• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 74
  • Last Modified:

Windows 7 - system partition changed filesystem from NTFS to RAW

Hi all,
in last few days I noticed strange behavior in one company. I manage IT there. They have about 100 client computers, most of them are Windows 7 Professional, the rest are Windows 10. Most of client computers are notebooks HP EliteBook.

In last few days on 3 notebooks appeared problem with booting. Windows did not boot and BSOD screen was shown. Error message was: "C0000135 Program can't start because %hs is missing. Try reinstalling the program...."

When i went into Windows recovery environment I noticed that system partition was changed from NTFS filesystem to RAW. Why? I don't know.

There is no hardware problem. Hardware test finidhed without any errors, after reinstalation notebooks works OK.

What is strange is that all 3 affected notebooks were bouhght in the same time (middle of 2014).

Windows 7 Professional, original instalation from HP, bloatware uninstalled (except HP Connection Manager and drivers). System partition is encrypted by TrueCrypt. There is centraly managed antivirus Avast, system is full patched from internal WSUS server.

Any ideas?

  • 2
3 Solutions
Tom CieslikIT EngineerCommented:
You have made the statement "RAW format" which is a false terminology.  If a hard drive, or partition, is listed as RAW that means it is not formatted or the format information in the partition table is missing.  You cannot do a RAW format.

You can have three RAW partitions on a hard drive.  RAW just means there are no entries in the partition table identifying the partitions as being formatted.  It does not necessarily mean the hard drive is blank just because the partition is being reported as RAW.

And, I seriously doubt that PGP had anything to do with this.  This could have been done by malware or it could have been done intentionally by a human being.

If all computers are the same, it can be a bug in controller firmware/driver or if all disk came from same production line/date, maybe it was some problem then.

It's hard to say
Dr. KlahnPrincipal Software EngineerCommented:
I agree with Tom's comments supra.  Since only three out of a hundred machines are affected, if there are more machines from the same production run that are unaffected ... that sounds like there is a destructive virus running around that blows out the file structure.

It's certainly possible that there is a hardware issue but it would be remarkable since the machines have shown no problems up to this point and then multiple instances occurred closely together.

It's also possible that (if the machines in question are so equipped) there is a rogue system on your network that has found out how to access the Intel Management BIOS and is having fun with that.  The IM BIOS has multiple security holes.
noxchoGlobal Support CoordinatorCommented:
Where exactly did you see that system partition was marked as RAW? You say
System partition is encrypted by TrueCrypt
and if you boot from a media which does not have TrueCrypt on it then the encrypted partition must look as RAW. Because it is encrypted.
Tom CieslikIT EngineerCommented:
Explanation provided. No more other questions from author
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now