594965_zpsp5exvyzm.png


#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,166 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:48 PM

Posted 08 August 2018 - 09:46 PM

If this were me I would just use a live Linux USB and use Gparted and delete all partitions and then reformat the drive. I would do this in different steps to ensure the data is corrupted, although it will not delete the data per say.

 

You say potato, I say po-tah-to.  This is just another twist on :

 

----------------------

5. Boot your system from the USB flash drive. [Since I don’t know what UEFI or BIOS you’re using it’s up to you to find out how to change the boot device order on your machine to put the USB drive first in the boot order].  When you get to the screen that asks for language,  press Shift + F10 (or the Context Menu key if your keyboard has it) to open a Command Prompt or PowerShell (it doesn't matter which comes up). Type the following commands:

                               diskpart   (you will most likely get a UAC dialog, to which you should, of course, respond "Yes")

                               list disk

select disk X    Where X is the disk number on which you wish to install Windows 10.      This is usually 0.  Make sure you have the correct number as the next step will

     wipe the disk of all partitions.

                                clean                 Purges the disk of all existing partitions

convert gpt     Initializes the disk as GPT required for booting on a UEFI motherboard.   If you get an error ignore it.  If and only if you know you have a legacy system that

  uses BIOS, use convert mbr instead of convert gpt.

                               exit (to close diskpart)

                               exit (to close Command Prompt/PowerShell)

----------------------

 

 

. . . and I agree that either method creates a dead sea of functionally inaccessible data.  Those blocks are all considered to be free and will be pulled up and written over as events dictate over time.  They won't be read otherwise.

 

The actual content of blocks marked as unallocated and free for use/reuse is of no concern, even if it were to have been something evil, as its fate is to be overwritten when next touched.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#10 Rocky Bennett

Rocky Bennett

  • Members
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:08:48 PM

Posted 09 August 2018 - 05:36 AM

Brian, I understand what you are saying but your advice requires a lot of commands using the command line. My suggestion uses Gparted which is a GUI based app.

 

https://gparted.org/

 

With Gparted on a live USB stick, a person can achieve everything that you advised except they can do it graphically with out using any commands. Many people are put off by using the command line and entering different commands, so GParted offers a very simple way to accomplish everything without any fuss.

 

There is even a new GParted live that does not require the use of a Linux OS to use. Just put GParted live on a USB stick and you can do all kinds of things with a computer. No computer toolbox is complete without a GParted live USB stick.

 

https://gparted.org/livecd.php


594965_zpsp5exvyzm.png


#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,166 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:48 PM

Posted 09 August 2018 - 06:52 AM

Rocky,

 

         First, I want to make clear that my prior comment was not meant as a criticism.  It really was pointing out that it was just the use of "another road to reach the same destination."

 

         It absolutely never hurts to have another arrow in your proverbial quiver.

 

         And while I absolutely agree with you as well regarding the fear many people have of the command line, my sense of the OP is that he or she is not among that group and since a Win10 reinstall was in the offing, anyway, why not just make the drive partition wipe a step during it?

 

         Anyone reading this thread now knows about a number of good options for both literally cleansing (overwriting) a drive or just "quick formatting" it such that it acts as though it's never been used before.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#12 RootNoot

RootNoot
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 PM

Posted 12 August 2018 - 12:17 AM

Thank you all for the help. I used the clean reinstall steps to reformat it as I installed it, but I do also have parted magic, which has gparted on it, so I could have gone that route too haha.

 

My problem with trying to make sure that the remote access trojan was not on any hidden partitions is now solved, but unfortunately, it still keeps recreating itself once I connect my computer to the internet again, so I'm going to have to make a long thread about how to diagnose and remove this rootkit/bootkit that could be in my router or maybe in firmware, idk. Wish me luck, I guess



#13 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:48 PM

Posted 12 August 2018 - 12:57 AM

GMER is still on this site. Anti rootkit category. Scans everything including MBR. TURN OFF ALL YOUR SECURITY PROGRAMS BEFORE RUNNING IT. Search here for Windows Anti Rootkit Downloads. Ther is bunch of them.
Long ago there were instructions here what settings to use in GMER.

#14 JohnC_21

JohnC_21

  • Members
  • 24,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 PM

Posted 12 August 2018 - 10:58 AM

I would start a thread in the BC malware removal forum after reading the pinned posts on what logs to attach. Flashing to the lastest firmware would remove any rootkit if in firmware.


Edited by JohnC_21, 12 August 2018 - 11:02 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users