Getting rid of a root kit on RAID Drives

Posted on 2009-02-18
Last Modified: 2012-05-06

Now that many workstations are coming with RAID-1 mirrored hard drives, taking them offline to get rid of rootkits have gotten more complicated. I have a RAID-1 computer that has a particularly awful rootkit. I'm going to rebuild it, but if it was just a single hard drive, I'd take it out, connect it to my own computer and run scans on it that way. What's the comparable practice if you're dealing with RAIDed disks. How do you interact with them without booting into their OSes?
Question by:jennx
    LVL 27

    Accepted Solution

    Boot time scanning may be what you need.
    There was a similar question posted here regarding boot time scanning.
    LVL 9

    Expert Comment

    If it is a hardware raid then you have your utilities available like NVIDIA which will allow you to remove the partition and then you can configure it as non raid parition and work with it

    if it is software then go to recovery console run fixmbr to write a new boot sector, this will create new setup, format will not overwrite this.

    hope this helps
    LVL 10

    Assisted Solution

    You can also use an imaging utility such as Norton Ghost to clone the RAID partition to a standalone drive, then scan that drive in another computer.


    Author Comment

    Thanks, David-Howard. I used UBCD4Win and was able to get rid of the infection. I gave points to TekServer too, because I could see doing that as well. But UBCD4Win is awesome.
    LVL 10

    Expert Comment

    > I gave points to TekServer too

    Thanks, but unless I missed something, I think you forgot to actually close the question.

    LVL 10

    Expert Comment

    Thanks!  Glad we could help.


    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
    How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
    This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
    This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now