I am trying to track down the location of persistent malware and have found a small partition I am unable to remove along with some files that I can only see when I use SPFdisk (Free Dos). I have included a URL pointing to my Google Drive account where i have stored two photos for visual reference to my questions.
Questions
Can someone please explain the values listed under the columns "Type, Size, Date and Time" of the files autoexec.bat, MENU.bat and choice.exe (all labeled green/blue). Those three files are only appearing when I use this program and the rest can be seen in the root directory at the command line. I would very much like to remove them from my computer along with the fourth file (sigma)ENU.BAT which is also visible in this location only. I do understand that the last mentioned file is/has been deleted (not by me) and I assume the malware is recalling it using the function "undelete" or some similar variation.
The second photo is showing the attributes for 2/2 boot records on a 31Mb partition I can't seem to remove for the life of me. I don't understand the values shown, such as how many FAT copies there are, what the media descriptor is or it's role in the partition scheme, how many sectors per FAT and per Track, the sides per cylinder value, what the extended boot record signature is and what it is used for, the significance of the volume label and physical drive number values (these values seem abnormal) and most importantly, how can the hidden sectors listed be accessed for complete removal?
Due to the size limitation for uploading images, I have provided a URL to my google drive account where they are stored.
Root Dir Photo:
Boot Record Photo:
