hikaricloud
Golden Master
- Messages
- 6,220
- Location
- USA
In our shop, we've recently had a computer literally downloaden with viral problems. Ewido literally picked up 5,518 infected objects, most of which were viruses/trojans. So in the end, we had no choice but to rewrite it.
I go into the Windows XP setup, and it says that pci.sys is corrupted on the disk, and ends setup on the spot, a record 8 seconds into loading.
So, I break out a Windows 98 boot disk to run fdisk, to delete the partition, because I knew for a fact that my disk is not corrupted, having just used it not an hour before. I view the partitions in fdisk, and to my suprise, not only is there the main NTFS partition, but another one, only 31mb large, simply labeled "Non-DOS", with no % of usage, which I have never seen before.
I deleted both partitions, and setup ran fine.
So...after the long story here.
My question is, has anyone ever heard of a virus that resizes the main partition, creating it's own unmounted partition to possibly hide itself in? Because at this point and time, it seems likely that either there is, or there's one coming out. Can anyone shed some light on this?
I go into the Windows XP setup, and it says that pci.sys is corrupted on the disk, and ends setup on the spot, a record 8 seconds into loading.
So, I break out a Windows 98 boot disk to run fdisk, to delete the partition, because I knew for a fact that my disk is not corrupted, having just used it not an hour before. I view the partitions in fdisk, and to my suprise, not only is there the main NTFS partition, but another one, only 31mb large, simply labeled "Non-DOS", with no % of usage, which I have never seen before.
I deleted both partitions, and setup ran fine.
So...after the long story here.
My question is, has anyone ever heard of a virus that resizes the main partition, creating it's own unmounted partition to possibly hide itself in? Because at this point and time, it seems likely that either there is, or there's one coming out. Can anyone shed some light on this?