0

Background:

I have some sort of rootkit virus and am trying to remove it. What I've found using fdisk, is that there is a nested Dos partition on the drives and I get error messages such as the one listed below. I've tried removing the partition and wiping the drive clean but it doesn't seem to be doing the trick.

Question:

Can some one explain what is causing the error message seen below, "Partition 1 does not start on physical sector boundary" and how to fix it?

Note: This error is not specific to this particular partition and I see this regularly on any/all partitions that are infected.

Disk /dev/sdd: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 556FFDCD-407A-11E9-9D47-704D7B8B21E8

Device     Start        End    Sectors   Size Type
/dev/sdd1     34      32767      32734    16M Microsoft reserved
/dev/sdd2  32768 1953523711 1953490944 931.5G Microsoft Storage Spaces

Partition 1 does not start on physical sector boundary.
blackpine
  • 27
  • 7
  • How are you using Microsoft Storage Spaces with Linux? For removing a rootkit virus the safest is to format the disk. – harrymc Mar 09 '19 at 19:24
  • @harrymc LOL...no, I'm not using MS storage spaces with Linux this was captured after booting to a live USB. Formating the drive is not removing the rootkit and I keep getting this and other errors related to the partitions and disk label. – blackpine Mar 09 '19 at 19:39
  • Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](https://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – harrymc Mar 09 '19 at 19:40
  • @harrymc Yes, that is a very good post and I have read it but more to the point of the question with respect to this partition falling outside of the physical boundary......do you happen to know what that would indicate? I have also seen, using fdisk, partitions created within partitions if that makes sense. For example, I will have /dev/sdd1p1 and /dev/sdd1p2 or similiar occurances with /dev/loop0p1 and /dev/loop0p2 when booted to a live USB. – blackpine Mar 09 '19 at 19:48
  • @harrymc Also, I have a zero byte partition on every USB I have that I believe is also related to this question and another I've asked, titled "How to Remove an Undeletable, Zero Byte Partition at sector 0 on USB Thumb Drives", which was marked as a duplicate and referred me to the same post you did. – blackpine Mar 09 '19 at 19:54

0 Answers0