Not sure if this is in the right section but owell.
I ran into the Caphaw Backdoor trojan awhile back with this laptop, when I found out eventually that I had it, (I had it coming anyway, I was torrenting to hell and back), my questions are, I reinstalled Windows xp, SP3 PRO, straight away after doing a few full length Hard drive formats using the windows xp disk, is there any chance of that still existing on the harddrive, at all? I’ve also ran numerous scans which have come up clean, since I built myself a new computer I only use this one VERY rarely.
I’d say you are OK.
You can wait for further confirmation, but I’d say if you wiped the HD and did Full scans you should be good to go.
I wiped the harddrive doing the the full length NTFS (?), and around 3 further installs, (Not sure why, paranoid)
hi Ddm5,
A certain amount of paranoia is possibly quite healthy after something like that.
Disk wiping tools are available (free) that will remove even the most stubborn malware in almost all cases. DBAN is one such: http://www.dban.org/ The only thing DBAN does not state is that it will provide a proof of erasure report when completed, but it is commonly used to sanitize an infected drive or completely remove data on a drive being donated to a recycling center or charitable organization.
But still, I doubt it’s there anymore, even MSE was detecting it, but as I stated, I done plenty of full length wipes, nothing has ever come up, etc.
Likely not. DBAN is an option used for other than formatting a drive. Formatting a drive (quick operation) often just removes the file table but not the personal data and other operating system data, including any malware data. Forensic recovery techniques often are able to recover much, if not all, data left behind after a fresh format. Data remains until it is overwritten by some write operation after a format.
Think of the disk file table as a pointer system to find all files on a disk. Remove that, and data will still be left behind.
We’ll see anyway, As I said, no detections of the virus were found after the formats, etc.
what’s the difference between the quick NTFS format and the full length?
Here is your answer:
http://support.microsoft.com/kb/302686 & http://www.makeuseof.com/tag/difference-windows-full-format-quick-format-technology-explained/ & http://wiki.answers.com/Q/What_is_the_difference_between_a_quick_format_and_full_format
Summary: Full format checks for bad sectors on a hard drive, and attempts to fix any found, quick format does not. MFT (Master File Table) is reset in quick format. (NTFS)
If using a program such as DBAN, wiping function is similar to full format; takes a long time on a large drive; but ensures all data is overwritten and cannot be recovered by forensic means and does check for bad sector errors on the hard drive.
Did you check for remaining attempts to communicate through TCP port 443 as the backdoor tries to do.
Did you also avoid a reinstalled infection from infected peripherals as Backdoor:Win32/Caphaw.A injects itself into the following processes to hinder detection and removal:
* firefox.exe * iexplore.exe * explorer.exe * reader_sl.exe
If you have any of these stored anywhere and re-plug it the backdoor malware will be resurrected. Think about these security tips from Tavis J. Hampton given in this link: http://maketecheasier.com/secure-torrent-downloads/2011/11/02 because of your online behavior.
Watch your legit torrent health with vuze: http://wiki.vuze.com/w/Torrent_health (or go back Azureus when it gets too slimy)
You should however always have at the back of your head that torrenting is being frowned upon to say the least by certain parties and always could come with (un-)intentional crap- and malware for which blocking could not always protect. Furthermore all you do online is being logged and abuse could lead to copyright issues and users aren’t always aware of these facts and consequences. That is why I shun torrents and P2P-ing…
polonus