Jump to content
The Dark Mod Forums

Anybody got a Dell Inspiron 1525 and willing to do me a favor?


lost_soul

Recommended Posts

I've got a recycled machine here that (used to) be infected with malware. I extracted the Factory.wim file and the corresponding tools which are used to re-apply it from the recovery partition. Then, I booted off my Windows 7 CD and ran those recovery tools to reload the original factory snapshot back on the machine from the Factory.wim file...

 

 

Yet, paranoia persists. What if the Factory.wim which was on the original installation when it got infected with malware was also secretly contaminated? What if there is still malware there, which gets re-applied when you reload the Factory.wim image? I ran a SHA1 on the Factory.wim file and looked for the string online to see if Factory.wim is exact and hasn't been fucked with, but I found nothing.

 

So, if somebody would be able to check the SHA1 of their Factory.wim on a Dell Inspiron 1525 and tell me the string of letters/numbers, it would allow me to know for sure. What if I email Dell and ask them to tell me the proper SHA1? Do you think I will get a response from somebody who is not useless and who actually understands this?

 

More info here: http://www.johndscomputers.com/2011/work-arounds/geek-friday-dell-factory-restore-when-recovery-partition-is-not-available/

 

*a guy named John D Carmack*... haha Where have I heard that name before?

 

When I research "malware contaminates factory.wim", all I find are references to AV programs finding false positives in the file and no examples of it actually getting infected. It seems like if you were a malware author, you would be stupid NOT to put your malware in there so the user gets silently re-infected.

Edited by lost_soul

--- War does not decide who is right, war decides who is left.

Link to comment
Share on other sites

While I won't deny the possibility that a malware author could infect a recovery image, I'm not sure the return is worth the effort. New security vunerabilities are found, exploited, and patched every day. There's not much sense in trying to retain users when you could spend that time exploiting the latest security vunerabilities and netting thousands of new users.

 

If you're really concerned, just wipe the system clean and install a fresh copy of Windows. Nothing of value is lost. Other than Windows itself, it's all shovelware and any drivers you may need can be downloaded.

Link to comment
Share on other sites

I'm fairly sure Dell machines come with their own recovery utility so you could probably have saved that minimal extra effort anyway. I get a surprising number of people coming to me at work (I'm a network manager) with similar fears but they're usually unfounded. It's been said, but there's no harm in dedicating part of a day to making a clean slate for peace of mind.

Link to comment
Share on other sites

(OT I think you should not install Windows at all)

 

But still, if your computer get infected and you are worried. Why not just erase everything? Deleting the partition table should be enough, but you can delete everything to be sure. Deleting everything will require many hours, however.

Link to comment
Share on other sites

I'd say if you restore the factory image, then install your AV / malwarebytes and run boot scans of each and you're clean?? The factory.wim is clean. It was no doubt infected prior to any current updates for scans so if current scans are clean, its probably clean.

 

If you do that and also notice no odd behavior, I wouldn't worry about it.

Link to comment
Share on other sites

You mean doing a secure wipe, yes that would take a few hours. Buyt doinga partition wipe and then a full format of the hard drive wont take that long.

Thats what I said, isn't it? To delete the partition table you just need to delete about a megabyte in the beginning (and possibly the end depending on the kind of partitioning) of data. Deleting everything means to write on every sector of the disk.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...