From: ~BD~ on
David H. Lipman wrote:
> From: "David H. Lipman"<DLipman~nospam~@Verizon.Net>
>
> | From: "~BD~"<BoaterDave(a)hot.mail.co.uk>
>
> | FUD post !
>
> | There is NO malware that infects are resides within the; BIOS, Motherboard or
> | Video-card
> | EEPROM.
>
>
> That should have been...
> "...that infects or resides within..."
>
>
>
So now we are in a situation where someone (drdos) has posted
information on a well known technical forum saying one thing ....... and
Mr David H Lipman (whoever he may *really* be!) making a post on Usenet
groups claiming that the original poster is wrong.

Take a step outside the box, David.

How could anyone simply 'visiting' these groups have any notion of who
is actually telling the truth?

I am /inclined/ to believe what *you* say - but there is no supporting
evidence to that effect - is there?

Is it reasonable for readers to accept that, as you have made no
disparaging comment to the contrary, that "Most wiping, erasing,
formatting, and partitioning tools will not overwrite logical bad
sectors on the Disk, leaving the Rootkits and their accompanying payload
of malware behind and still active."?

If so, what action would one recommend one takes before reinstalling an
operating system on a previously used disk - Darik's Boot and Nuke?
http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094_4-10151762.html

Or, maybe FDISK will do? http://support.microsoft.com/kb/255867

Or does one simply assume that one's disk is Rootkit free and simply use
a Windows set-up disk and the in-built formatting facility?

--
Dave
From: Dustin Cook on
~BD~ <BoaterDave(a)hot.mail.co.uk> wrote in
news:7ridndLhg8MJXkfWnZ2dnUVZ8rqdnZ2d(a)bt.com:

> David H. Lipman wrote:
>> From: "David H. Lipman"<DLipman~nospam~@Verizon.Net>
>>
>> | From: "~BD~"<BoaterDave(a)hot.mail.co.uk>
>>
>> | FUD post !
>>
>> | There is NO malware that infects are resides within the; BIOS,
>> | Motherboard or Video-card
>> | EEPROM.
>>
>>
>> That should have been...
>> "...that infects or resides within..."
>>
>>
>>
> So now we are in a situation where someone (drdos) has posted
> information on a well known technical forum saying one thing .......
> and Mr David H Lipman (whoever he may *really* be!) making a post on
> Usenet groups claiming that the original poster is wrong.

If the article claims an infection in the bios or eeprom vs corruption;
then the article is indeed, wrong. BD.

> Take a step outside the box, David.

Google bios and eeproms David. You might find it somewhat enlightening.

> How could anyone simply 'visiting' these groups have any notion of who
> is actually telling the truth?

By doing their own research into the matter?

> I am /inclined/ to believe what *you* say - but there is no supporting
> evidence to that effect - is there?

See above. Google really is your friend.

> Is it reasonable for readers to accept that, as you have made no
> disparaging comment to the contrary, that "Most wiping, erasing,
> formatting, and partitioning tools will not overwrite logical bad
> sectors on the Disk, leaving the Rootkits and their accompanying
> payload of malware behind and still active."?

behind, possibly; active.. no.

> If so, what action would one recommend one takes before reinstalling
> an operating system on a previously used disk - Darik's Boot and Nuke?
> http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094
> _4-10151762.html

If it does sector overwrites (and I believe it can be configured to do
so) yes.

> Or, maybe FDISK will do? http://support.microsoft.com/kb/255867

FDISK is a partitioning tool. it doesn't address sectors marked as bad.

> Or does one simply assume that one's disk is Rootkit free and simply
> use a Windows set-up disk and the in-built formatting facility?

If the system disc is clean and initializes the bootsector with clean
code, bye bye rootkit. Assuming it was an MBR based one.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

From: David H. Lipman on
From: "~BD~" <BoaterDave(a)hot.mail.co.uk>


| So now we are in a situation where someone (drdos) has posted
| information on a well known technical forum saying one thing ....... and
| Mr David H Lipman (whoever he may *really* be!) making a post on Usenet
| groups claiming that the original poster is wrong.

| Take a step outside the box, David.

| How could anyone simply 'visiting' these groups have any notion of who
| is actually telling the truth?

| I am /inclined/ to believe what *you* say - but there is no supporting
| evidence to that effect - is there?

| Is it reasonable for readers to accept that, as you have made no
| disparaging comment to the contrary, that "Most wiping, erasing,
| formatting, and partitioning tools will not overwrite logical bad
| sectors on the Disk, leaving the Rootkits and their accompanying payload
| of malware behind and still active."?

| If so, what action would one recommend one takes before reinstalling an
| operating system on a previously used disk - Darik's Boot and Nuke?
| http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094_4-10151762.html

| Or, maybe FDISK will do? http://support.microsoft.com/kb/255867

| Or does one simply assume that one's disk is Rootkit free and simply use
| a Windows set-up disk and the in-built formatting facility?

| --
| Dave

Show us *any* malware in the wild that; infects or resides within the; BIOS, Motherboard
or Video-card.
**And I do not mean some engineer in lab environment who found he could introduce malware
into the BIOS, Motherboard or Video-card.

There is not taking a step outside the box. This is the reality.
There is NO malware that infects or resides within the; BIOS, Motherboard or Video-card.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: FromTheRafters on
"~BD~" <BoaterDave(a)hot.mail.co.uk> wrote in message
news:RbSdnY3dLah7CUfWnZ2dnUVZ8nSdnZ2d(a)bt.com...
> FromTheRafters wrote:
>
>>
>> Maybe, but I believe he is not stupid
>
> That's good to know! :)
>
>> - just annoying as all hell. :oD
>
> Name two things which I do which you find annoying - if necessary,
> please explain why so. I *may* change what I do!

1) Introducing your personal vendetta against PF whenever it suits you.
2) Needlessly crossposting your posts, even when from within another's
thread and transplanting posts from other places and posting off topic
and getting too obsessed with having other people's personal information
and practically *demanding* that others assuage any personal "hinky
feeling" you may have and ... well ... that's enough for number two.

> Now .......
>
> Here's an item for you to get your teeth into, FTR!
>
> It's an extract from a thread I once started here:-
>
> http://forum.kaspersky.com/index.php?showtopic=50275&st=40
>
> (this is post No 46)

> Performing a standard Disk Format and Reinstall of the Operating
> System
> will render common infections incompatible,

Incompatible with what?

> but not all Rootkits and its accompanying payload of malware.....

???

Had this person posted here, there would have been opposing viewpoints
voiced, I haven't visited that forum, so I don't know what went on
there.

> Rootkits work from outside the Operating System

There are user mode and kernel mode rootkits - how is that considered
"outside" the OS?

I might agree with *some* rootkits work from outside the OS (VM or
hypervisor based perhaps?)

> and can hide in Bad Sectors of the Hard Disk thus have places to hide
> on the Hard Disk that are essentially outside the Operating Systems
> environment, untouchable by it, yet still at hand.

There are many places to hide stuff, that doesn't mean it is code that
can be invoked or otherwise executed.

> Most wiping, erasing, formatting, and partitioning tools will not
> overwrite logical bad sectors on the Disk, leaving the Rootkits and
> their accompanying payload of malware behind and still active.

Usually, such tactics render the malware "headless" and as such it is
not *active*.

[...]

> Rootkits reside in the Root of things, thus the name 'Root' that
> service as an protective container for the accompanying payload of
> malware, or on the bright side, the accompanying payload of Software
> Code with productive, safe intentions, together they are a
> 'KIT'.....thus the name 'ROOTKIT'.....and Rootkits are not a joke.

Rootkit's used to be a collection of programs that an attacker could use
to replace tools with trojanized versions - once having obtained root
privileges. Now they are mostly just filter drivers to filter out
information that is being made available to such tools.

> Once the Computer is compromised by an Rootkit with its accompanying
> payload of malware, all files in the System can not be trusted and are
> likely infected.....

Why infect programs when you can install malware in a stealthed
(filtered) condition?

When you have the system as host, there is little reason to also use a
program to host code.

[...]

> Rootkits can also hide in the Firmware of Hardware Components, in the
> BIOS, Motherboard, Video-card EEPROM or Alternate Data Streams.....

There is room for "bad code" in those places. There may even be enough
room for enough code to actually function as a starting point for the
implementation of a rootkit (or other malicious functions). Having
*only* a starting point is not enough to qualify it as a rootkit.

> Rootkits hide their processes, files, and folders by using
> sophisticated hooking and filtering techniques. As a result,
> traditional methods of viewing the system state typically return no
> indication of foul play.....the Rootkit makes sure of that.

A rootkit might also cease doing the cloaking if it detects that a
rootkit detector is executing.

[...]

> *************
>
> I'd be most interested to discuss these comments of drdos further -
> you will note that the thread was closed by the moderator shortly
> after we reached this stage!

I'll just accept that as a fact, no need to go there.

> In particular, do you agree that "Rootkits can also hide in the
> Firmware of Hardware Components, in the BIOS, Motherboard, Video-card
> EEPROM or Alternate Data Streams....." ?

I'll agree that subversive code could hide in there, but that's a long
way from saying a rootkit or virus could launch from there.

[...]


From: ~BD~ on
Dustin Cook wrote:
>
> If the article claims an infection in the bios or eeprom vs corruption;
> then the article is indeed, wrong. BD.

Thank you, Dustin.

>> Take a step outside the box, David.
>
> Google bios and eeproms David. You might find it somewhat enlightening.

I've done much research!

>> How could anyone simply 'visiting' these groups have any notion of who
>> is actually telling the truth?
>
> By doing their own research into the matter?

On Usenet there is absolutely no way of telling who is telling the truth
AFAICT. I know much about you and, in spite of what you may think I
thought (!) I'm quite sure that you a real young man with a mom and a
family.

I know absolutely *nothing* about David H. Lipman, save for the fact
that he thinks he is God's gift to Usenet and is a contributor at
Malwarebytes forums. His English is poor and he has little understanding
of human nature.

>> I am /inclined/ to believe what *you* say - but there is no supporting
>> evidence to that effect - is there?
>
> See above. Google really is your friend.

I find nothing about the personal/professional life of Mr Lipman.

Quote:

1. The "False Authority Syndrome"

Don't believe everything. Some people talk or write about viruses as if
they were an authority in this field, but in fact they are often not.

Ref: http://www.claymania.com/info-fas.html


>> Is it reasonable for readers to accept that, as you have made no
>> disparaging comment to the contrary, that "Most wiping, erasing,
>> formatting, and partitioning tools will not overwrite logical bad
>> sectors on the Disk, leaving the Rootkits and their accompanying
>> payload of malware behind and still active."?
>
> behind, possibly; active.. no.

OK - possible to be reactivated once back on-line?

>> If so, what action would one recommend one takes before reinstalling
>> an operating system on a previously used disk - Darik's Boot and Nuke?
>> http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094
>> _4-10151762.html
>
> If it does sector overwrites (and I believe it can be configured to do
> so) yes.

That was my understanding. Thanks.


>> Or, maybe FDISK will do? http://support.microsoft.com/kb/255867
>
> FDISK is a partitioning tool. it doesn't address sectors marked as bad.

At that link it says - quote:-

"When you run the fdisk command to create, delete, or change a
partition, all of the data on that partition is permanently deleted".

I've always understood that to mean that any malware would be destroyed
too!

>> Or does one simply assume that one's disk is Rootkit free and simply
>> use a Windows set-up disk and the in-built formatting facility?
>
> If the system disc is clean

How can one be sure that it *is* clean?!!!

> and initializes the bootsector with clean
> code, bye bye rootkit. Assuming it was an MBR based one.

That is my understanding too. My niggling concern has always been that
malware (call it what you will) might remain 'somewhere' within a box
ready to continue with it's malicious activity even though it's been
flattened and windows reinstalled (or even if a *new* hard disk has been
installed!).

I suspect such thoughts came about from my contact and discussion with
our then High Tech Crime Unit - who recommended that I *destroy/trash*
the machine involved in my identity theft encounter. The implication was
that there is much more going on 'behind the scenes'- things that the
authorities do not want the public to know about!

As I'm sure you have gathered, I prefer honesty and openness! :)

--
Dave