lost_soul Posted January 11, 2014 Report Share Posted January 11, 2014 (edited) I've got a recycled machine here that (used to) be infected with malware. I extracted the Factory.wim file and the corresponding tools which are used to re-apply it from the recovery partition. Then, I booted off my Windows 7 CD and ran those recovery tools to reload the original factory snapshot back on the machine from the Factory.wim file... Yet, paranoia persists. What if the Factory.wim which was on the original installation when it got infected with malware was also secretly contaminated? What if there is still malware there, which gets re-applied when you reload the Factory.wim image? I ran a SHA1 on the Factory.wim file and looked for the string online to see if Factory.wim is exact and hasn't been fucked with, but I found nothing. So, if somebody would be able to check the SHA1 of their Factory.wim on a Dell Inspiron 1525 and tell me the string of letters/numbers, it would allow me to know for sure. What if I email Dell and ask them to tell me the proper SHA1? Do you think I will get a response from somebody who is not useless and who actually understands this? More info here: http://www.johndscomputers.com/2011/work-arounds/geek-friday-dell-factory-restore-when-recovery-partition-is-not-available/ *a guy named John D Carmack*... haha Where have I heard that name before? When I research "malware contaminates factory.wim", all I find are references to AV programs finding false positives in the file and no examples of it actually getting infected. It seems like if you were a malware author, you would be stupid NOT to put your malware in there so the user gets silently re-infected. Edited January 11, 2014 by lost_soul Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
rich_is_bored Posted January 11, 2014 Report Share Posted January 11, 2014 While I won't deny the possibility that a malware author could infect a recovery image, I'm not sure the return is worth the effort. New security vunerabilities are found, exploited, and patched every day. There's not much sense in trying to retain users when you could spend that time exploiting the latest security vunerabilities and netting thousands of new users. If you're really concerned, just wipe the system clean and install a fresh copy of Windows. Nothing of value is lost. Other than Windows itself, it's all shovelware and any drivers you may need can be downloaded. Quote ModWiki Link to comment Share on other sites More sharing options...
Bikerdude Posted January 11, 2014 Report Share Posted January 11, 2014 I'm not sure the return is worth the effort. If you're really concerned, just wipe the system clean and install a fresh copy of Windows. +1 Quote Link to comment Share on other sites More sharing options...
Airship Ballet Posted January 11, 2014 Report Share Posted January 11, 2014 I'm fairly sure Dell machines come with their own recovery utility so you could probably have saved that minimal extra effort anyway. I get a surprising number of people coming to me at work (I'm a network manager) with similar fears but they're usually unfounded. It's been said, but there's no harm in dedicating part of a day to making a clean slate for peace of mind. Quote Releases Quinn Co Part 1 Hey Merry, how's your next mission coming along? Link to comment Share on other sites More sharing options...
ezze Posted January 12, 2014 Report Share Posted January 12, 2014 (OT I think you should not install Windows at all) But still, if your computer get infected and you are worried. Why not just erase everything? Deleting the partition table should be enough, but you can delete everything to be sure. Deleting everything will require many hours, however. Quote Link to comment Share on other sites More sharing options...
Lux Posted January 12, 2014 Report Share Posted January 12, 2014 I'd say if you restore the factory image, then install your AV / malwarebytes and run boot scans of each and you're clean?? The factory.wim is clean. It was no doubt infected prior to any current updates for scans so if current scans are clean, its probably clean. If you do that and also notice no odd behavior, I wouldn't worry about it. Quote Link to comment Share on other sites More sharing options...
Bikerdude Posted January 12, 2014 Report Share Posted January 12, 2014 Deleting everything will require many hours, however.You mean doing a secure wipe, yes that would take a few hours. Buyt doinga partition wipe and then a full format of the hard drive wont take that long. Quote Link to comment Share on other sites More sharing options...
ezze Posted January 13, 2014 Report Share Posted January 13, 2014 You mean doing a secure wipe, yes that would take a few hours. Buyt doinga partition wipe and then a full format of the hard drive wont take that long.Thats what I said, isn't it? To delete the partition table you just need to delete about a megabyte in the beginning (and possibly the end depending on the kind of partitioning) of data. Deleting everything means to write on every sector of the disk. Quote Link to comment Share on other sites More sharing options...
Airship Ballet Posted January 13, 2014 Report Share Posted January 13, 2014 Depends on the speed of your hardware but there's nothing stopping you from setting it off overnight. Quote Releases Quinn Co Part 1 Hey Merry, how's your next mission coming along? Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.