Root kit removal from HHD/SSD

[A Bad Enough Dude]

I have a root kit on my desktop that redirects my browser to trovi.com. I've researched it extensively and tried every known solution to remove it, up to and including reformatting both my HDD and SSD. It persisted. I'm going to zero my HDD soon in hopes of eradicating it, but I'm afraid that it will remain because it's rooted into my OS which is only on my SSD. Does anyone have experience with this or any other persistent rootkits? Any suggestions or guidance at this point would be greatly appreciated.

 

[tiny voices]

So you have completely reformatted the HDD and SSD and then reinstalled Windows and it is still there?

 

[Paul NZ]

Run tdsskiller on it.

If it picks anything up select cure then reboot http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

 

[A Bad Enough Dude]

Yes, I have completely reformatted both drives, then reinstalled Windows from a disk, and it's still there. I've used every free anti virus program I can find, and nothing has worked yet

 

[Paul NZ]

And did you run tdsskiller its for rootkits

 

[tiny voices]

Do you have any other computers on your network, wired or wireless? Even a phone/ipod/ipad anything like that.

 

[A Bad Enough Dude]

Yes, I've run tdss killer, it didn't work. Yes, there are two phones and a laptop on my network

 

[tiny voices]

You need to remove ALL internet connections from the computer and try again with the reformat and reinstall. DO NOT connect ANY type of internet to the machine at all and see if the rootkit is still there. If it is NOT there this time, we have BIG problems on our hands.

 

[Paul NZ]

*

 

[Paul NZ]

Well most places say its a browser hijacker, which can act like a rootkit. It doesnt mean it is one

 

[tiny voices]

Try a new HDD. It might be time to smack the HDD/SSd with a hammer and start fresh.

 

[A Bad Enough Dude]

My biggest question is if the problem is in my SSD. If I zero my hard drive, it should be ok, but I'm not entirely sure how to fully wipe a solid state drive since its digital. Even if I get a completely new hard drive, will I need a new SSD as well?

 

[tiny voices]

If the OS was installed on the SSD, that MUST be replaced as well.

None of the other devices on the network have this issue?

 

[A Bad Enough Dude]

No, nothing else had been effected. I haven't turned my desktop on since the wipe/reload of Windows. Just got a bit of advice from a micro center chat about flashing the BIOS, which I'll explore tonight. Hopefully I won't have to replace the mobo, hdd and ssd, which is what it's looking like right now.

 

[Paul NZ]

Flashing the BIOS wont fix this prob

 

[A Bad Enough Dude]

Why not?

 

[tiny voices]

Agreed. Flashing the BIOS will do nothing. It does not reformat or change anything. The rootkit cannot be "stored" on the motherboard.

 

[Paul NZ]

You didnt get anything from cnet did you??

Because this site will give you ad-infested downloads, if youre not careful. inc programs that install rubbish that redirect you to trovi.com

And it looks like people using Chrome had the same prob. This thing is like a malware magnet !

If youre going to cnet.com. download.com or filehippo for files, AVOID all of them. They'll give you downloads with malware in the installers

So if you installed Chrome after reformatting , I wouldnt be surprised if thats where it came from

 

[A Bad Enough Dude]

I installed chrome after reformatting, but I got it directly from the Google website. The root kit came from a family member stupidly downloading some movie player, I'm not sure where from. The point is that I'll try anything to fix it. So if flashing the BIOS, then reformatting again is with a shot, I'll take it.

 

[tiny voices]

It won't do anything. I would try to zero the HDD and then install windows to the HDD and forget the SSD for now. If that works. throw the SSD away and LABEL IT AS VIRUS CONTAINING and buy a new SSD.

 

[Paul NZ]

I still doubt thats its a rootkit. Its probably some malware/adware you installed from somewhere. Or from some drive by site

 

[A Bad Enough Dude]

Paul, regardless of what it is, it's survived a full reformatting, plus every free anti virus tool available. I just want it gone

 

[Paul NZ]

Like I said I doubt it

 

[A Bad Enough Dude]

.......you're not helping. The point isn't what it is, it's how to get rid of it. What can survive a zeroing out? If it does, that's out question. If not, it doesn't matter

 

[tiny voices]

If it survives zeroing out then we need to look at your network as another one of your devices could have a bock door installed by this thing.