Root kits, memory key, GPT partitions

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 11706
Joined: 24 Jan 2010, 23:23
Location: paused.undefined.exposed

Root kits, memory key, GPT partitions

Post by ChrisGreaves »

I found an 8GB SanDisk memory key this morning (in my desk, not on the street!) and remembered that I had previously had problems writing to it or reading from it.
I have installed EaseUs (I can't find the HelpAbour version screen but I d/l July 14th 2020 and the exe is 46,065KB) and since I have started looking at GPT thought to ask EaseUs to convert the memory key to GPT.

Microsoft Docs
recommended using DISKPART, so I did:-
Untitled.png
My memory key is labelled 8G, so Disk 2.
My older laptop (Toshiba Win7) has "encountered an error".

(1) Is this likely to be a root kit problem (malicious or not)
(2) If Yes, then maybe that has been the longer term problem wioth the memory key
(3) Otherwise, without one of those old super-powered electro-magnet devices,. what would be the best way to wipe, Wipe, WIPE stuff derom the key, throw a six and start again?
Thanks
Chris
You do not have the required permissions to view the files attached to this post.
More than the minimum is less than enough

User avatar
John Gray
PlatinumLounger
Posts: 4791
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Root kits, memory key, GPT partitions

Post by John Gray »

Did you "see the System Event Log for more information"?
You will also need to confront and answer the question, "Why are you doing this, Chris?"... :scratch:

If, instead, you want actual help, have a read through this TenForums discussion. And use Rufus if your end intention is to produce a bootable GPT USB Flash Drive...
John Gray

However far you try to push the envelope it'll always be stationery.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 11706
Joined: 24 Jan 2010, 23:23
Location: paused.undefined.exposed

Re: Root kits, memory key, GPT partitions

Post by ChrisGreaves »

John Gray wrote:
25 Jul 2020, 15:14
Did you "see the System Event Log for more information"?
No John; I did not.

Code: Select all

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTActiveProtection.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Which of these files should I examine (perhaps all of them), and how?
You will also need to confront and answer the question, "Why are you doing this, Chris?"... :scratch:
Because I have had problems with this 8GB Sandisk memory key in the past, when I used it on either a Library or Chamber of Commerce computer, so I am guessing that it has something nasty on it.
I figured just to use it as a data device, but that now would be a good time to wipe it clean of as much as I could.
Thinking that a new partition would be a good idea, I thought "GPT" since it is all the rage right now.

"de-gaussing tool", that's what i was thinking of. I used to swipe one across floppy disks to destroy magnetic recordings, back in the early 90s.
If, instead, you want actual help, have a read through this TenForums discussion. And use Rufus if your end intention is to produce a bootable GPT USB Flash Drive...
Thanks for this. I seem to have done nothing else but read through Win10 forums this past month.
I don't want to create another bootable GPT USB key; I have one now sitting on my 64GB key, as of this morning.,

Cheers
Chris
More than the minimum is less than enough

User avatar
Argus
GoldLounger
Posts: 2916
Joined: 24 Jan 2010, 19:07

Re: Root kits, memory key, GPT partitions

Post by Argus »

ChrisGreaves wrote:
25 Jul 2020, 20:05
John Gray wrote:
25 Jul 2020, 15:14
Did you "see the System Event Log for more information"?
No John; I did not.

Code: Select all

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTActiveProtection.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Which of these files should I examine (perhaps all of them), and how?
Via the Event viewer's System log ... I think that's best way. :)

(Either: Start > Run > eventvwr > Windows logs > System; or via Computer Management, for example accessed via: Right-click This PC/Computer in File Explorer or Start menu > Select Manage > Event Viewer > Windows logs > System.)

It could be that it stumbled on some kind of write protection (there are registry keys to check). Or it could be something else.
(A first quick thought, since quite some time ago, was that you wouldn't convert something that's cleaned, but apparently that's the way, according to MSFT.)
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 11706
Joined: 24 Jan 2010, 23:23
Location: paused.undefined.exposed

Re: Root kits, memory key, GPT partitions

Post by ChrisGreaves »

Argus wrote:
25 Jul 2020, 22:17
... (Either: Start > Run > eventvwr > Windows logs > System; or via Computer Management, for example accessed via: Right-click This PC/Computer in File Explorer or Start menu > Select Manage > Event Viewer > Windows logs > System.
Thanks John.
In the past I have used "Manage" solely to arrive at "Disk Management". The Ssyetem Event Viewre opens up a new world.
I have since used Rufus to purge the 8GB key, but the next time I have a problem I shall know to go into those voluminous logs straight away.

Although I confess that right now reading some of the explanations leaves my more puzzled than before.
Cheers
Chris
More than the minimum is less than enough