can virus/spyware corrupt recovery partition?

Hi All,

I bought a HP-Pivilion DV14-1551dx a month back and I haven't created recovery discs yet. After a month of usage I suspect some virus and spyware in my laptop because some of my friends browsed unprotected websites. Will the virus and spyware affect the recovery partition? Now if I create a recovery disc from the recovey partition will it be safe to use those discs or will it be affected by virus and spyware?

Thanks

 

Highly doubt it, the virus would need to know how the recovery CD creator fuctions before it can infect any of the files prior to burning it. Most viruses are designed to attach themselves to the active operating system and do the damage.

But to be safe download AVIRA, AVAST! or AVG and scan it

 

thanks for your reply. the machine has a factory installed recovery partition on drive D: (i guess it's an image of Win 7 and other factory installed softwares) and the Win 7 OS is running on drive C:. now i want to make recovery discs from the recovery partition D: using the recovery manager software provided by the manufacturer. i ran a full system scan using norton and it says no virus found but what i am concerned about is when norton gives a report of the scan result about the number of files scaned, no of files infected etc., it says many files skipped. are there any chances that the virus or spyware had corrupted this recovery partition?

 

Hi,
I think u shud install an antispyware application to ur PC in order to protect not only ur recovery partition but ur whole system. If u wish i can suggest u one application, " Advanced System Protector",
It not only clean ur system from spywares but also it gives routine updates of the latest definitions and is very easy to use..
The On Execution Scanner & Alert Shields make it more efficient in the case of internet access.
For me the Advanced System Protector is the Best Antispyware...U can also give a try...

free version of ASP is also available at cnet

 

There's always a chance that something that can figure out how to write to hardware addresses can corrupt a system, including a drive that can be accessed through the OS. If it's possible for the virus/spyware to figure out how to mount/enable the recovery partition, and if the virus/spyware "knows" how to read it (ie has it's own custom drivers to view/edit the system recovery partition), then yes, it can corrupt that.

That is, however, doubtful. The hp recovery partition (as is the case with Dells) is a semi-proprietary partition that's normally hidden from the OS, and can't even be mounted for normal viewing by the OS. The data that's stored in there doesn't follow the standard file system format (though it is a known format), so it's not necessarily readable by the OS. However, if the virus was able to mount that space as some generic space, then start writing random stuff all over it, it could corrupt the partition, but that would be a total corruption. That's not to say that someone could reverse engineer how it's done, and write a tool to be able to do that. But I would think that it's improbable.

As for infection of the other partition, that's even less likely, IMO. To do that, they'd have to figure out how to mount the partition into the OS (or sub OS), then read the data that's there, then write the correct bytes to the right places to actually infect (not just corrupt to make unusable) the data.

One of your best bets at this point is to actually do some system scans of your computer with the various high-quality free AV and anti-spyware tools (look for reviews from trusted professional web sites, not simply forum posts on random forums).

 

Bottom line, if your machine is infected/compromised, you need to assume that everything on the machine is infected/compromised.

"Recovery partitions" are very well documented and standardized. It would be very easy for malware to infect those areas. The code to read/write so-called recovery partitions is open source.

Because a partition may be hidden from the Microsoft OS means nothing. It's just hidden from YOU with the tools YOU are using.

Nothing to stop other people from using other tools.

 

one thing I have seen, and I am not exactly sure how they managed it, was not malware corrupting the recovery partition, but saving itself into the free space left on the partition as a hidden file. It was quite a while since I saw that, I can't recall what the virus/file name was (it popped up some kind of MS looking window that warned that a crucial windows security feature was turned off), but in this particular case, the system would get the virus soon after running a system recovery, because the recovery partition is not formatted. Again, I am not sure how they managed to get the thing to execute, but I had to format the hdd and reinstall from disks to get rid of it.