I have some sort of rootkit virus and am trying to remove it. What I've found using fdisk, is that there is a nested Dos partition on the drives and I get error messages such as the one listed below. I've tried removing the partition and wiping the drive clean but it doesn't seem to be doing the trick.


Can some one explain what is causing the error message seen below, "Partition 1 does not start on physical sector boundary" and how to fix it?

Note: This error is not specific to this particular partition and I see this regularly on any/all partitions that are infected.

Disk /dev/sdd: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 556FFDCD-407A-11E9-9D47-704D7B8B21E8

Device     Start        End    Sectors   Size Type
/dev/sdd1     34      32767      32734    16M Microsoft reserved
/dev/sdd2  32768 1953523711 1953490944 931.5G Microsoft Storage Spaces

Partition 1 does not start on physical sector boundary.
  • How are you using Microsoft Storage Spaces with Linux? For removing a rootkit virus the safest is to format the disk. – harrymc Mar 9 at 19:24
  • @harrymc LOL...no, I'm not using MS storage spaces with Linux this was captured after booting to a live USB. Formating the drive is not removing the rootkit and I keep getting this and other errors related to the partitions and disk label. – blackpine Mar 9 at 19:39
  • @harrymc Yes, that is a very good post and I have read it but more to the point of the question with respect to this partition falling outside of the physical boundary......do you happen to know what that would indicate? I have also seen, using fdisk, partitions created within partitions if that makes sense. For example, I will have /dev/sdd1p1 and /dev/sdd1p2 or similiar occurances with /dev/loop0p1 and /dev/loop0p2 when booted to a live USB. – blackpine Mar 9 at 19:48
  • @harrymc Also, I have a zero byte partition on every USB I have that I believe is also related to this question and another I've asked, titled "How to Remove an Undeletable, Zero Byte Partition at sector 0 on USB Thumb Drives", which was marked as a duplicate and referred me to the same post you did. – blackpine Mar 9 at 19:54

