troubleshooting Question
RootKit ZeroAccess. Hidden partition question.
asked on
I Just removed ZeroAccess RootKit from a Dell Dimension using ComboFix.
Some research while CF was doing it's thing disclosed that ZA creates new partitions hidden from the user in which to hid itself. I booted the machine with Partition Commander, and it displayed the disk as follows:
A gray sliver at the top: 7 MB, gray = Free
Most of the cylinder Maroon (= NTFS) 74.47 GB
A Blue sliver at the bottom (= Other, unix etc) 31 MB
Overall size of Drive 0 displayed at 74.5
Since the displayed size is close to 80 I'm asusming it's an 80 GB HDD.
If there is a hidden partition, it it the difference between 80 and 74.5 GB?
What might the Blue (= other) 31 MB sliver be?
Could it be related to Windows Recovery or is it too small to be that?
Should I just remove it?
Is there anything I can do to discern whether there is a new hidden partition that is harboring the RootKit?
Some research while CF was doing it's thing disclosed that ZA creates new partitions hidden from the user in which to hid itself. I booted the machine with Partition Commander, and it displayed the disk as follows:
A gray sliver at the top: 7 MB, gray = Free
Most of the cylinder Maroon (= NTFS) 74.47 GB
A Blue sliver at the bottom (= Other, unix etc) 31 MB
Overall size of Drive 0 displayed at 74.5
Since the displayed size is close to 80 I'm asusming it's an 80 GB HDD.
If there is a hidden partition, it it the difference between 80 and 74.5 GB?
What might the Blue (= other) 31 MB sliver be?
Could it be related to Windows Recovery or is it too small to be that?
Should I just remove it?
Is there anything I can do to discern whether there is a new hidden partition that is harboring the RootKit?
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 17 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.