Scanning hidden partitions


  1. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
       #1

    Scanning hidden partitions


    When I run Malwarebytes it gives me the option to scan partitions assigned a letter but what about:
    1) The hidden factory recovery partition
    2) The System reserved (100MB partition
    3) The MBR (first 512 bytes on HDD).

    Can someone advise what software covers these areas for security checking?
      My Computer


  2. Posts : 872
    Windows 7 Home Premium x64
       #2

    I was under the impression that those areas could not be infected because they cannot be altered through any ordinary means. But I could be wrong. I've never heard of a program that can scan them.
      My Computer


  3. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
    Thread Starter
       #3

    This is not an area I have any strength in and hence the post. I could envisage situations where code planted in those areas could cause havoc.
      My Computer


  4. Posts : 408
    Windows Seven Home Premium 32bit SP1
       #4

    I am really not sure on the in's & out's of this but i had concerns about the system reserved either not getting scanned or being infected so i assigned a drive letter to it so my security software could see it & i could independently scan the partition.

    It is probably unnecessary but gave me peace of mind

    https://www.sevenforums.com/tutorials...ndows-7-a.html
      My Computer


  5. Posts : 2,737
    Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
       #5

    The answer is yes they can become infected.

    You have two easy options for scanning them:

    1) Use a program that knows how to access them or
    2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS
      My Computer


  6. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
    Thread Starter
       #6

    WindowsStar said:
    The answer is yes they can become infected.

    You have two easy options for scanning them:

    1) Use a program that knows how to access them or
    2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS
    Are you able to comment on specific software?
      My Computer


  7. Posts : 2,737
    Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
       #7

    Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.
      My Computer


  8. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
    Thread Starter
       #8

    WindowsStar said:
    Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.
    What do you do exactly?
      My Computer


  9. Posts : 2,737
    Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
       #9

    mjf said:
    WindowsStar said:
    Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.
    What do you do exactly?
    That can get complicated quickly, due to over 10 years of development. However if you want to get started like we did; download Ubuntu Desktop Edition v10.10 (32-bit). Burn the CD and then you can boot off it. Do a live boot (just boot the CD) don't do the install because you are not installing. Once the disk boots, go to the add applications and add the recommended Anti-Virus software. From there you can scan your machine and the Ubuntu will see all your partitions and the AV will scan them all. This is a bit cumbersome but will give you the basic idea of how this works. We have developed a CD that gives us utilities and AV to repair machines that will not boot or we suspect they have a virus on them. -WS

    Download | Ubuntu
      My Computer


  10. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
    Thread Starter
       #10

    OK.
    The Hirens boot CD (12.0 latest) is grub4dos based and has some AV utilities built in. They could be updated and new ones added.
    I'm obviously not getting the reason for this AV checking to be done in a live boot environment ?

    For the MBR with a stable partition structure, the MRB should be a static 512byte binary. A bit check of 2 small binaries is probably the safest check against inserted assembly code.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:32.
Find Us