Question

My Father's XP PC has new partition that appeared out of no

I was going to just delete it but then I thought more investigation would make snese. I have no idea how this partition was created, but I know my Father couldn't have done it. This sounds like some sort of virus. Any help would be greatly appreciated.

Discussion is locked
Follow
Reply to: My Father's XP PC has new partition that appeared out of no
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: My Father's XP PC has new partition that appeared out of no
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
More details

You do have a running history of this PC, you know what should be there. Sometimes, using more PC utilities finds things not known or they had been meant not in some narifous action but present in some benign way. Have you looked into that partition? Also, understand some hidden partitions are also known as "OEM recovery/restore partition" but you lacked all details of your father's PC.

tada -----Willy Happy

- Collapse -
He PC already had C and D (recovery) drives.

This is an additional partition of about 3.5 gigs that we are not able to view. When right clicking an option to delete this "new" partition is available. I was very tempted to just delete it, but decided to dig a little deeper, just in case. Hi PC is running slowly even after I cleared history and temp files etc.

After opening "My Computer" I can see both the D and C partitions , but can't see this new partition until I go into Disk Management

Thanks, JF

- Collapse -
Re-allocate or just delete

I've seen this when users upon a new install and telling the system what partitions they wanted. They provide the numbers manually but didn't cover the full HD usage, the remaining became unallocated which is why it can't be used until done or properly done. It maybe just an empty space for that small amount or its a "corrective area" that whatever the OEM install was generated. What you can do is re-allocate it back into the last drive, "D", if this is "E". Thus, use disk manager to make this so. It should also explained(disk manager) if it was "allocated" at all. XP installed systems can have some older going-ons that perplex things, so I don't consider anything malware. -OR- just delete it after you safeguard any critical data???.

IMHO, I would just leave it alone. As I stated XP tends to makes some items in order for it to work, or its an OEM supplied function. If you go at this whole hog, then totally wipeout the HD and reload the XP from scratch as yet another method to clear this.

tada -----Willy Happy

- Collapse -
Addenum...
- Collapse -
Not so fast.
- Collapse -
Malware, has to be shown as such

I stated to inspect the contents or just see what's there. However, XP installs can make hidden partitions on its own accord, especially OEM installs. If this is a new malware, then yeah, but I would think some AV scan or similar can help in these regards. I tried to cover all bases, not leaving malware out, but a rootkit is a more hideous attack of it' own. It still makes sense to know what's in the partition. So far that info hasn't been forthcoming. -----Willy Happy

- Collapse -
Answer
I've seen this.

After the user ran a registry cleaner. They had inadvertently removed a registry entry that hid the recovery partition.

Next they deleted the partition and then discovered the factory restore would not work. When they asked how to fix it, they were mad at everyone because there is no known cure short of returning the computer to the maker.

There's a lesson in there somewhere.
Bob

- Collapse -
Rootkit creates partition

I am glad you posted a link to that article. I have been stuck with this rootkit for over 4 years and CAN NOT seem to get rid of it. Also, even computer techs can't seem to find A PROBLEM. It requires an advanced (extreme) who is familiar with this type of invasion.

Once I acquired this rootkit, it somehow seemed to apply itself to ALL other computers (3) in the house, including my ipad. My ipad reset button does not even allow a full reset. Certain things are blocked from a reset and any other changes. Their optiions seem to be grayed out where I can scroll over them but the option to change is not even a possibility - on MY gadget. I have had to accept the problem if i wanted to use the internet because I COULDN'T ESCAPE IT.

Every pc, laptop, ipad has been changed, they have no FACTORY restore, well I can restore but only to these 'kit conditions. Even bought new hard driveS and when turning ppc on for first time it was still affected. I thought maybe infared or invisible communicatiuons somehow. PC works, connect to net even with NO hard drives
=

- Collapse -
That's a little difficult to believe,

I very much doubt that a root kit designed for a PC would work on an iPad which uses a completely different OS.

You have, of course, told Apple about the unique problem. They would be very pleased to hear from the first, and only, iPad owner with a root kit installed.

P

CNET Forums