When viruses attack!!!


7 posts
by Ennio » Mon Feb 27, 2012 9:09 pm
Hi everybody!

I've got a 500gb external hard disk infected by a boot.mebroot virus, I've tried to take it off with norton power eraser and now I've got two boot.mebroot viruses!!! I've also tried to format the whole thing but they didn't go away.

My question is: can I put that hard disk in a linux pc (in this case the rasPi)? will it cancel the virus or not reading it at all?
Posts: 9
Joined: Mon Feb 20, 2012 5:15 pm
by robleady » Mon Feb 27, 2012 11:03 pm
Hi,

You'll probably have to do a low level format to get rid of mebroot, as it infects the Master Boot Record.

If there's nothing you want to keep on the disk, best thing would probably be to wipe it with DBAN - http://www.dban.org

Whilst the virus code almost certainly won't run on the R-Pi, connecting the disk up to a Linux PC won't magically make the virus go away...

Hope this helps,

Rob
Posts: 34
Joined: Thu Jan 12, 2012 10:24 pm
by bnolsen » Mon Feb 27, 2012 11:51 pm
The worst (and probably only damaging) virus you could get on the 'pi would be one that blows the overvolting fuse.
Posts: 75
Joined: Sat Aug 13, 2011 5:37 pm
by mobeyduck » Tue Feb 28, 2012 9:49 am
you can get antivirus boot cds from almost any antivirus software developer if you boot from that cd it will try to erase every virus on the scanned disk
Posts: 173
Joined: Tue Nov 29, 2011 6:39 pm
by RaTTuS » Tue Feb 28, 2012 10:31 am
get a liveCD linux see for e.g. ubuntu

then poke at the MBR

then you will be fine
http://www.catb.org/esr/faqs/smart-questions.html <- ask smart Questions
"That's not right, the badgers have moved the goalposts."
1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX - Prosliver FTW
User avatar
Posts: 5566
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
by Ennio » Tue Feb 28, 2012 4:34 pm
thanks everybody for the answers, I'll try the dban thing
Posts: 9
Joined: Mon Feb 20, 2012 5:15 pm
by Rykaro » Wed Mar 06, 2013 6:10 pm
Bit late in responding but...

If it's a SATA disk manufactured after 2001 then it will have a built in command set that will erase the disk. This includes areas of the disk that DBAN is unable to write to such as special areas that manufacturers use to store system rebuild information. Have a look at Secure Erase from the Center for Magnetic Recording Research (CMRR) which is one such utility that can execute the command to erase the disk.
Posts: 1
Joined: Wed Mar 06, 2013 6:00 pm