Preparing new hard drive?

[pgoelz]

I just won an Ebay auction for a used Hitachi 60GB drive from an X40. I plan on using this drive in my (currently 40GB) X41. I am familiar with how to delete old partitions and migrate from the old drive to the new (used) drive using Acronis True Image. This process will be done from the bootable Acronis CD and should eradicate any conventional viruses.

What I am NOT sure about is how to make sure that I kill any possible rootkit infections. I see lots of rootkit removal tools but they are all focused on existing (running) installations. Since this will in essence be a format and start over process, how do I wipe out any rootkits? Can I simply rewrite the MBR and partition table?

Thanks,
Paul

[aaa]

Acronis eliminates viruses? Are you really reformatting (which would eliminate viruses) or are you making a copy (which would copy the viruses as well)?

I don't think viruses and rootkits hang out in the MBR often. I suppose you can use a drive blanker like DBan or something to be sure.


If you are making a copy, then easiest way to eliminate them is to run a virus scan on the drive when it's not in the computer. If the disk's OS never gets started up, the viruses and rootkits don't get a chance to start up and hide themselves.

[pgoelz]

In this case, yes Acronis eliminates viruses. My original hard drive is clean. I am only concerned about what the new (used) drive might contain.

Since I will be deleting all existing partitions on the new drive, repartitioning and then overwriting with the restored image from the old drive via Acronis, I am not concerned about any conventional viruses on the new drive.

But I do not really understand rootkits and have the impression that they might survive such a reimaging operation. Don't they live in the MBR area and thus outside the reach of virus scanners and simple drive erasing operations?

EDIT:
Just did some more reading and perhaps I am being too paranoid? Somewhere I got the impression that a rootkit involved code outside the normal partition structure and therefore immune to reformatting and / or repartitioning. But I was not able to find references to that in what I read. So maybe a reformat and then restore from the clean image from my old drive is sufficient. Or maybe even add a total wipe via Acronis Drive Cleaner??

Paul

[aaa]

Apparently there is one recent MBR rootkit. It was pretty rare before. Most of the ones I've seen don't live in the MBR. They exist as ordinary files, and set themselves up to load deep into the system very early. Once in, they block any attempts to "see" them, making the file they came from invisible.


I don't know if Acronis totally overwrites everything, but a nothing will survive a total overwrite. A drive erasing operation should overwrite the MBR if it's any good (I'm sure the Drive Cleaner should do it).

[pgoelz]

Probably isn't a bad time to run Rootkit Revealer and the one from Grisoft as well even before I swap hard drives. I THINK my existing system is clean but you never know. I do know I have NOT bought anything from Sony lately

I did buy the X41 used, though. It appeared to have been restored from the factory restoration partition and I tweaked it from there to remove some of the bloatware. It is running fine with no odd behavior and has been for about a year, but you never know.....

Paul