I Just removed ZeroAccess RootKit from a Dell Dimension using ComboFix.
Some research while CF was doing it's thing disclosed that ZA creates new partitions hidden from the user in which to hid itself. I booted the machine with Partition Commander, and it displayed the disk as follows:
A gray sliver at the top: 7 MB, gray = Free
Most of the cylinder Maroon (= NTFS) 74.47 GB
A Blue sliver at the bottom (= Other, unix etc) 31 MB
Overall size of Drive 0 displayed at 74.5
Since the displayed size is close to 80 I'm asusming it's an 80 GB HDD.
If there is a hidden partition, it it the difference between 80 and 74.5 GB?
What might the Blue (= other) 31 MB sliver be?
Could it be related to Windows Recovery or is it too small to be that?
Should I just remove it?
Is there anything I can do to discern whether there is a new hidden partition that is harboring the RootKit?
Our community of experts have been thoroughly vetted for their expertise and industry experience.