Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistent rootkit


  • Please log in to reply
1 reply to this topic

#1 TwistedZombie

TwistedZombie

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 08 November 2014 - 03:49 PM

hi. this has been a on going problem trying to keep my pc secure from some persistent hacker/stalker. hopefully someone could help.
I have recently bought a new pc, I built it from scratch and installed a new oem Windows 8 os. everything was locked down and was just surfing the web, after a few days I did some checks and found a rootkit.
to cut the story short, I ended up selling my motherboard as it had built in Wi-Fi and Bluetooth which I didn't need and thought was causing the security problem.

anyway, I bought a new bog standard board, formatted my hdd with killdisk and started again. reinstalled my os did a scan and turned on auditing and I still have this kit loading.


my problem is a rootkit is being loaded from somewhere. I have used killdisk dos program to completely wipe my hard drive and mbr,fresh install, and again after a gmer scan rootkitv detected, looked in the registry from within gmer and can see all red folders relating to the rootkit.

if I reset the cmos on the motherboard it loads up to the splash screen then resets again, I have gone into the boot menu when this happens and its trying to load efi something or other?
not sure if this is where it's being loaded, not sure.
any help greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:10 AM

Posted 08 November 2014 - 09:33 PM

Hello TZ we need you to repost..

Please repost this in a new topic so we can get a deeper look.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.This tool needs to run while the computer is connected to the Internet. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users