Posted 01 December 2012 - 02:43 PM
I haven't paid much attention to the advancement in the rootkit wars, so I'm in need of an up to date sit rep on the battle(s).
I have a system with a rootkit that just won't go away, (I got it about two years ago, made a concerted effort to get rid of it then, and about a year later, but never did kill it). I was able to neutralize it by renaming the IE executable. Since I don't use IE, it was no big deal. The only residual was a gradual memory drain in one of the service processes, that made rebooting once a week necessary.
I was planning on taking another run at it this Winter, but Thursday night I performed a routine Window security update. I was reading an article while it was updating, and finished the article before rebooting. While I was reading the article, (and clicking reboot later), I lost Internet access. Didn't lose the page I was reading, but lost link function. I thought it was a Comcast router problem, but have since found something else.
It turns out my D-Link router quit working. When I bypassed it, I found I was infected with what appears to be the Blaster worm, (Sasser?). There's a variety of OS & Firefox dysfunction and I get the phony 'services.exe has stopped' error message and the 60 second countdown to system shutdown popup.
The bizzare part is the virus is NOT found by any AV software I have been able to run, online or stand alone, (most AV apps won't run). I downloaded Symantec's Blaster fix and it says the systems no infected. It gives all the symptoms of the Blaster worm, but it is not recognized as such, I'm beginning to think it's something new, based on something old. (If anybody wants more info, let me know.)
Anyway, I don't want to fight with this, I'm just going to re-install the OS. I configured this system in case this happened. It has a smallish IDE HD as the C:, with nothing more than XP SP3 on it. I have migrated all of the system files I can to an S: drive, (menus, desktop, quick launch, anything OS related I can move from C, I have moved). I don't install ANY apps in the Program Files folder unless it won't install elsewhere. In spite of that, the 10 gb drive is getting full anyway, (can we say M$ bloatware?), so I thought I'd nuke the drive and start over.
I've been reading there are some rootkits that don't go away with a reformat. How prevalent are these and should I just buy a new HD?
I have also been reading there are some rootkits that are getting into the BIOS. Will a BIOS flash nuke them?
Thanks, in advance, for any help or advice.