[gnometorule]

In order to safely restore a deeply rootkit infected computer, I wanted to go the route Eraser -> SPINRITE -> OS reinstall. It seems that for IDE drives SPINRITE was considered far and away the best solution in the past.

However, all updates to Steve's web page have stopped in 2006 (forum discussions are active, nothing else). What makes me suspicious is...

('a) He himself posted in 2006 there might be need for a SPINRITE 6.1 to make it fully functional with SATA drives. But it does not seem that project was ever finished (or even started?)

('b) Recent Forum discussions there seem to hover around issues SPINRITE has, or might have?, with correctly dealing with SATA drives. I am by no means a harddrive guru, and advice given there to make it work appear to often involve 'simple twists to the motherboard', which, at this point, I am somewhat uncomfortable doing.

Opinions?
Alternatives? (for my task it matters to have a program to repair harddrives so that any rootkit that might be hiding in a hd broken area would be killed).

[Advertisements]

Spinrite is probably overkill anyway. If you're keeping the hard drive just wiping it from the XP CD will be all you need. You don't need anything else.
SATA support is realistically more dependent on the hardware and chipset of the computer in question than anything else.

[Neil Jones]

Spinrite is probably overkill anyway. If you're keeping the hard drive just wiping it from the XP CD will be all you need. You don't need anything else.
SATA support is realistically more dependent on the hardware and chipset of the computer in question than anything else.

[gnometorule]

Thanks for chipping in. You're probably right. Reason I wanted to use Spinrite is so that logical flaws in the drive get corrected as, from all I've heard, there are rootkits that could theoretically hid in there. And Spinrite is the only program that I know that can correct and so kill logical flaws on a hd. But probably your typical rootkit isn't that sophisticated.

[Neil Jones]

The best solution to suspected rootkits, if that's what you feel you've got, is to wipe the machine, or scan it from a second machine.
They typically hide themselves by exploiting system security protocols in the operating system, which of course is not possible on a second machine and therefore wiping it would destroy everything.
Even sophisticated rootkits need an environment to run in, without that they're simply taking up space on a disk. These days pretty much every computer is online so the chances of spreading are much greater.

[PedroDaGR8]

I am unsure what you mean by logic flaws, but if you just want to fully wipe every bit on the drive. Try Darik's Boot and Nuke.
http://www.dban.org/

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

The development and support of the DBAN software project is funded in part by GEEP International. GEEP is the largest, the most efficient, and the most environmentally conscientious consumer electronics recycling company in North America.

WARNING, ONLY HAVE THE DRIVE YOU WANT TO WIPE AND THE CD-ROM PLUGGED IN. This means NO THUMBDRIVES, FLASH CARDS, SD CARDS and so on.

This program will erase any and all drives attached to the computer.

Edited by PedroDaGR8, 21 February 2009 - 12:17 AM.

[gnometorule]

Thanks for chipping in. I don't mean to beat this topic to death (it probably interests few enough people)...but here it goes.

Eraser/DBaN are pretty much the same thing - at least in practice. I haven't looked into how they are linked, but if you ask Eraser to create a boot disk, you will, in fact, create a DBaN disk. As you know, external DBaN boot will safely erase your hd. Where I'm not sure (I intend to post the question on the DBaN sourceforge forum) is if DBaN also erases bad sectors (that's what I meant by logical flaws)...

http://en.wikipedia....wiki/Bad_sector

In the past, it did not, and running Spinrite after Eraser/DBaN took care of also correcting and so erasing bad sectors. This is probably way overshooting, but rootkits could technically hide in these bad sectors if they don't get overwritten as the OS is blind to them; and the hd firmware just notes their location, then directs everything around them. Just to close this, I'll add if and after I hear back from sourceforge if DBaN also corrects bad sectors.

[PedroDaGR8]

Nah they couldn't hide there as to the HD those sectors if flagged as bad are non accessible by the OS. Unless the HD firmware has been compromised, I can't see that being an issue.

[Neil Jones]

Bad sectors come about because the drive is out of spare sectors for reallocation purposes.
Modern drives have spare blocks available that can be used for re-allocation of bad sectors, but they only start showing up in Scandisk logs and what not when this spare capacity is full and there's nothing left to reallocate. Usually by this time the hard drive's showing signs of mechanical failure anyway and no software program will fix that.

SpinRite and other solutions are, at best, a temporary solution. They will not solve mechanical issues, they will not revive dying hard drives and "erasing" bad sectors effectively marks them as good again until proven otherwise.

Edited by Neil Jones, 25 February 2009 - 06:34 PM.