I was curious to test what Horus37 said happened to him. I am a bit curious why he never responded to my question of where I can find this software, but...

I simulated the situation with Acronis True Image. It's secure zone is a hidden partition just lilke the partition on my ThinkPad so it's a reasonable test. Also I tested with ReturnIL as opposed to Powershadow, as both are similar products but I feel Returnil is more promising just because of support. Also note the c: drive was a 20G drive one partition of 19.9g and 7 mg left over.

First Rollback. The initial install of ATI was a non event. THen I went for the secure zone. Acronis sets it up and then reboots and builds the secure zone at the same point in the boot that chkdsk would run. All seemed okay although the secure zone activation wouldn't. Then I looked at the Disk Map.
Hmm, it showed just one full partition like I started with but only 10.1 gig. Hmm clearly something went wrong. Also trying to boot between Rollback snapshot was not good. Boot and mbr errors, although I did get into other snapshots. Finally I rolled back into the snapshot I started with, which got rid of Acronis in its entirety. Boot problems were gone, and looking at the disk map, I had my single 19.9g partition back. Although doing this made a mess of stuff Rollback recovered nicely.

Returnil. My first effort was a duh exercise. I turned on the protection and installed ATI, and rebooted as it called for. Yep a good laugh, as Returnil did exactly as promised. Second time I installed ATI and rebooted and then turn on Returnil protection. Then I ran the Setup and activate the Secure zone wizard. Of course it needs a reboot and I did so. Never saw ATI go thru the partition stuff. When I was back in windows it was just like I started. Nothing happened. THis suggests it would have survived the HP thing.

Horus if you are out there, where can I get the HP program.

Pete

Got across this website (http://group.zol.com.cn/15/16_144891.html) and remembered this thread.

since you cannot download HP Backup and Recovery Manager officially from HP, the above link might help.. :)

Hi Pete, thanks for the test. Which version of PS did you use? I'm asking because 2.8.2 is suppose to protect the MBR like RVS does. I'm not sure if the MBR has anything to do with it or not.

I want to add that I really like RVS and I'm glad they are continually working to improve it and the support from Mike has been top notch. Returnil seems committed to making a great program even better.

Cheers, innerpeace

-{ Quote: "I was curious to test what Horus37 said happened to him. I am a bit curious why he never responded to my question of where I can find this software, but...
Pete" }-
Wondered here as well, seeing you did ask him in several posts for the download link which he seemingly ignored or maybe just missed it.

I tried to instigate a ghost image with ng2003 from within PS mode and it went through the motions to reboot into dos but it just booted straight back to windows.

Have updated to Vista now with ng2003 and ps being incompatible so using Returnil which seems to be working fine.

Yet to decide on another image app but will probably go for Paragon.

-{ Quote: "Hi Pete, thanks for the test. Which version of PS did you use? I'm asking because 2.8.2 is suppose to protect the MBR like RVS does. I'm not sure if the MBR has anything to do with it or not.

I want to add that I really like RVS and I'm glad they are continually working to improve it and the support from Mike has been top notch. Returnil seems committed to making a great program even better.

Cheers, innerpeace" }-

Hi Innerpeace.

To tell the honest truth, I don't remember. Someone sent me a link, so I suspect it was 2.6.

Pete

I know this is off-topic but I'm still wondering about the Horus saga; did he ever manage to 'nuke' the hidden partition?

-{ Quote: "I know this is off-topic but I'm still wondering about the Horus saga; did he ever manage to 'nuke' the hidden partition?" }-

I honestly don't know. Do a thread search.

To Peter2150 I have a test for you if you interested. Use PS 2.82 in full shadow mode or Returnil which ever you want, turn on the protection. Next use Sector Editor v1.05 by Julie Lau, Then do a sector fill for the whole drive or partition make sure the tool is not in read only mode and see what happens. ;D be sure you got backups and you can recover. Just a thought imagine code ever gets past your HIPS and malware that has ability like this tool ever runs kiss your data good bye, thank goodness for back ups and recovery software.

-{ Quote: "I honestly don't know. Do a thread search." }-

Hi Peter, I reread all the threads relating to the Horus story the other night. He doesn't tell us how he got on or if his attempts at removing the hidden partition were successful and I for one would like to know.

No I felt it was not necessary to try to undo the hidden partition area created since the change was permanent on my system using PS 2.6 which does not protect the MBR. I haven't tried this with V 2.8 nor returnil since I haven't been able to get into the HP website deep enough to get the software program again. Although I have an HP evidently the software is for the business line and your computer must NOW pass a scan test to make sure your computer is an HP and the model that goes with this software. Someone must have complained to HP besides me and now they are being restrictive with their software. I was looking for an updated version of some of my software and found that some of the software on the business line of their PC's seemed to have a more up to date version so that is how I found the previous software. Now you can't just go browsing around their website with first passing their scan test to prove your computer is an hp and a model that goes with the software they offer. Regardless, knowing that v 2.6 does not protect the MBR is enough concern for me now. Returnil does but they have issues with defragging now that they need to figure out before I'd consider using it. Flinchlock also found that a low level disk editor also is able to bypass powershadow. Granted these programs are fairly big and obvious unlike software that tries to act like malware. In the end I had to rebuild my system. I didn't want the HPA on my system.

-{ Quote: "To Peter2150 I have a test for you if you interested. Use PS 2.82 in full shadow mode or Returnil which ever you want, turn on the protection. Next use Sector Editor v1.05 by Julie Lau, Then do a sector fill for the whole drive or partition make sure the tool is not in read only mode and see what happens. ;D be sure you got backups and you can recover. Just a thought imagine code ever gets past your HIPS and malware that has ability like this tool ever runs kiss your data good bye, thank goodness for back ups and recovery software." }-

Does the editor work in windows, and do you have a link. I'll give it a play in my VM machine, which is a perfect simulation.

Pete

@peter2150

the link to SectorEditor v1.05 was given here :
http://www.wilderssecurity.com/showthread.php?t=177583&highlight=Sector+Editor+v1.05

but it seems down :(

-{ Quote: "Hi Innerpeace.

To tell the honest truth, I don't remember. Someone sent me a link, so I suspect it was 2.6.

Pete" }-
Thanks, if you didn't have to swap the language files, it was probably 2.6.

innerpeace

-{ Quote: "@peter2150

the link to SectorEditor v1.05 was given here :
http://www.wilderssecurity.com/showthread.php?t=177583&highlight=Sector+Editor+v1.05

but it seems down :(" }-

Thanks, but it is still down. Oh well.

-{ Quote: "Does the editor work in windows, and do you have a link. I'll give it a play in my VM machine, which is a perfect simulation.

Pete" }-
Actually Peter2150 its a low level tool that will make changes and it dont matter if you in a virtual enviornment it has access to the actual HD welll in your case it would be the virtual file acting as a partition maybe but best be careful with it
though I'm not sure how the tool is going to act in a VM.

-{ Quote: "Actually Peter2150 its a low level tool that will make changes and it dont matter if you in a virtual enviornment it has access to the actual HD welll in your case it would be the virtual file acting as a partition maybe but best be careful with it
though I'm not sure how the tool is going to act in a VM." }-

I can't find the editor so it's a mute point. The VM virtual machine disk act exactly like a real disk, which makes them great for testing this stuff. Best part is you can take a snapshot, destroy the disk, and the revert back to the snapshot and all is fine. Wonderful for testing and watching the affects of certain actions before trying them on the real disk.

Pete

the link appears to be working again. Peter2150 if you want i can upload the program to rapidshare and post the link in the forum or pm it to you (if you still want to test it). i wonder how deepfreeze and sandboxie would fare vs this test. any users here with test machines and use these apps? i'm gonna email the geswall people the program so they can test it vs geswall.

-{ Quote: "the link appears to be working again. Peter2150 if you want i can upload the program to rapidshare and post the link in the forum or pm it to you (if you still want to test it). i wonder how deepfreeze and sandboxie would fare vs this test. any users here with test machines and use these apps? i'm gonna email the geswall people the program so they can test it vs geswall." }-

Sure I'd be interested. I'd PM it as opposed to posting.

Pete

kk i sent you the pm with the link. if anyone else wants it for testing purposes tell me i'll pm it to you too.