Scanning hidden partitions

[mjf]

When I run Malwarebytes it gives me the option to scan partitions assigned a letter but what about:
1) The hidden factory recovery partition
2) The System reserved (100MB partition
3) The MBR (first 512 bytes on HDD).

Can someone advise what software covers these areas for security checking?

 

[BCXtreme]

I was under the impression that those areas could not be infected because they cannot be altered through any ordinary means. But I could be wrong. I've never heard of a program that can scan them.

 

[mjf]

This is not an area I have any strength in and hence the post. I could envisage situations where code planted in those areas could cause havoc.

 

[mitchell64]

I am really not sure on the in's & out's of this but i had concerns about the system reserved either not getting scanned or being infected so i assigned a drive letter to it so my security software could see it & i could independently scan the partition.

It is probably unnecessary but gave me peace of mind

http://www.sevenforums.com/tutorials/82994-drive-letter-add-change-remove-windows-7-a.html

 

[WindowsStar]

The answer is yes they can become infected.

You have two easy options for scanning them:

1) Use a program that knows how to access them or
2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS

 

[mjf]

The answer is yes they can become infected.

You have two easy options for scanning them:

1) Use a program that knows how to access them or
2) Boot on a CD/DVD AV recovery disc or in a *IX based OS that can scan them. -WS

Are you able to comment on specific software?

 

[WindowsStar]

Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.

 

[mjf]

Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.

:huh:What do you do exactly?

 

[WindowsStar]

Most AV software is supposed to scan them?? I don't rely on software, when I have an issue (virus or otherwise) I always boot off a CD and scan that way I know for sure.

:huh:What do you do exactly?

That can get complicated quickly, due to over 10 years of development. However if you want to get started like we did; download Ubuntu Desktop Edition v10.10 (32-bit). Burn the CD and then you can boot off it. Do a live boot (just boot the CD) don't do the install because you are not installing. Once the disk boots, go to the add applications and add the recommended Anti-Virus software. From there you can scan your machine and the Ubuntu will see all your partitions and the AV will scan them all. This is a bit cumbersome but will give you the basic idea of how this works. We have developed a CD that gives us utilities and AV to repair machines that will not boot or we suspect they have a virus on them. -WS

Download | Ubuntu

 

[mjf]

OK.
The Hirens boot CD (12.0 latest) is grub4dos based and has some AV utilities built in. They could be updated and new ones added.
I'm obviously not getting the reason for this AV checking to be done in a live boot environment ?

For the MBR with a stable partition structure, the MRB should be a static 512byte binary. A bit check of 2 small binaries is probably the safest check against inserted assembly code.