Viral Partition Mucking?

Status
Not open for further replies.
hikaricloud

hikaricloud

Golden Master
Messages
6,220
Location
USA
In our shop, we've recently had a computer literally downloaden with viral problems. Ewido literally picked up 5,518 infected objects, most of which were viruses/trojans. So in the end, we had no choice but to rewrite it.

I go into the Windows XP setup, and it says that pci.sys is corrupted on the disk, and ends setup on the spot, a record 8 seconds into loading.

So, I break out a Windows 98 boot disk to run fdisk, to delete the partition, because I knew for a fact that my disk is not corrupted, having just used it not an hour before. I view the partitions in fdisk, and to my suprise, not only is there the main NTFS partition, but another one, only 31mb large, simply labeled "Non-DOS", with no % of usage, which I have never seen before.

I deleted both partitions, and setup ran fine.

So...after the long story here.

My question is, has anyone ever heard of a virus that resizes the main partition, creating it's own unmounted partition to possibly hide itself in? Because at this point and time, it seems likely that either there is, or there's one coming out. Can anyone shed some light on this?
 
dells and other brands will hide a recovery or diagnostic partition that is not mounted so ppl can't mess with it. was this an OEM machine?
 
It's an OEM, yes. I know HP/Compaq would have the recovery partitions, but they are mounted, just made so you are not able to muck with the contents.

We have worked on many Dells in the past, and never had a Non-DOS partition that wasn't an ntfs, especially so small. Were it a recovery partition, it would be much larger, taking up several gb of space...even a disgnostic partition would have more space set aside. But 31mb?
 
No virus can repartition the hard drive.

This 31MB is a diagnostic partition used for the Dell Diagnostic Software program (Not always installed and sometimes removed before shipment.. but the HD is still partitoned that way).

There has been some issues with this partition and installing XP as you get the error about pci.sys being corrupted. If you run the debug script and delete that partiton it will fix the problem.

http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=1011054


Depending on what date the PC was shipped...

The utility partition contains the Dell Hardware Diagnostics, which you can use to troubleshoot possible hardware failures. When invoked, the utility partition boots to the system diagnostics. When the partition is not invoked, it is designated as a non-DOS partition, and will not show up as a drive if you look in My Computer.
Click to expand...
 
Ah, thanks for clearing that up.

I didn't think it was possible to repartition the HD by viral methods, but a 31mb diagnostic partition seemed unlikely to me. :slow: But leave it to Dell, aye?

Again, thanks. :)
 
Status
Not open for further replies.

Similar threads

P
Shared Folders and redirected Folders
Replies
0
Views
322
Paul Kinyanjui
P
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
446
Joe C
Joe C
R
Help for my homelab
Replies
1
Views
589
PP Mguire
PP Mguire
R
windows upgrade nightmare (dell laptop from home to pro win11)
Replies
8
Views
1K
camilasaunder89
C
P
VMware vs Hyper V
Replies
8
Views
1K
zahra batool
Z
Back
Top Bottom