Drive partitions - how do they work?

DirtyDirtyVagrant

Hi guys!

If I create a new partition on my existing drive and move some things over to back them up, and then wipe the original partition and reinstall windows, will the virus that's fucking with my computer go away, or will it somehow follow all that stuff into my new partition?

Smasher

Short answer: If you only transfer data/documents/whatever with nothing that can be run by the computer (such as an .exe) you should be reasonably safe. Make the partition, transfer the files, wipe and reinstall on the main partition, install AV, scan everything on the new partition before you use it. It won't be guaranteed, but if you don't notice whatever symptoms led you to discover the virus in the first place you can be reasonably confident it's gone (presumably if the virus was made to be hidden it would have been sufficiently subtle that you never noticed it in the first place).

Longer answer: In order for a virus to do damage its code must be executed. The two ways to do that are to get a user to run an executable file with the virus in it, or to exploit a bug in a legitimate program that enables a specially crafted data file to screw up the flow of code and cause the computer to interpret data from the file as executable instructions (i.e. the virus). The second way is much more complicated, but any reasonably tech savvy user understands the danger of running executable files and so the second way has the potential to infect more computers.

Antivirus programs can scan documents for data that represent the virus's executable code when the computer is tricked into interpreting them as such. The reason the solution in the short answer isn't guaranteed is that some of the documents you transfer may have such a virus in them, and the antivirus programs you use may not have the corresponding signatures in their databases. If those things are both true then at some point you may end up opening the file(s) in question that will allow the virus to infect your computer.

DirtyDirtyVagrant

So there could even be malicious code in a picture or video file? How about a PDF?

Foomy

pictures or videos should be relatively safe, but pdfs definitely not. PDF's are one of the main ways that viruses use to infect systems, it just has sooo many bugs in the format. now as to the chance that your particular virus has infected your own documents is low, but it can happen.

DirtyDirtyVagrant

So merely having the file doesn't cause the virus to take hold? I actually have to run adobe reader and open that particular PDF (or whatever file in whatever program) before the viral code is executed?

Does that mean that I have to run them for them to have become infected in the first place? Sorry, I'm just trying to understand.

Foomy

infections happen a few different ways:

1. you open up some file that is a virus or has been infected with one
2. you go to a website and it uses an exploit in your browser to execute it's code and install it to your computer, this can happen from any website as a lot of malware developers use hijacked ads that get displayed to you even on a site you think would be "safe". this is probably the most common method today.
3. the virus on another infected computer seeks out other vulnerable machines by bascially just trying random ip addresses until it comes across a computer that has something vulnerable it can connect to and exploit into executing it's code.

some malware uses multiple methods to spread from machine to machine and try and infect as many files as it can on a computer to increase the chances to spread further, some just install and than do what they were made to do, never infecting anything else or trying to spread.

if it did infect say all the pdfs you currently had than you would have to open them yourself for it to install again and do it's thing, baring any sort of windows auto-execute or preview exploits, but those are rare.

your going to be 99% safe just copying over your documents to a new partition, wiping the old and than copying them back. just install some anti-virus software, than scan your documents to be sure before you move them back. MSE is really good and free: http://windows.microsoft.com/en-US/windows/products/security-essentials

bowen

DirtyDirtyVagrant wrote:

So merely having the file doesn't cause the virus to take hold? I actually have to run adobe reader and open that particular PDF (or whatever file in whatever program) before the viral code is executed?

Does that mean that I have to run them for them to have become infected in the first place? Sorry, I'm just trying to understand.

It's very rare to use non-executable code to hijack a system. It's hard to do, and easily patched. They spread rapidly though for obvious reasons.

In order to get infected from any sort of virus you have to run it, and the data needs to be in memory. What happens with pictures is generally there's a few parts in the picture that can be executed through some weird memory thing. These are mostly fixed and not as big of an issue anymore unless you're a grandma running Windows XP SP1 unpatched. Things like PDF are more likely than straight JPG to infect because you don't know how adobe handles the parsing, maybe it loads the first 18 bytes into memory, executes it... well if someone did that then tailed the PDF with their virus, they could execute any part of that PDF. This is the general school of thought on that.

There are ways to run viruses without your physical clicking on them. These, again, exploit weaknesses in software and OSs. Like outlook express had a nasty habit of executing MIME code. Things like this. This avenue for infection is terribly low, though, because you have to assume someone's using outlook express, or flash (this is a big vector for viruses actually -- UNINSTALL FLASH), or whatever.