FLEXNET "rootkit" warning after grub2 reinstall

English Install/Boot/Login
1

Yesterday my main desktop/server at home wouldn’t go past the GRUB + blinking cursor at the boot screen. No idea what got it broken. An update, perhaps. It dual boots W7, but it’s been weeks since I boot on it, and it was running oS before turning off (to switch a monitor).

Boot rescue system on the DVD (13.2 64-bit), mount sda root, /proc, /sys, chroot, etc., based on caf4926’s article https://forums.opensuse.org/content.php/128-Re-install-Grub2-from-DVD-Rescue (thanks Caf, it was a life saver!), with the --bind mount option for /proc and /sys.

After grub-install I got this warning:

grub2-install: warning: Sector 32 is already in use by the program `FlexNet'; avoiding it.  This software may cause boot or other problems in future.  Please ask its authors not to store data in the boot track.

From FlexNet Publisher - Wikipedia

Issues with bootloaders
Due to the way the digital rights management (DRM) works in FlexNet Publisher, FlexNet affects bootloaders; this makes FlexNet Publisher incompatible with drives encrypted with TrueCrypt and renders Linux-based systems unable to boot. The Truecrypt developers also state that “the issue is caused by inappropriate design of the third-party activation software.”

A bit more searching and this site (with a spot-on name) comes up:

http://pissedoffadmins.com/general/usrsbingrub2-bios-setup-warning-sector-32-is-already-in-use-by-the-program-flexnet-avoiding-it-this-software-may-cause-boot-or-other-problems-in-future-please-ask-its-authors-not-to-store.html

Other references link this rootkit - because that’s what it is, even if not quite black hat - with Adobe and Autodesk products, but there’s none of this in W7, mainly it’s just firefox, steam and old games on CDs, and some comments online say it’s not steam. So it’s something else, or even (paranoid mode ON) something masquerading as it (paranoid mode OFF).

After some consideration, and not without some trepidation too, I decided to:

sudo dd if=/dev/zero of=/dev/sda bs=512 count=1 seek=32

And reinstalled grub a second time, now without the FLEXNET warning.

So, what I’d like to ask is:

  1. Is there a simple way to check for this kind of rootkit without the need to reinstall grub?

  2. Anyone had this experience? In a quick search I’ve seen references to it in these fora only as part of output listings.

Thanks,

Bruno

2

Just stumbled into this site, with a lot more info (and possibly how to uninstall FLEXNET): http://timtrott.co.uk/uninstall-flexnet-software-updates-manager/