Has anyone else seen this? This is the second time in 2 weeks that we've seen a new partition created by Alureon.E that stores the malware in separate 1MB location. Any ideas on how to clean this? You can see the partition under computer management/ disk management, but if you try to delete it, it throws an error.

For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. Regards, Miya Miya Yao TechNet Community Support

What software is giving you this message?

The base problem that Clay is seeing is a TDL4 bootkit infection. A very extremely serious malware which cannot be fixed (initially) whithin Windows booted off the HDD. Measures must be taken to boot off a CD then take a look at partitions on the HDD, properly reset the active/boot flag to the correct partition, then delete the bootkit partition. Again, you can't do any first fixes booted off your HDD Windows. For a reference on this malware, you can review this blog reference by negster22 http://secure-computer-solutions.com/blog/2011/11/a_new_tdl4_with_a_stealthy_new.html and if Clay is still around, I have not seen it first hand, however, I have helped 2 Windows users remove and resolve their issues. ref http://forums.malwarebytes.org/index.php?showtopic=103838&hl=&fromsearch=1 http://forums.malwarebytes.org/index.php?showtopic=103469&hl=&fromsearch=1 Maurice Naggar ~ MVP (Oct 2002 - Sept 2010)

Chuck, I was getting this error in MS Standalone System Sweeper, part of the MS DART 7 boot disk. Maurice. This picture was actually taken while I was booted to the CD. System Sweeper is basically Forefront/ MSE on a boot CD. I've been cleaning rootkits for years now, using System Sweeper, but this one was a little different in that it created it's own partition to store the malware. I was just wondering if anyone else had seen this before. Thanks for all of the responses! It was new to me. Clay

I have seen a fair amount of this lately too. I've also had to resort to making repairs while booted from DART and not the native system on the computer. So far I've had moderate success... /Tony

Tony, I take it you were able to do fixes with DART. (?) If not, I've had success using GParted Live CD to reset active partion & delete the hidden bootkit partition, using negster22's article as a guide. See http://secure-computer-solutions.com/blog/2011/11/using_gparted_to_edit_the_part_1.html HTHMaurice Naggar ~ MVP (Oct 2002 - Sept 2010)

Clay, the easiest way to resolve this is by going to 1. Start > right-click Computer > Manage > Disk Management. 2. Look for that partition without a drive letter then delete it. 3. Restart the computer then run a full scan again. Important note: Some cases result to a 'no boot' situation. Do this at your own risk.Val Ramirez

I'd note, that before deleting the "malicious" partition, make sure to identify & mark the partition that is supposed to be boot as Active, before deleting the malicious one.Maurice Naggar ~ MS-MVP (Oct 2002 - Sept 2010) DTS-L