1

Recently my PC fell subject to some malware. The malware is hidden and all the antivirus software can't find/detect it. The things it has done so far is spyware like, it disabled System Restore from the cloud forcing me to do a local reinstall, which the virus can probably attack by attacking the recovery partition. It also has chrome and edge send around 70ish packets in just a ~10ish minutes to some private IP at port 8009 which is unusual.

I want to wipe my ssd and reset it so I can get a clean start, but from researching, I can't find any way that might work. The reason I want to reset is because I'm paranoid the virus will stay so I want to reset/wipe the SSD

The BIOS doesn't have a Secure Erase option so I can't do it from that.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Galagyy
  • 11
  • 1
  • Boot into a recovery operating system, e.g., a bootable USB stick and completely wipe the ssd. E.g., from the recovery operating system, identify where the (unmounted) ssd is located (e.g., which block device listed under /dev/ on linux recovery operating system) and then wipe it like: sudo dd if=/dev/zero of=/dev/ – hft Oct 12 '21 at 23:10
  • Ok thx ill try that – Galagyy Oct 12 '21 at 23:20
  • 1
    And double, triple, and quadruple check that you have the right destination. "dd" == "Disk Destroyer", an implicit warning that more than one person has nuked their main drive by accident. Heed the implicit warning... and be careful! – MicroservicesOnDDD Oct 13 '21 at 01:33
  • Don't use `dd` on an SSD. It causes write amplification that wears out the flash cells. That's why ATA Secure Erase exists. You can [issue a Secure Erase command using hdparm](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase). All modern SSDs support this command. – Polynomial Oct 13 '21 at 13:09
  • 2
    The following questions are relevant here: [How to erase as much as possible an SSD without ATA Secure Erase?](https://security.stackexchange.com/questions/145950/how-to-erase-as-much-as-possible-an-ssd-without-ata-secure-erase) and [Is it enough to only wipe a flash drive once?](https://security.stackexchange.com/questions/5662/is-it-enough-to-only-wipe-a-flash-drive-once) - they go over the details of wiping an SSD. The fact that the SSD contained malware is immaterial here; in the context of wiping disks it's all just data. – Polynomial Oct 13 '21 at 13:15

1 Answers1

0

Just boot from USB, delete all partitions, and reinstall your OS. No need to use ATA Secure Erase, dd, or anything else.

Deleting the partitions and reinstalling the OS will wipe out any file containing malware, and a full reinstall brings back the OS. But take care while recovering your backups, or you may bring the malware back.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • One caveat: re-initialising the partition table on a legacy BIOS system does leave the boot sector untouched. This is usually not a problem (boot sector malware is rare) but it's worth being aware of. On UEFI there is no boot sector, so re-initialising the partition table is fine. – Polynomial Oct 13 '21 at 13:21
  • Yes, boot malware is still a threat, but I would say a negligible one. Except very rare cases, boot malware usually is just a loader for the rest of the code stored somewhere else. With a reformat, the rest of the code is erased. – ThoriumBR Oct 13 '21 at 17:24