Malware and some User profile folders redirected to my E: drive

Question

In my Windows 7 install, I partitioned my hard drive into C: and E: and I redirected the following folders from my User profile folder to E:

• Application Data
• Contacts
• Desktop
• Favorites
• My Documents
• My Music
• My Pictures
• My Scans
• My Videos

My User profile folder itself, along with the rest of its contents, is/are still on c: in their original locations. Also, my FF profile folder is on E:.

The beauty of doing this is that I can restore images of c: without affecting the data in the folders I put on E:.

I know most malware installs to, and lives on, the System (c:) partition, so that when I restore an uninfected image to c:, those infections are magically and perfectly healed.

My question is, other than malware that runs as I open an infected file (like MS Office, pdf, exe, etc), are there other kinds of malwares that could reside/hide in one of the folders on E: (so that they would survive after I restored an uninfected image to C:)?

Also, for malware types that actually install/place infection files around a computer, does anyone know of any that would automatically place any of its files into any of those folders I redirected to my E: drive?

Update: I edited to list the exact folders redirected to e:

Update 2: Anyone else know of any malware like I'm asking about?

Answer 1

Malware can live pretty well anywhere:

• On your system partition.
• In your user files.
• Outside the partitions (unused sectors, or boot block).
• Flash memory (including BIOS).

However it is a good idea to split your data as you have. This allows you to restore the system and user data separately. Windows makes it difficult to move all user data to somewhere other than C:. The user profiles and related data will likely remain on C:. You may want to prepare recovery (migration) images for the users on a periodic basis.

Answer 2

2 of the best Malware scanners out there

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

The free version of MBAM has to be updated manually before you scan, If you get the paid version it does it automatically and has active protection.

Answer 3

Where malware lives on my computer?

The answer is simple, malware lives when you run it.

Where can it be run?

• Automatically, by the locations listed in Autoruns.

• Manually, if you run it yourself.

A good on-access virus scanner and being smart prevents both ways.
The only thing that goes around this is a root kit, but they are less common...

---

The beauty of doing this is that I can restore images of c: without affecting my data on E:.

From a restore perspective that statement holds, but it doesn't prevent malware from affecting E:.

You may want to be able to restore your data too if malware infects or destroys it...

Answer 4

This is just an example for your concerns,
Worm:Win32/Lefgroo.A.

The critical point is, if you leave the 'Documents and Settings' folder on your 'C:\' drive, your backup will carry your login environment (firefox profile, for example). So, when you want to 'recover' from an infection from your image, you will lose all your changes since the image was updated.

On the contrary, if you keep regular images, you will backup the malware too. :-(

To start your war against malware, look at this Microsoft Malware help page:
What can I do to prevent my computer from becoming infected?

Some other things you can keep handy

1. Safernetworking: Search & Destroy
2. Microsoft Windows Defender
3. An Ubuntu boot disk (LiveCD) with ClamAV
   Check this Windows edition of ClamAV or this LiveCD reference.