LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 04-27-2011, 10:34 PM   #1
popaabert
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Rep: Reputation: 0
I have VIRUS in MBR, as a result of windows. All my computers are now UBUNTU 10.10


How to wipe this hard drive clean like new, formated #4 linux when finished.W/D 500 GB
 
Old 04-27-2011, 10:40 PM   #2
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,109

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
If it's an MBR virus, you might not have to reinstall the OS.

First, try booting to a live CD and formatting the MBR.

http://www.linuxquestions.org/questi...-query-606489/

Then, if necessary, repair grub:

https://help.ubuntu.com/community/Re...tallingWindows

If you still have to reinstall, the MBR will now be clean.

Last edited by frankbell; 04-27-2011 at 10:42 PM.
 
1 members found this post helpful.
Old 04-27-2011, 10:42 PM   #3
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,299

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
Just boot to a LiveCD and use gparted to format the drive.

If that sounds too tough just install Ubuntu using the whole disk option.

I would format the drive ahead of installation myself. An install with a / partition, a /home partition and then your small /swap is, in my view, a lot better than installing on just a / (root0 partition.

I have never heard of virus on the MBR and can't imagine why anyone would write one, not that I am an expert on virus'.
 
Old 04-27-2011, 11:40 PM   #4
Telengard
Member
 
Registered: Apr 2007
Location: USA
Distribution: Kubuntu 8.04
Posts: 579
Blog Entries: 8

Rep: Reputation: 147Reputation: 147
Quote:
Originally Posted by widget View Post
I have never heard of virus on the MBR and can't imagine why anyone would write one, not that I am an expert on virus'.
Because the MBR is accessed very early in the boot process. Virus code stored in the MBR can pwn the computer before Windows even starts loading.

http://technet.microsoft.com/en-us/l.../cc977223.aspx

or if you prefer not to access a Microsoft domain

http://google.com/search?q=mbr+virus

BTW papaabert, Please consider making two copies of your important files on different media before wiping the hard disk. Nothing sucks more than losing all your data because of a lousy virus

Last edited by Telengard; 04-27-2011 at 11:46 PM.
 
Old 04-28-2011, 02:20 AM   #5
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,299

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
Quote:
Originally Posted by Telengard View Post
Because the MBR is accessed very early in the boot process. Virus code stored in the MBR can pwn the computer before Windows even starts loading.

http://technet.microsoft.com/en-us/l.../cc977223.aspx

or if you prefer not to access a Microsoft domain

http://google.com/search?q=mbr+virus

BTW papaabert, Please consider making two copies of your important files on different media before wiping the hard disk. Nothing sucks more than losing all your data because of a lousy virus
Thanks a bunch. Never would have dreamed. Learn something new all the time.

Think that would have a hard time on a Linux box unless you had auto login as root.

I do not mind going to MS sites, the Dreaded Mother in Law has a MS box that I try to keep up. It will get infected one of these days as she will not have much security on the bugger. I do have it booting with grub from an install of Ubuntu 8.04 (have to change that one of these days) that I have all her stuff backed up on.

That is in her house. You guys would be welcome if you are passing through these parts but any device using an MS OS will not come in this house. You can leave them across the street at her house.

EDIT;
Just read that link. It seems to indicate just destruction of the OS. Seems like there are more opportunitiesthere than that. That is also about MS 2000 so I suppose the virus' are better now. I quit with Win98. I still think that was the cream of their crop.

MS Dos with DosShell was my favorite of the MS stable. Amazing the work you can do with floppies and a 64 bit computer.

Last edited by widget; 04-28-2011 at 02:28 AM.
 
Old 04-28-2011, 02:42 AM   #6
Telengard
Member
 
Registered: Apr 2007
Location: USA
Distribution: Kubuntu 8.04
Posts: 579
Blog Entries: 8

Rep: Reputation: 147Reputation: 147
Quote:
Originally Posted by widget View Post
Think that would have a hard time on a Linux box unless you had auto login as root.
Maybe not so hard a time as you may think. A virus which is loaded into memory with the MBR can take control of the boot process and insert itself anywhere it likes. If such a virus were designed to self-replicate within a Linux environment it could do so as root. I don't claim to have proof of concept for this, but it is conceivable and may already have been done.

Quote:
I do not mind going to MS sites
It's just that some people here seem to have extreme reactions to the mere mention of anything about Microsoft. I don't want to be responsible for inadvertently inviting flames here. That article seemed relevant to OP's situation because he specified the Windows connection, and because the article itself is pretty lucid.

Quote:
That is also about MS 2000 so I suppose the virus' are better now.
The MBR vector is open for all modern operating systems AFAIK.
 
Old 04-28-2011, 12:04 PM   #7
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,299

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
I wonder why that vector for attack is not used more often. Seems kind of slick in a very sick way.
 
Old 04-28-2011, 10:28 PM   #8
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,109

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
One thing the bad guys take into account is how easy it is to accomplish their purpose.

MBR viruses used to be extremely common 15 or 20 years ago, when the purpose of viruses was primarly vandalism, as opposed to stealing information and setting up botnets.

They were spread easily through the boot sectors of floppy disks, since a lot of data was transferred via sneakernet.

MS Word macro viruses were also popular back in those days as MS Word beat out Word Perfect by virtue of the Microsoft Marketing Mauling Machine. Then, with the increase in personal email and the www, came email payloads, phishing, and trojans.

Attacking the MBR via an email trojan would be a mightily difficult thing to do reliably. Even the famous Sony rootkit was delivered by physical media inserted in a drive.
 
1 members found this post helpful.
Old 04-28-2011, 11:20 PM   #9
popaabert
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Thumbs up Thanks for the help

I found a program among many and created a live disk.Nuked, burned, blasted erased wiped cust the MBR virus . I won. I burned alot of 000000000000000 in the MBR and destroyed the binary what fowled my drive. Again thanks for the ideas. I am still very new to Linux
lost but not forgot. I know so little about Linux , don't even know what to ask??
 
Old 04-29-2011, 01:27 AM   #10
Telengard
Member
 
Registered: Apr 2007
Location: USA
Distribution: Kubuntu 8.04
Posts: 579
Blog Entries: 8

Rep: Reputation: 147Reputation: 147
Quote:
Originally Posted by popaabert View Post
I know so little about Linux , don't even know what to ask??
Spend some time searching around LQ for topics which interest you. Don't forget these excellent Ubuntu resources as well:
 
Old 04-29-2011, 03:57 AM   #11
widget
Senior Member
 
Registered: Oct 2008
Location: S.E. Montana
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,299

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
Quote:
Originally Posted by Telengard View Post
Spend some time searching around LQ for topics which interest you. Don't forget these excellent Ubuntu resources as well:
The ubuntuguide.org bunch is great. Just follow their directions on setting up and you will not go very far wrong. A lot of real good stuff there that makes it easy for a noob to set up like a pro.

I know this for a fact as I was lucky enough to discover it when I started. Still keep it bookmarked to point other folks to it.
 
  


Reply

Tags
mbr, ubuntu, virus, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which program can boot a copy of the MBR (fake MBR) using mbr.bin Xeratul Linux - Software 6 12-04-2010 12:40 AM
get MBR to show MS Windows and Ubuntu fosopip Linux - Newbie 5 09-09-2008 03:27 PM
Sharing a printer on Ubuntu 7.10 with Windows-computers haraldsf Linux - Networking 4 11-11-2007 05:06 PM
ubuntu: windows took over MBR and can't restore grub eantoranz Linux - Software 3 02-03-2006 09:29 PM
MBR virus problem njbrain General 10 04-05-2005 02:40 AM


All times are GMT -5. The time now is 02:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration