0

Background:

I have some sort of rootkit virus and am trying to remove it. What I've found using fdisk, is that there is a nested Dos partition on the drives and I get error messages such as the one listed below. I've tried removing the partition and wiping the drive clean but it doesn't seem to be doing the trick.

Question:

Can some one explain what is causing the error message seen below, "Partition 1 does not start on physical sector boundary" and how to fix it?

Note: This error is not specific to this particular partition and I see this regularly on any/all partitions that are infected.

Disk /dev/sdd: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 556FFDCD-407A-11E9-9D47-704D7B8B21E8

Device     Start        End    Sectors   Size Type
/dev/sdd1     34      32767      32734    16M Microsoft reserved
/dev/sdd2  32768 1953523711 1953490944 931.5G Microsoft Storage Spaces

Partition 1 does not start on physical sector boundary.
  • How are you using Microsoft Storage Spaces with Linux? For removing a rootkit virus the safest is to format the disk. – harrymc Mar 9 at 19:24
  • @harrymc LOL...no, I'm not using MS storage spaces with Linux this was captured after booting to a live USB. Formating the drive is not removing the rootkit and I keep getting this and other errors related to the partitions and disk label. – blackpine Mar 9 at 19:39
  • @harrymc Yes, that is a very good post and I have read it but more to the point of the question with respect to this partition falling outside of the physical boundary......do you happen to know what that would indicate? I have also seen, using fdisk, partitions created within partitions if that makes sense. For example, I will have /dev/sdd1p1 and /dev/sdd1p2 or similiar occurances with /dev/loop0p1 and /dev/loop0p2 when booted to a live USB. – blackpine Mar 9 at 19:48
  • @harrymc Also, I have a zero byte partition on every USB I have that I believe is also related to this question and another I've asked, titled "How to Remove an Undeletable, Zero Byte Partition at sector 0 on USB Thumb Drives", which was marked as a duplicate and referred me to the same post you did. – blackpine Mar 9 at 19:54

Your Answer

By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.