Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


A Weird Partition.. (------- Partition B6 114471 MB Free Space)

  • Please log in to reply
1 reply to this topic

#1 irishmantx


  • Members
  • 20 posts
  • Local time:04:40 AM

Posted 14 February 2014 - 03:40 AM

Dear Group,


  I am writing to let you know, perhaps as far back as 2011.. I got three hard

drives with this 'odd' ( ------- ) partition that shows up when I was using

Copy Wipe 1.14. It appears on ALL of the IDE hard drives I have used this

program from a BOOT CD and I am unable to remove, delete (F6) the

mysterious impervious to DEBUG command partition killer. I have

tried the DEBUG subroutine with no effect, and even this computer I am

reporting this also has the similar virus/worm infection. I don't know

if this is the w32.lecna.h or mutant variant. It does show the RECYCLER

and the System Volume Information on both drives. I also notice the

CMDCons on my back up drive D: with my storage stuff.


I used Copywipe 1.14 and found this mysterious partition that

can not and will not be removed, and used the program to find

similar instances on my other hard drives. I press F4 to remove and

it won't remove. Oh well.. has anyone found the same instance on

SATA drives and using Windows 7? 


I hope there is a cure for this.. I don't want to lose my data and pics.

I wish there is a BOOT CD to purge this w/out losing data.




Aliases: W32/Lecna.A Worm
Variants: W32.Lecna.H, W32.Lecna.C

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 31 May 2006
Damage: Medium

Characteristics: W32.Lecna.A is a worm. It spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow described in Microsoft Security Bulletin MS04-011). The worm opens a backdoor and downloads remote files. It also uses a rootkit to hide its presence on the infected computer.


BC AdBot (Login to Remove)




    Malware hunter

  • Security Colleague
  • 1,662 posts
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:40 AM

Posted 14 February 2014 - 04:12 AM



You need elevated help with tools than can’t be used in this section!  


Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic.



But if you are sure that this is  W32.Lecna.A !! 


Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users