How can a restore partition get corrupted?

  • Thread starter Thread starter philo 
  • Start date Start date
P

philo 

I just worked on a Gateway laptop.
The machine was filled with trojans and almost completely
non-responsive, even after removing them by the use of a Kaspersky
rescue cd.


Backed up the data and attempted a factory restore which could not get
past the part of the post-installation "additional software" stage.

I had to boot to safe mode and remove the startup registry entries.

When all done the system was very sluggish and not acceptable.

After performing a RAM test and hard drive diagnostic and confirming the
H/W was OK I just did a fresh install from DVD and the system works fine.

I'm wondering if the entire hard drive had somehow gotten corrupted?
 
philo said:
I just worked on a Gateway laptop.
The machine was filled with trojans and almost completely
non-responsive, even after removing them by the use of a Kaspersky
rescue cd.


Backed up the data and attempted a factory restore which could not get
past the part of the post-installation "additional software" stage.

I had to boot to safe mode and remove the startup registry entries.

When all done the system was very sluggish and not acceptable.

After performing a RAM test and hard drive diagnostic and confirming the
H/W was OK I just did a fresh install from DVD and the system works fine.

I'm wondering if the entire hard drive had somehow gotten corrupted?
Click to expand...

It's a sitting target. I guess boredom got the better
of the malware writers.

You'd think the files would be signed or protected
with checksums or something.

Paul
 
ph

It's a sitting target. I guess boredom got the better
of the malware writers.

You'd think the files would be signed or protected
with checksums or something.

Paul
Click to expand...



So, it being a hidden diagnostic partition was an easy target then?


Glad I deleted it too.
 
philo said:
So, it being a hidden diagnostic partition was an easy target then?


Glad I deleted it too.
Click to expand...

Nothing on a computer is really "hidden". Only a few
features on a computer, use the "trap door" method, so
software can't override a setting made early
in the operation of the computer. A "hidden" partition
only stays hidden, because nobody could be bothered
to attack it.

As an example, consider what the TestDisk program does.
Namely, scan the disk sequentially looking for partition
types. It can recognize a FAT32 when it finds one, an NTFS,
and so on. It's pretty hard to hide a hidden partition
from such a scan.

What's surprising to me, is that hidden partition isn't attacked
more often. Considering how reliably and thoroughly
the restore points get attacked. Maybe some of those
partitions have better corruption detection than others.

Paul
 
phil

Nothing on a computer is really "hidden". Only a few
features on a computer, use the "trap door" method, so
software can't override a setting made early
in the operation of the computer. A "hidden" partition
only stays hidden, because nobody could be bothered
to attack it.

As an example, consider what the TestDisk program does.
Namely, scan the disk sequentially looking for partition
types. It can recognize a FAT32 when it finds one, an NTFS,
and so on. It's pretty hard to hide a hidden partition
from such a scan.

What's surprising to me, is that hidden partition isn't attacked
more often. Considering how reliably and thoroughly
the restore points get attacked. Maybe some of those
partitions have better corruption detection than others.

Paul
Click to expand...



This is the first machine I've seen with a corrupted "restore" partition
but I guess I should not be surprised.
 
Back
Top