Some advanced malware, like the "MBR rootkits" of the early 2010s (e.g., Rovnix or Olmasco), hide their payload in sectors that the operating system does not traditionally map to files. Antivirus tools cannot see these sectors because they are below the file system. By booting into a Live USB environment and running Ultrasptool, you can overwrite sectors 0-2048 manually, obliterating the malware before reinstalling the OS.
| Feature | Ultrasptool | HxD (Freeware) | dd (Linux) | WinHex | | :--- | :--- | :--- | :--- | :--- | | | Yes (SATA/NVMe) | Limited (Logical only) | Yes | Yes | | Sector remapping | Yes | No | No | No | | Bad sector skipping | Advanced (Pattern fill) | None | Basic (conv=sync,noerror) | Advanced | | RAM editing | No | Yes | No | Yes | | Scripting | Full batch scripts | None | Shell integration | Script engine | | Price | Paid (One-time license) | Free | Free | Expensive subscription | ultrasptool