I suspected a rootkit infection on my computer and used Active@ Killdisk from LSoft to completely wipe the drive. The wipe itself seemed to go fine, but after it was finished, I opened up Active@ Partition Manager, and its showing a 3MB partition labelled BOOT(X:) is still on the drive. I got some help from another forum, but so far this partition has proven just about impossible to remove.
So far it's survived:
Killdisk - full wipe
DBAN "Quick" nuke that took 3 hours
DBAN "Autonuke" that took 10+ hours
Multiple "Clean all" commands in Diskpart (the partition doesn't show when you list partitions)
Attempts to write zeroes manually using a disk editor
I've used Hdat2 to check if there were HPA/DCO areas on the drive, but the program says there are not.
The partition does not show in Linux Parted Magic, or in Windows 7 Partition Manager, or in the Windows 7 setup. So far, the only partition manager that I've used that seems to see it is LSoft's Active@ Partition Manager.
Googling hasn't turned up much, except for a few references to the "Alureon" rootkit, which seems to work by creating a small hidden partition and then booting the computer from there:
I'll attach a screenshot. Please help
PartManager.JPG 113.19KB 1 downloads