From: Florian Specker (florianspecker.li)
Date: Mon Aug 28 2006 - 11:44:17 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Scott,

did you consider the possibility that the bad sector was not caused by
the rootkit? It's not uncommon that a disc contains bad sectors, which
you only remark when you actually read such a sector (or the whole disc,
e.g. dd it to another disc). Try to low-level format the disc after
investigating the incident.

Another possibility is some SMART-related function, but that is pure
speculation, as I don't know too much about these features.

Cheers & good luck cleaning up,
Florian

scott wrote:
> I had a probable rootkit in ubuntu dapper that proved to be more
> persistent than I thought possible.I did rkhunter and showed some
> anomalies in /dev/...Trying to track those dir's down proved
> elusive,even with root enabled(in ubuntu,root is disabled by default.You
> can still sudo, but no su without certain switches,)the dir's
> effectively hid from my view.
> So I decided to reinstall a clean slate.This is when I encounter
> problems that don't make sense.
> As the install progresses to the partitioning of the disc,I opt for the
> erase whole disc option.It progresses to a certain point and then quits
> with an error..repeatedly.
> I filed a bug report with launchpad,but my question is this:Can any
> malware you are aware of write-protect certain segments of a HD,without
> BIOS support?Or is there a BIOS trojan that I'm not aware of in Linux?Is
> this even possible with a hardened system?
> Is this even possible in any system,Windows included?
> What I.m asking is : Can any malware write-protect sectors on a HD that
> survive repartioning?
> Sounds really crazy,huh?
> Thanks,Scott
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]