Root kit removal from HHD/SSD

A Bad Enough Dude · Oct 7, 2014

I have a root kit on my desktop that redirects my browser to trovi.com. I've researched it extensively and tried every known solution to remove it, up to and including reformatting both my HDD and SSD. It persisted. I'm going to zero my HDD soon in hopes of eradicating it, but I'm afraid that it will remain because it's rooted into my OS which is only on my SSD. Does anyone have experience with this or any other persistent rootkits? Any suggestions or guidance at this point would be greatly appreciated.

tiny voices · Oct 8, 2014

So you have completely reformatted the HDD and SSD and then reinstalled Windows and it is still there?

Paul NZ · Oct 8, 2014

Run tdsskiller on it.

If it picks anything up select cure then reboot http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

A Bad Enough Dude · Oct 8, 2014

Yes, I have completely reformatted both drives, then reinstalled Windows from a disk, and it's still there. I've used every free anti virus program I can find, and nothing has worked yet

Paul NZ · Oct 8, 2014

And did you run tdsskiller its for rootkits

tiny voices · Oct 8, 2014

Do you have any other computers on your network, wired or wireless? Even a phone/ipod/ipad anything like that.

A Bad Enough Dude · Oct 8, 2014

Yes, I've run tdss killer, it didn't work. Yes, there are two phones and a laptop on my network

tiny voices · Oct 8, 2014

You need to remove ALL internet connections from the computer and try again with the reformat and reinstall. DO NOT connect ANY type of internet to the machine at all and see if the rootkit is still there. If it is NOT there this time, we have BIG problems on our hands.

Paul NZ · Oct 8, 2014

Paul NZ · Oct 8, 2014

Well most places say its a browser hijacker, which can act like a rootkit. It doesnt mean it is one

tiny voices · Oct 8, 2014

Try a new HDD. It might be time to smack the HDD/SSd with a hammer and start fresh.

A Bad Enough Dude · Oct 8, 2014

My biggest question is if the problem is in my SSD. If I zero my hard drive, it should be ok, but I'm not entirely sure how to fully wipe a solid state drive since its digital. Even if I get a completely new hard drive, will I need a new SSD as well?

tiny voices · Oct 8, 2014

If the OS was installed on the SSD, that MUST be replaced as well.

None of the other devices on the network have this issue?

A Bad Enough Dude · Oct 8, 2014

No, nothing else had been effected. I haven't turned my desktop on since the wipe/reload of Windows. Just got a bit of advice from a micro center chat about flashing the BIOS, which I'll explore tonight. Hopefully I won't have to replace the mobo, hdd and ssd, which is what it's looking like right now.

Paul NZ · Oct 8, 2014

Flashing the BIOS wont fix this prob

A Bad Enough Dude · Oct 8, 2014

Why not?

tiny voices · Oct 8, 2014

Agreed. Flashing the BIOS will do nothing. It does not reformat or change anything. The rootkit cannot be "stored" on the motherboard.

Paul NZ · Oct 8, 2014

You didnt get anything from cnet did you??

Because this site will give you ad-infested downloads, if youre not careful. inc programs that install rubbish that redirect you to trovi.com

And it looks like people using Chrome had the same prob. This thing is like a malware magnet !

If youre going to cnet.com. download.com or filehippo for files, AVOID all of them. They'll give you downloads with malware in the installers

So if you installed Chrome after reformatting , I wouldnt be surprised if thats where it came from

A Bad Enough Dude · Oct 8, 2014

I installed chrome after reformatting, but I got it directly from the Google website. The root kit came from a family member stupidly downloading some movie player, I'm not sure where from. The point is that I'll try anything to fix it. So if flashing the BIOS, then reformatting again is with a shot, I'll take it.

tiny voices · Oct 8, 2014

It won't do anything. I would try to zero the HDD and then install windows to the HDD and forget the SSD for now. If that works. throw the SSD away and LABEL IT AS VIRUS CONTAINING and buy a new SSD.

Paul NZ · Oct 8, 2014

I still doubt thats its a rootkit. Its probably some malware/adware you installed from somewhere. Or from some drive by site

A Bad Enough Dude · Oct 8, 2014

Paul, regardless of what it is, it's survived a full reformatting, plus every free anti virus tool available. I just want it gone

Paul NZ · Oct 8, 2014

Like I said I doubt it

A Bad Enough Dude · Oct 8, 2014

.......you're not helping. The point isn't what it is, it's how to get rid of it. What can survive a zeroing out? If it does, that's out question. If not, it doesn't matter

tiny voices · Oct 8, 2014

If it survives zeroing out then we need to look at your network as another one of your devices could have a bock door installed by this thing.

Root kit removal from HHD/SSD

Reputable

Titan

Polypheme

Reputable

Polypheme

Titan

Reputable

Titan

Polypheme

Polypheme

Titan

Reputable

Titan

Reputable

Polypheme

Reputable

Titan

Polypheme

Reputable

Titan

Polypheme

Reputable

Polypheme

Reputable

Titan

Share this page