I know that data can still be accessed on a reformatted drive. Can malware/root kits survive a reformat? When I fix a Win box I
1. retrieve the user dada.. using linux
2. run anti-virus scan on the data
3. Wipe the drive with random data
4 reformat
5. Reinstall the OS

I have been told that it's over kill and malware won't run after reformatting. I would think if data can be accessed so could code?

Am I paranoid? Yes my drives are encrypted!

I do the same things that you do. I have also been told that this is overkill. Let me say that IMO there is no such thing as overkill when it comes to security. There is only a limit to what people are willing to do. I use the shred utility on disk partitions. This accomplishes a level of data wiping that is comparable to the data wiping requirements of computers that store military secrets.

Don't listen to people when they say that you are doing more than you have to do when it comes to security. There is no real limit. Do as much as you can stand to do. At some point we all reach an emotional point where we are satisfied. Don't lower that point for yourself based on other people's opinions.

Keep up the good work.

No I'm not stressed about it. I figure security and forensics are a good field for me since I really do not change based what may be popular but on what I think is right. I just couldn't quickly find a definitive answer on wether malware would continue on after a reformat.

Yes there are utilities to recover files from partitions that have been reformatted. Here is one:

http://www.cgsecurity.org/wiki/TestDisk_Download

Thanks thats good to know but the question remains.... can malware affect/run after reformatting

Nope.
Once formatted, there is no way to locate any residual data (including executables) potentially left on the disk using normal means. Means any residual "malware" can't be launched.

Recovery is a different matter.
And of course, malware could use similar techniques to locate the "residual" data - but that would have to be a new malware attack.

If you're reinstalling then you'll likely overwrite the data. Recovering data in this manner isn't like using an undelete program anyway. The disk's sectors are read many many times, over and over again to recover those faint traces. It's very unlikely you wouldn't notice the activity.

If you're sending it to the recycler I'd definitely take extra precautions though. There was a recent article in news about some of those drives showing up on ebay.
http://www.pcworld.com/article/id,12...1/article.html

Thanks for the replies. I really am not worried about the data recovery aspect. Just if it's possible for any code to run after the format. Most of the time the systems I'm working on are returned to the original owner. When a computer gets donated. I just wipe the drive and through a Linux distro on it and give them to needy families. So I always protect the privacy of the original owners.