Spyware in "unpartitioned space"???

[Charlie C]

I've been trying to help a friend "clean up" his computer. We've tried every spyware cleaner you can name.

Finally we backed up his important stuff to another hard drive and did a clean install and DELETED the partition and then created a new partition during Windows XP Home install.

As you probably know, Windows XP still leaves a small unpartioned space when you create a partition. Could the problem be in there? Why do I ask?

We did the reinstall yesterday and it's back! It's putting messages on his desktop, "buy this program", "wanna get l**d", and other junk.

The way I figure it, there are 3 possibilities.

1) The "problem" is in that unpartioned space
2) It's somewhere in the backed up stuff that we copy back.
3) He's getting hacked constantly.

I'm thinking of doing another clean install and NOT copying back the backed up files for a week or so to see if that's the problem.

But I'm wondering exactly what's in that unpartioned space. Is the MBR still there after deleting all partitions? If so, is it safe to delete it? If so, how can I deleted it?
Thanks,
Charlie

[Big Booger]

I'd say the most likley cause is the backed up stuff. Try that first. The unpartitioned space that is about 7MB or so I believe is the space for the MBR. I wouldn't recommend deleting your MBR or your system won't boot.

[Charlie C]

I'm not familiar enough with the MBR. Are you saying that even if we deleted the partition using Fdisk, and then deleted the MBR, the system might not boot? But I tend to agree with your suspicion of the problem most likely being in the old data.

[Big Booger]

A little about the MBR:

Quote:

What is the MBR?

The MBR is the Master Boot Record.

The MBR is a small program which runs whenever a computer boots up.

The MBR is stored in the first sector of the boot disk.

The boot disk may be a hard drive, a floppy drive, or even a CD or DVD drive.
The Task of the MBR

The normal job of the MBR program is to search the partition table for the active partition, copy the boot sector from the active partition into memory, and transfer control over to that program.

If the MBR cannot accomplish this task successfully, it will print one of these error messages:

* Invalid partition table
* Error loading operating system
* Missing operating system

The MBR and Boot Sector Viruses

Some boot sector viruses overwrite the MBR.

If you believe this has happened to one or more of your disk, run an anti-virus tool to clean your disks.


FDISK /MBR

Under DOS and early versions of Microsoft Windows, it was possible to use the `FDISK /MBR` command to repair the MBR.

Unfortunately, FDISK was not terribly intelligent about the repair and this option would often cause more damage than it fixed. FDISK has been removed Windows XP.
FIXMBR

Microsoft Windows 2000/XP/2003 provide the `FIXMBR` command in the Recovery Console.

The `FIXMBR` command replicates the functionality of the `FDISK /MBR` command, along with it's associated problems.

Before attempting to repair your MBR, be certain to completely back up all of your data.

If the MBR is not available you will get an error message upon boot. You could have an MBR virus. If so, get a boot level AV disk and scan it.

[Charlie C]

Thanks for the info. I'll let you know how it all works out.
Charlie

[rik]

Quote:

Originally Posted by Big Booger

I'd say the most likley cause is the backed up stuff.

Agreed

[bhxtyrant]

I also agree,I have seen this problem many times before.If he has any sort of program files,e-mail files,or even some downloaded vid's i have seen all of these contain spyware/adware in one form or another.

Your best bet would be to run a full antivirus scan,adware/spyware scan on the backed up files before adding them back to the system.Shoulde catch it sometimes there are stubborn ones that are very difficult to get rid of.I managed to get rid of most ones i had before by using Eggheads spyware removal thread.