7
Can we talk about the choice to wipe a drive versus just doing a fresh OS install for a virus-infected machine?
I had to pick between those two options for a client's laptop in Boise last month, and choosing the full wipe saved me 3 hours of chasing weird registry issues that popped up after a simple reinstall.
3 comments
Log in to join the discussion
Log In3 Comments
simon_chen28d ago
Yeah the zero-fill pass is solid advice, though @lilyt90 I think you hit on something important but maybe oversold it a bit. Most rootkits can't actually survive a standard quick format or even a full format unless they're specifically targeting the drive firmware itself, which is pretty rare outside of state-level stuff. What gets me is when people skip the format and just nuke the OS partition - that leaves all those hidden corners like the recovery partition or unallocated space where nasty stuff can linger. I've had two separate cases where a simple reinstall left behind a bootkit in the MBR that took me forever to find, so for me the full wipe is worth the extra time even if it's just peace of mind.
7
susanm222mo ago
That part about chasing weird registry issues is exactly why I wipe. A fresh OS install leaves the old file system in place. Malware can hide in leftover partitions or the recovery sector. A full format destroys those hiding spots. It's the only way to be sure you got everything. The extra time up front saves more time later.
5
lilyt902mo ago
I saw a case last year where ransomware hid in a system restore point after a regular reinstall. @susanm22 is totally right about the recovery sector being a risk. Some of these rootkits can even survive a quick format by writing to the drive's firmware. That's why I always do a full zero-fill pass if I'm dealing with a serious infection, it overwrites every single sector. It takes hours but you sleep better knowing nothing is left.
7