Windows 7: Can I get rid of a mystery partition?

I'd been struggling for months to get rid of a malware infection on my Dell XPS 410, I went through the removal drill on 3 different security forums, each time being pronounced clean at the end, and all scans coming up clear -- as they generally had all along. As one forum helper commented, "The symptoms which you describe indicate a significant infection, but I'm not seeing much indication of that in the logs". But the identical problems would always return soon after, even during my several days of total computer "quarantine", the time during which I'd reconnect neither my ethernet cable nor external USB drives, or reinstall any programs.

I ended up buying a new Dell XPS Studio and have at last been again free of these troubles in the month or so since. But wanting still to beat the bugs on the XPS 410 I've kept tinkering with it. I finally noticed something on the 410 when I was running Killdisk on it a couple of days ago. The program shows (besides UBCD showing up as Floppy Drive A) the local partition 80h, which is easily deleted and zero-filled, but unlike any other partition utilities which I've run it also indicates the presence of an 800meg 81h partition (or device) which I've been unable to delete or zero-fill -- trying just gets me locked into a continuous echo of read/write errors. Killdisk always shows the 80h partition with only zero bits all through after it's been run, but the little 81h partition retains its data (whatever it is), formatted in FAT32 (I always format my partitions in NTFS). Even exploring the drive from my Ubuntu installation shows nothing unusual.

A similar partition is not on the new machine, and its presence on the 410 may be just some sort of remnant from the Dell OEM XP Home OS I suppose, from before I tried unsuccessfully to get rid of the problem by installing Windows 7 Premium with a clean install, but it does make me wonder whether this may be where the incredibly persistent bugs may have been residing all this time.

Might this be possible, and any advice on how I could get this partition off the drive?



Thanks,
papilio
.

You can try this free software:

Easeus Partition Master Home Edition - Free software downloads and software reviews - CNET Download.com

All sorts of information on 81h, and all conflicting.

Thanks Lemur! I'll check that out right away and post results.

If no joy then you could try a GParted live cd.
Browse GParted Files on SourceForge.net

Sounds like you have an enabled security chip in your system that is setting up the HDD for a lojack install. If rcpnet.exe is running in task manager and the option to disable the security chip isn't present in the security section of BIOS, that would confirm my suspicions. The only way to get rid of it is to flash a new BIOS, zero the entire HDD and reinstall windows.

Hi MadTown. That was one of the options suggested for 81h (the bios part). At first I thought it might be a rootkit.

The good news is, if my suspicions are correct, it's not malicious, even though there's no way to get rid of it short of reflashing the bios and wiping the HDD

Thanks again everyone! I first wanted to make a custom Ubuntu live CD with Remastersys (more useful I think and a bit quicker than ghosting with Clonezilla). I had installed Windows 7 on Ubuntu with Virtualbox last week, but have so far had trouble getting it to work correctly, so right now I'm zeroing out the 500gig HDD and will then do another clean install of Windows 7, then try the options so far suggested.

There's probably a quicker way, but I'm still a noob with Ubuntu.

Also, I know that I could get instructions for flashing the BIOS by googling, but to be quicker could anyone describe the procedure for me? Thanks.

It may not be possible to reflash the bios yourself. Dell is particularly anal about locking down otherwise adjustable BIOS settings, and the application to flash the bios that is available from dell support will only work if it hasn't been updated. The currently available updated bios version is 2.5.3, so if a different BIOS version appears at POST you should be able to update it...

Flashing the bios on an XPS 410, (and most other older Dells), is a matter of downloading the update, setting it to run in compatibility mode for windows vista, and running it as an administrator. I've done it dozens of times without a hitch. The main thing to remember is run the bios flash on a freshly installed OS with no antivirus or other security software installed, and make sure there are no other running applications before you start.

However, don't do it unless the problem reappears after zeroing the HDD and reinstalling windows andyou've checked that one or both of the other symptoms are present (rcpnet.exe in task manager and/or an unchangable or missing setting for the security chip) Otherwise you're wasting your time on something that won't solve the problem.

How about hooking the hard drive up to another system and deleting the partition/formatting from there?

Would that work?