Sunday, January 08, 2012

How To: Use GParted To Remove Hidden TDL4 Partition

These are based on the original instructions I created for a user on November 17th 2011, when we first started seeing this types of infections on the Malware Removal forums at MajorGeeks.

For those that do not know about the latest TDL4 infections, more can be read at: TDL4 Infection Update Win32/Olmasco MAXSS Pihar

I have updated the tutorial guide for the latest stable version of GParted v0.11.0-7. Also updated the instructions for clarity. Hope you enjoy!

Now boot off of the newly created GParted CD.

You should be here...

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Choose your language and press ENTER. English is default [33]

Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below:

According to your logs, the partition that you want to delete is XX MiB (XX MB)
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:

Now you should be here:

Is "boot" next to your OS drive? According to your logs, your OS drive is the XX GB sized partition.

If "boot" is not next to your OS drive under Flags, right-mouse click the OS drive while in GParted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:

 Now press the Close button to save these changes.

Now double-click the Exit button

Choose reboot and then press OK.

No comments:

Post a Comment