Having done a short DoD wipe of hard drive (Dareks Boot & Nuke),I installed Windows XP on the first half of the drive and again zeroed the other half of drive for installing Debian. Please see attachment of screen shot for command lines input and output.

After doing a grep for non zero characters on the second half of the drive(sda2)I was puzzled to find a grep command line search for non zero characters actually turned some up. I have no idea why they are there or what if anything they mean.

Cheers

Attached Thumbnails

 

So where's the part of hexdump's output that contains nonzero chars?

It helps to understand the limitations of what you are doing.

The DoD wipe left the drive with random data.
DoD Method – the data area is overwritten with 0’s, then 1’s and then once with pseudo-random data. Many tools use variations of this, overwriting as many as seven times, using three alternating passes of 0’s and 1’s and following by one pass of pseudo-random data[1]

Dareks Boot & Nuke does not overwrite hidden sectors[2]. But you used dd to zero the remaining drive.

Note - you can copy and paste CLI to this forum, it is less bandwidth intensive, more permanent, and more useful, than a screenshot. It is one of the reasons that cli is preferred for troubleshooting.

You checked the zeroing by:
I'm guessing that the non-zero bits that worry you are the ones between | and | at the end of the line. That is an artifact of the hexdump(1) command - when you used the -C option, you asked it to output additional characters as part of the formatting.

You don't seem to have shown any other "non-zero bytes" in the posted output.



Refs:

[1] Secure Erase [pdf]
[2] NCJRS Dareks Boot & Nuke Tested [pdf]

Thank you Simon.

My apologies for not answering sooner, attempted to load Windows and then linux on above drive, but have only managed to load Windows XP x 2 before being shot down in flames, once without even getting to the internet part! I have a trojan going on. Know any good trojan hunters for linux? Is zeppoo a genuine trojan hunter program?

PS. A now very EX-friend is gunning my IP address, I use a laptop and believe the network card is on the motherboard. A long story, but he even admitted it after I had found a file he had written that contacted him whenever I went on-line. Can't post it as he was online at the time I found it and it disappeared and the screen jumped. I know he is almost certainly using Java. I have found directories with size 0 bytes but containing non-zero files. Others are size 4096 bytes.

Even if I could organise evidence etc, I doubt it would be successfully prosecuted as he could claim diminished responsibility (cerebral palsy, mental illness).

I suppose I could sell laptop to a big hairy male with violent tendencies!

You are using a lot of jargon I am unfamiliar with.
I am guessing that you suspect you have found some java-based malware on your computer - easy fix: remove the JRE - java won't run. If it is java-script then you are running it in your browser - uninstall the app from your browser. Update the browser. Turn javascript off in the browser.

ClamAV and f-prot are good malware scanners for gnu/linux. We don't normally use them because linux security is normally very good. You usually only run malware as your own user and then only if you deliberately gave it permission to run.

It is possible to do this by accident if you log in as root all the time - never do this.

A clean reinstall will remove all malware.
If the malware is running from within one user - delete the user.

With friends like those, who needs enemies. Note - if he is doing it to you, then he is probably doing it to others. With diminished capacity, most jurisdictions will at least ban him from computers.

Note: You can restrict access to your laptop by minimising the services that you run and by configuring iptables to close all unused ports. Run a firewall.