Does reformatting the drive really removes spywares and viruses

Solution 1:

Yes. Format drive will remove everything including spywares and virus and also your valuable data. Backup your data first before format.

However, there is a sector in Hard Drive that Format would touch. This is the first sector in Hard Drive, the Master Boot Record (MBR). In DOS or Windows 9x time, some smart viruses alter the MBR code and reside in the sector. Even format the drive wouldn't remove the virus completely.

It is advisable you also do rewrite MBR to make sure all malicious code are gone.

To format MBR in DOS/Windows 9x/Windows XP, use

FDISK /MBR

To format MBR in Windows Vista / Windows 7, use bootrec.exe in Windows Recovery Environment:

bootrec.exe /FixMbr

Read the following article for information on how to start Windows Recovery Environment:

How to use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startup issues in Windows

Solution 2:

In addition to what the others have said, used to be a lot of MBR viruses that you couldn't remove simply by reformatting--you had to also overwrite the master boot record. Now MBR viruses seem to be less common, but they do still exist.

Back in the day, MBR viruses spread via floppy disks. As removable media has advanced, so have viruses, trojans, worms, and other malware. Modern malware can spread via USB flash drives and network shares, and is sometimes self-propagating (that is, it is executed via some automated mechanism and it and replicates on its own, without your intervention).

For the most part, if you reformat your drive, you should be safe. But if you use a disk wiping utility like DBAN or write zeroes to the drive, you are guaranteed to be rid of the malware, unless you get reinfected from the original source or some other infected device.

Before you wipe your hard drive, be sure to backup all your data, and from that point forward, treat the entire backup as a possible source of infection, until you've thoroughly scanned all the backed up files with several top-rated antivirus/anti-malware tools.

Solution 3:

You must understand that Windows(or any OS) will only execute files that it "knows" are there. Windows "doesn't know" that the file is there if it is marked as being overwritable.

So, put simply. If you mark the infected files as being overwriteable, then it will be next to impossible to get Windows to execute those files. In fact, the only way would be if you had a really (read: virus that does not yet exist) persistent virus, or if you used tools to recover the deleted files and then executed the deleted files.

Once is it marked as deleted, it won't be executed again. Thus, even though the virus is still on your harddrive(technically), Windows will not run it, so it is effectively neutralized.

Solution 4:

Malware in general is only a problem when it is run.

For example, If you have a .exe that contains code which will install a backdoor, the file itself is classed as a virus but will do no damage unless it is run.

As for formatting your hard drive / reinstalling Windows - if you copy all your data back without knowing where/what the virus is, there is a chance it still there, but as pure data, not doing any damage until it is executed.

Regarding Delete vs Shift+Delete. The first simply moves it to the recycle bin (where you can then choose to delete), The second basically skips out the recycle bin. When a file is in the recycle bin, it is not really deleted and can still be run (in fact, some viruses hide out in the recycle bin system folder).

Even if the file has not yet been written over, a proper delete (NOT recycle bin) would mean that it cannot be executed.

I should just point out and warn you that what I say above is mainly true, however it is possible that malware was installed by taking advantage of a flaw / security hole on your machine - For example, a while ago, there was a bug with WMF images, so if you just selected a picture that had the virus attached, it was possible that Windows would get infected whilst generating the preview.