Author Topic: Very Sophisticated Rootkit probably in BIOS -- Need Help  (Read 4789 times)

0 Members and 1 Guest are viewing this topic.

October 24, 2015, 09:43:34 AM

jared5050

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Very Sophisticated Rootkit probably in BIOS -- Need Help
« on: October 24, 2015, 09:43:34 AM »
IAT Hooks - Firmware Level Rootkit
First time using RogueKiller and FRST.  I have been trying to get rid of this rootkit for over a month.  It has infected my laptops, desktop, android phones (HTC 4.3 and Moto 5.0), and iPhone (5s).  Laptops incude Mac OS X, Windows 7 Enterprise, Windows 10 64bit, Ubuntu 14.3 and 15.  I reformatted from live USBs and re-imaged multiple times.  Rootkit seems to be resident in Bios. I've tried Secure Wipe of drives and resetting CMOS.  I have ran Combofix, TdsKiller, Mbam, RkHunter, ChkRootKit, Sophos Mobile, HitmanPro, and many others and they have found some elements of the infection, but were unable to clean the unmounted and hidden partitions as well as the firmware hook that is allowing the infection to return. 
I have attached my RogueKiller and FRST files.  Any help would be appreciated.

Reply #1October 26, 2015, 02:32:28 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Very Sophisticated Rootkit probably in BIOS -- Need Help
« Reply #1 on: October 26, 2015, 02:32:28 PM »
Hi jared5050,

Welcome to Adlice.com Forum.
Please delete the following file if present :
Quote
C:\Windows\System32\drivers\TrueSight.sys

The report you posted was generated with the beta version of RogueKiller .
Please download RogueKiller (64 bits version), redo a full scan and post the report obtained in your next reply.

Regards.