Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RootKit problems 2

Status
Not open for further replies.
DTracy

DTracy

Programmer
Feb 20, 2002
844
US
Hi everyone,

I had a go-round over the weekend with a rootkit on our home computer (XP-Pro). I never could remove the rootkit using various software tools, so I decided to re-format and re-install, of which I could do neither. After a going over with dBan and another disk wiper that I can't remember the name of, I was then able to format. But I'm still not able to install. When the installer reaches the point of "installing devices", it fails with various stop messages on a BSOD. On each attempt, and there have been many, it has a different error on the blue screen.

To sum up, I guess the drive is ruined. This is something new to me when software is able to damage hardware, but I truly believe this is what has happened. My research has led me to perhaps a BIOS type rootkit. BIOS used to be on an EPROM, but now it's all on the disk, right?

Thanks for listening,
David.

 
Sort by date Sort by votes
If you got a BIOS virus, it should be in the motherboard's BIOS, not on the actual hard drive. And that is very rare.

As for your BSOD, I suspect it could be one of a couple of things:
1. Scratched or dusty Windows disk - believe it or not, I've seen this. If you happen to have another OS disk of any sort, give that a try, and see. And/or for this disk, make sure it is clean - A good way is to pour a little rubbing alcohol over the readable side of the disk, then using a microfiber (or other soft cloth if microfiber not available), and wipe the disk from the center, strait out to the edge... strait lines, not circular, and go all around the disk that way until you've gotten it all... possibly a few times.

What happens here is that your fingers could have put oil or even any sugary substance (ex anything you ate/drank that had any sugars in it whatsoever) in some very small amount on the disk, and then dust could build up on top of that. It may not even be noticeable.

2. A hardware problem that just happened to show up after all of this. The hard drive itself could very easily be the cause... they do fail... and they are relatively inexpensive to replace. Also, a bad memory module could cause this.... Any of these are possible, b/c it is very possible that in your day to day activities, prior, you just didn't access the particular sector(s) and/or block(s) which has/had the issue(s).

Another thing to try (I realize you had no issues, apparently, before this, but it's still possible) is to disconnect every non-necessary piece of hardware for the installation. If you've got a PCI Wireless card, and don't need it, remove it. PCID sound card? remove it. Extra hard drive(s) and/or optical drive(s), remove all but what is necessary - every single piece, just unplug it all... If it works afterwards, then just make sure you first get Windows up to date, and THEN plug back your devices... it's very possible the Windows install does does not have the necessary driver for a particular piece of hardware, but that it was fixed via a service pack.

Anyway, give any/all of that a try, and post back.

As an alternative OS, you could download a live Linux distro, burn to CD or DVD, and try it out, to see. Ubuntu (probably most popular right now) is a live CD by default.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
kjv1611,

Thanks for the thoughts, they are appreciated.

I don't have any perhiperals that are unnecessary to the install. The only expansion card I have is video, all else is on the motherboard. I'm using the same hard disk that was used in the last six or so installs of the OS. Driver compatibility with all componants hasn't been an issue before.

The PC seems to operate OK using my BART PE disk. That kind of leaves the hard drive and the install CD. I guess I could find another XP disk for a test install to rule these two out.

Thanks again for the ideas. You don't want to hear how I feel about the people that come up with this stuff, what a waste.

David.
 
Upvote 0 Downvote
DTracy, replace the drive, they are cheap now a days...

and I agree with kjv1611, that a BIOS rootkit or virus is rare these days... there used to be one that KILLED the BIOS, but that was ages ago...

though it is more believable that a RK or Virus destroys a drive, e.g. that it always writes to a certain cluster until it becomes damaged...

when something along those lines happen to me, I usually KILL first all partitions on the drive, using GParted from the PartedMagic CD (a Linux LiveCD)... then I nuke the drive with DBAN or similar program, or I format it with a Linux FS and transfer DATA onto it until it is almost full and then remove all partitions again...

usually that will allow me to install XP once again...

now as to the BSOD's, since you mention that they are random, it could denote a problem with the RAM or the install CD itself (as mentioned)...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Thanks Ben, good points. I'm tight as bark on a tree, so I'm looking in the salvage bin for a drive. Yes, I know, I gave $45 dollars for the drive that's in there right now and it's two years old. I have a hard time saying n-n-new!

Thanks everyone for the input, your valuable time is very much appreciated.

David.
 
Upvote 0 Downvote
David,

as to being tight as the bark on a tree, I know that feeling, and if you lived around the corner, I would give you one...

but if you take a gander over at NewEgg 80gig HDDs go for around 35 bucks and for 4 bucks more you get double that (160gb) (SATA)... for IDE there is a Maxtor MaXLine II 320GB going for $39.99... sometimes you can get good deals also on eBay, but I would be very very careful with that, as there are lots of black sheep out there...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Ben,

I bought the drive from NewEgg a couple of years ago, they have very good deals. My old motherboard won't support SATA drives, I'm kind of stuck with IDE right now. I've been eye balling a different motherboard that's in the salvage room right now. It supports SATA and has a 3 Gig processor. That is a tad faster than my 2.4 Gig that I currently have.

Thanks Ben,
David.
 
Upvote 0 Downvote
DTracy,

I can fully appreciate the tight as bark deal, as well. I honestly live right there... at least for the past 2 - 3 years. It's amazing what a change can come when you go from no child to having a child... My wife worked full time before that, and her income was almost equal to my own (full time income). So, when we decided it best for her to stay home with the baby, well, it's been tight to say the least! [smile] But it's been well worth it.

So, just to put a perspective on it, when I say it's relatively cheap, I mean relative as compared to many other things in life - I'd say computer components, but really, all of them are super cheap now, unless you want the latest and greatest... say an SSD for system (good one), Core i7 CPU, DDR3 - high end - ram, Blue Ray Burner... yeah, those are steep. :eek:]

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
Ok, here's the final outcome:

I borrowed an old drive that was known good and installed it. Restarted the install procedure using the same disks. This failed, same as before. I then removed the memory from bank 0 and resumed the install. All went ok. I re-installed my old drive and performed the install on it using the same disk. All went ok.

I replaced the memory with new.

Thanks to all for their kind assistance, it is greatly appreciated.

David.

 
Upvote 0 Downvote
Thanks for the follow-up. It'll be good "case history" for anyone who runs into the same situation in the future.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

1DMF
  • Locked
  • Question
AVAST latest free version causing nothing but problems 2
2
Replies
20
Views
333
1DMF
1DMF
geeknerd
  • Locked
  • Question
Combofix Gave Rootkit . ZeroAccess Warning
Replies
5
Views
130
kjv1611
kjv1611
Noway2
  • Locked
  • News
Windows RootKit that requires re-install
Replies
9
Views
128
goombawaho
goombawaho
RichinMN
  • Locked
  • Question
Problems with Iobit Advanced SystemCare v. 6.0 update??
Replies
9
Views
131
BadBigBen
BadBigBen
electricpete
  • Locked
  • Question
Rootkit Reveal Log 1
Replies
2
Views
81
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top