Adlice forum

General Category => Malware removal help => Topic started by: jared5050 on October 24, 2015, 09:43:34 AM

Title: Very Sophisticated Rootkit probably in BIOS -- Need Help
Post by: jared5050 on October 24, 2015, 09:43:34 AM

IAT Hooks - Firmware Level Rootkit
First time using RogueKiller and FRST.  I have been trying to get rid of this rootkit for over a month.  It has infected my laptops, desktop, android phones (HTC 4.3 and Moto 5.0), and iPhone (5s).  Laptops incude Mac OS X, Windows 7 Enterprise, Windows 10 64bit, Ubuntu 14.3 and 15.  I reformatted from live USBs and re-imaged multiple times.  Rootkit seems to be resident in Bios. I've tried Secure Wipe of drives and resetting CMOS.  I have ran Combofix, TdsKiller, Mbam, RkHunter, ChkRootKit, Sophos Mobile, HitmanPro, and many others and they have found some elements of the infection, but were unable to clean the unmounted and hidden partitions as well as the firmware hook that is allowing the infection to return. 
I have attached my RogueKiller and FRST files.  Any help would be appreciated.

Title: Re: Very Sophisticated Rootkit probably in BIOS -- Need Help
Post by: Curson on October 26, 2015, 02:32:28 PM

Hi jared5050,

Welcome to Adlice.com Forum.
Please delete the following file if present :

Quote

C:\Windows\System32\drivers\TrueSight.sys

The report you posted was generated with the beta version of RogueKiller .
Please download RogueKiller (64 bits version) (http://www.adlice.com//?smd_process_download=1&download_id=2181), redo a full scan and post the report obtained in your next reply.

Regards.