BleepingComputer.com: Question about rootkits

Is it possible for a refurbished/factory-reconditioned computer system to come with a rootkit infection? I purchased a refurbished laptop (IBM Thinkpad T43) from Overstock about 3 months ago, and have been having problems with it since. It did not come with any discs, and the first time I turned it on, it automatically ran an installation of Windows XP off the hard drive.

If Overstock will not replace the computer (I'm not too hopeful), I've already decided that I want to just reformat and reinstall the OS. Will this guarantee that the rootkit is gone, or is there a chance it will still somehow be in the system? Here's the original thread where I posted about this. Didn't get an answer to my last post there, so figured I'd try again. Using an old laptop now - haven't turned on the infected one since I realized how serious the problem was.

http://www.bleepingcomputer.com/forums/topic267026.html

Thanks!
Jennifer

Did they did a reformat and reinstall (clean install) the OS or just do a repair install? Reinstalling Windows without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards.

Any company that would sell infected machines would not be in business very long, so I doubt a rootkit was on the computer when you purchased it.

BTW, since you already were receiving help in that other thread, you should have continued there. You should not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. It appears I missed the notification on your last reply but you could have replied again to bring it back to the top. I have now closed that thread to avoid confusion.

I contacted Overstock.com's tech support, and they had me run IBM Restore and Recovery, which reformatted and reinstalled WindowsXP. I chose the settings to not backup anything, wipe all files, and restore to original 'factory condition.' This was done off of the computer itself since it didn't come with any discs. Do you think this will be adequate to get rid of the rootkit? How would I know? The tech support rep I spoke with wasn't specifically familiar with rootkits and said that she couldn't guarantee the problem was gone, but said that it "should" take care of it.

Since running the restore, I installed AVG and ZoneAlarm from previously downloaded files before even connecting to the Internet. Just connected to update both programs and run Windows Update. I'm hesitant to do much more with that laptop and am still using my old one. I'm also wondering if there is any risk to my old (clean) laptop since I use a wireless router to access the Internet with both computers. Maybe I'm just being paranoid now, but I obviously don't understand how viruses get onto computers and I have no idea how my new laptop got so many problems.

Thanks, and I'm sorry about the new thread - will make sure I continue in the same thread from now on.

Jennifer

Quote

That should work unless the recovery partition was infected which sometimes can occur. If you immediately become reinfected, you will need to recontact the manufacturer, explain what happened and ask them to send full recovery disks to use instead.

Quote

Read How Malware Spreads - How did I get infected