 |
Windows 7: Scanning hidden partitions
|
28 Dec 2010
|
#1 | |
Windows 7x64 Home Premium SP1 x 2 Australia |
Scanning hidden partitions
When I run Malwarebytes it gives me the option to scan partitions assigned a letter but what about:
1) The hidden factory recovery partition
2) The System reserved (100MB partition
3) The MBR (first 512 bytes on HDD).
Can someone advise what software covers these areas for security checking?
| My System Specs |
| System Manufacturer/Model Number Own build (+ Recased Acer Aspire x1800)
OS Windows 7x64 Home Premium SP1 x 2
CPU Intel i7 2600k
Motherboard ASUS P8Z68 Deluxe
Memory G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution 1920x1080
Keyboard Logitech MK520 (wireless)
Mouse Logitech MK520
PSU Seasonic M12II 520W
Case Lian Li Lancool PC-K60
Cooling Case: 1x120mm, 3x140mm CPU: Hyper 212+
Hard Drives Crucial M4 128GB (000F), Seagates 1TB Barracuda ST31000528AS +
Internet Speed 6-7 Mbps
Antivirus Norton NIS, Malwarebytes on 2 (MSE on 3rd PC)
Browser FireFox
Other Info Audio: Logitech Z523 2.1
|
28 Dec 2010
|
#2 | |
Windows 7 Home Premium x64 Liberty University |
I was under the impression that those areas could not be infected because they cannot be altered through any ordinary means. But I could be wrong. I've never heard of a program that can scan them. | | My System Specs | | System Manufacturer/Model Number Alienware X51
OS Windows 7 Home Premium x64
CPU Intel Core i7-2600 @3.40GHz
Memory 8.00GB DDR3
Graphics Card NVIDIA GeForce GTX 555 w/1.0GB RAM
Monitor(s) Displays BenQ XL2420TX
Screen Resolution 1920x1080@120Hz
Keyboard Logitech Wireless Illuminated Keyboard K800
Mouse Razer Orochi
PSU 330-watt
Hard Drives 1TB
Internet Speed Campus Internet
|
28 Dec 2010
|
#3 | |
Windows 7x64 Home Premium SP1 x 2 Australia |
This is not an area I have any strength in and hence the post. I could envisage situations where code planted in those areas could cause havoc. | | My System Specs | | System Manufacturer/Model Number Own build (+ Recased Acer Aspire x1800)
OS Windows 7x64 Home Premium SP1 x 2
CPU Intel i7 2600k
Motherboard ASUS P8Z68 Deluxe
Memory G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution 1920x1080
Keyboard Logitech MK520 (wireless)
Mouse Logitech MK520
PSU Seasonic M12II 520W
Case Lian Li Lancool PC-K60
Cooling Case: 1x120mm, 3x140mm CPU: Hyper 212+
Hard Drives Crucial M4 128GB (000F), Seagates 1TB Barracuda ST31000528AS +
Internet Speed 6-7 Mbps
Antivirus Norton NIS, Malwarebytes on 2 (MSE on 3rd PC)
Browser FireFox
Other Info Audio: Logitech Z523 2.1
|
28 Dec 2010
|
#4 | |
Windows Seven Home Premium 32bit SP1 New Zealand |
I am really not sure on the in's & out's of this but i had concerns about the system reserved either not getting scanned or being infected so i assigned a drive letter to it so my security software could see it & i could independently scan the partition.
It is probably unnecessary but gave me peace of mind Drive Letter - Add, Change, or Remove in Windows 7 | | My System Specs | | System Manufacturer/Model Number Hewlett Packard Compaq Presario CQ60-305au
OS Windows Seven Home Premium 32bit SP1
CPU AMD Athlon QI46 2.1Ghz
Motherboard Wistron 303c
Memory 2048 Mb DDR2 SD RAM
Graphics Card NVidea GE GoForce 8200M G/256mb dedicated graphics memory
Sound Card MCP78S NVidea high definition
Monitor(s) Displays 15.6" High definition Brightview Widescreen
Screen Resolution 1336x768
Hard Drives Toshiba MK2555GSX ATA
|
28 Dec 2010
|
#5 | |
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64) Earth - I wish I was on Risa |
The answer is yes they can become infected.
You have two easy options for scanning them:
1) Use a program that knows how to access them or
2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS | | My System Specs | | System Manufacturer/Model Number Dell OP760
OS Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory 8GB
Monitor(s) Displays 2 Dell 19" LCD
Screen Resolution 1280x1024
Keyboard Dell
Mouse Dell Optical
Internet Speed 40meg
|
29 Dec 2010
|
#6 | |
Windows 7x64 Home Premium SP1 x 2 Australia |
Quote: Originally Posted by WindowsStar  The answer is yes they can become infected.
You have two easy options for scanning them:
1) Use a program that knows how to access them or
2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS Are you able to comment on specific software? | | My System Specs | | System Manufacturer/Model Number Own build (+ Recased Acer Aspire x1800)
OS Windows 7x64 Home Premium SP1 x 2
CPU Intel i7 2600k
Motherboard ASUS P8Z68 Deluxe
Memory G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution 1920x1080
Keyboard Logitech MK520 (wireless)
Mouse Logitech MK520
PSU Seasonic M12II 520W
Case Lian Li Lancool PC-K60
Cooling Case: 1x120mm, 3x140mm CPU: Hyper 212+
Hard Drives Crucial M4 128GB (000F), Seagates 1TB Barracuda ST31000528AS +
Internet Speed 6-7 Mbps
Antivirus Norton NIS, Malwarebytes on 2 (MSE on 3rd PC)
Browser FireFox
Other Info Audio: Logitech Z523 2.1
|
29 Dec 2010
|
#7 | |
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64) Earth - I wish I was on Risa |
Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure. | | My System Specs | | System Manufacturer/Model Number Dell OP760
OS Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory 8GB
Monitor(s) Displays 2 Dell 19" LCD
Screen Resolution 1280x1024
Keyboard Dell
Mouse Dell Optical
Internet Speed 40meg
|
30 Dec 2010
|
#8 | |
Windows 7x64 Home Premium SP1 x 2 Australia |
Quote: Originally Posted by WindowsStar Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.  What do you do exactly? | | My System Specs | | System Manufacturer/Model Number Own build (+ Recased Acer Aspire x1800)
OS Windows 7x64 Home Premium SP1 x 2
CPU Intel i7 2600k
Motherboard ASUS P8Z68 Deluxe
Memory G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution 1920x1080
Keyboard Logitech MK520 (wireless)
Mouse Logitech MK520
PSU Seasonic M12II 520W
Case Lian Li Lancool PC-K60
Cooling Case: 1x120mm, 3x140mm CPU: Hyper 212+
Hard Drives Crucial M4 128GB (000F), Seagates 1TB Barracuda ST31000528AS +
Internet Speed 6-7 Mbps
Antivirus Norton NIS, Malwarebytes on 2 (MSE on 3rd PC)
Browser FireFox
Other Info Audio: Logitech Z523 2.1
|
30 Dec 2010
|
#9 | |
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64) Earth - I wish I was on Risa |
Quote: Originally Posted by mjf
Quote: Originally Posted by WindowsStar Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure. What do you do exactly? That can get complicated quickly, due to over 10 years of development. However if you want to get started like we did; download Ubuntu Desktop Edition v10.10 (32-bit). Burn the CD and then you can boot off it. Do a live boot (just boot the CD) don't do the install because you are not installing. Once the disk boots, go to the add applications and add the recommended Anti-Virus software. From there you can scan your machine and the Ubuntu will see all your partitions and the AV will scan them all. This is a bit cumbersome but will give you the basic idea of how this works. We have developed a CD that gives us utilities and AV to repair machines that will not boot or we suspect they have a virus on them. -WS Download | Ubuntu | | My System Specs | | System Manufacturer/Model Number Dell OP760
OS Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory 8GB
Monitor(s) Displays 2 Dell 19" LCD
Screen Resolution 1280x1024
Keyboard Dell
Mouse Dell Optical
Internet Speed 40meg
|
30 Dec 2010
|
#10 | |
Windows 7x64 Home Premium SP1 x 2 Australia |
OK.
The Hirens boot CD (12.0 latest) is grub4dos based and has some AV utilities built in. They could be updated and new ones added.
I'm obviously not getting the reason for this AV checking to be done in a live boot environment ?
For the MBR with a stable partition structure, the MRB should be a static 512byte binary. A bit check of 2 small binaries is probably the safest check against inserted assembly code. | | My System Specs | | System Manufacturer/Model Number Own build (+ Recased Acer Aspire x1800)
OS Windows 7x64 Home Premium SP1 x 2
CPU Intel i7 2600k
Motherboard ASUS P8Z68 Deluxe
Memory G.Skill Ripjaws (DDR3-1600) 2x4GB
Graphics Card Nvidia GeForce GTS 450; Intel HD Graphics 3000(GT2+)
Monitor(s) Displays Dell Ultrasharp IPS panel U2311H, Samsung SyncMaster P2350
Screen Resolution 1920x1080
Keyboard Logitech MK520 (wireless)
Mouse Logitech MK520
PSU Seasonic M12II 520W
Case Lian Li Lancool PC-K60
Cooling Case: 1x120mm, 3x140mm CPU: Hyper 212+
Hard Drives Crucial M4 128GB (000F), Seagates 1TB Barracuda ST31000528AS +
Internet Speed 6-7 Mbps
Antivirus Norton NIS, Malwarebytes on 2 (MSE on 3rd PC)
Browser FireFox
Other Info Audio: Logitech Z523 2.1
Scanning hidden partitions problems? All times are GMT -5. The time now is 01:58 AM. |  |
HELP ! Virus set all my folders on my partitions to be hidden ! HELP ! 
