We help IT Professionals succeed at work.
Get Started
RootKit ZeroAccess. Hidden partition question.
I Just removed ZeroAccess RootKit from a Dell Dimension using ComboFix.
Some research while CF was doing it's thing disclosed that ZA creates new partitions hidden from the user in which to hid itself. I booted the machine with Partition Commander, and it displayed the disk as follows:
A gray sliver at the top: 7 MB, gray = Free
Most of the cylinder Maroon (= NTFS) 74.47 GB
A Blue sliver at the bottom (= Other, unix etc) 31 MB
Overall size of Drive 0 displayed at 74.5
Since the displayed size is close to 80 I'm asusming it's an 80 GB HDD.
If there is a hidden partition, it it the difference between 80 and 74.5 GB?
What might the Blue (= other) 31 MB sliver be?
Could it be related to Windows Recovery or is it too small to be that?
Should I just remove it?
Is there anything I can do to discern whether there is a new hidden partition that is harboring the RootKit?
Some research while CF was doing it's thing disclosed that ZA creates new partitions hidden from the user in which to hid itself. I booted the machine with Partition Commander, and it displayed the disk as follows:
A gray sliver at the top: 7 MB, gray = Free
Most of the cylinder Maroon (= NTFS) 74.47 GB
A Blue sliver at the bottom (= Other, unix etc) 31 MB
Overall size of Drive 0 displayed at 74.5
Since the displayed size is close to 80 I'm asusming it's an 80 GB HDD.
If there is a hidden partition, it it the difference between 80 and 74.5 GB?
What might the Blue (= other) 31 MB sliver be?
Could it be related to Windows Recovery or is it too small to be that?
Should I just remove it?
Is there anything I can do to discern whether there is a new hidden partition that is harboring the RootKit?
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE