is virus inflict any volume which has removed by diskpart?

Discussion in 'Application Software' started by hitendra, Jun 19, 2011.

  1. hitendra

    hitendra MDL Member

    Dec 21, 2007
    110
    2
    10
    Typically harddrive is segmented in two or three volumes. If any volume has been removed by using Diskpart then it can not be access either by My Computer or any method of mounting that volume. If after this process a computer got inflicted by a virus than is it possible that the removed volume can also be inflicted?
     
  2. stayboogy

    stayboogy MDL Addicted

    May 1, 2011
    716
    116
    30
    #2 stayboogy, Jun 20, 2011
    Last edited: Jun 20, 2011
    more likely an mbr infection

    mbr infections can reside not only on the boot partition, but also in the first sector of any partition created, thus surviving a partition deletion / format. this is i know from experience to be true.

    if you have been infected with such just salvage what you can from the hdd, then create your partitions as normal. then use a recovery console disk from XP (easiest way in my opinion) and run "fixmbr \Device\Harddisk\Partition" using the proper syntax for each partition and drive. example--first partition on first hdd would be: fixmbr \Device\Harddisk0\Partition1

    you can get the proper syntax by first using the "map" command once logged into the recovery console. after doing this for every partition and drive do a complete format / wipe of the drive(s) and all should be well. in rare instances you will not have to format the whole drive but it is better to do so anyway.

    i just recently got rid of some persistent infection that was residing in some mbr of the hdd even after multiple formats and wipes, and it required doing all of the aforementioned, and now there is no infection... mine was an alureon.dos infection that injected a trojan to pagefile.sys every boot in both win 7 and xp. every time fixmbr was run, recovery console alerted me of "unknown" code in the mbr's of every partition i had, so it wasn't limited to the boot partition/drive.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...