×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

RootKit problems
2

RootKit problems

RootKit problems

(OP)
Hi everyone,

I had a go-round over the weekend with a rootkit on our home computer (XP-Pro).  I never could remove the rootkit using various software tools, so I decided to re-format and re-install, of which I could do neither.  After a going over with dBan and another disk wiper that I can't remember the name of, I was then able to format.  But I'm still not able to install. When the installer reaches the point of "installing devices", it fails with various stop messages on a BSOD.   On each attempt, and there have been many, it has a different error on the blue screen.

To sum up, I guess the drive is ruined.  This is something new to me when software is able to damage hardware, but I truly believe this is what has happened.  My research has led me to perhaps a BIOS type rootkit.  BIOS used to be on an EPROM, but now it's all on the disk, right?

Thanks for listening,
David.

 

RE: RootKit problems

If you got a BIOS virus, it should be in the motherboard's BIOS, not on the actual hard drive.  And that is very rare.

As for your BSOD, I suspect it could be one of a couple of things:
1. Scratched or dusty Windows disk - believe it or not, I've seen this.  If you happen to have another OS disk of any sort, give that a try, and see.  And/or for this disk, make sure it is clean - A good way is to pour a little rubbing alcohol over the readable side of the disk, then using a microfiber (or other soft cloth if microfiber not available), and wipe the disk from the center, strait out to the edge... strait lines, not circular, and go all around the disk that way until you've gotten it all... possibly a few times.

What happens here is that your fingers could have put oil or even any sugary substance (ex anything you ate/drank that had any sugars in it whatsoever) in some very small amount on the disk, and then dust could build up on top of that.  It may not even be noticeable.

2. A hardware problem that just happened to show up after all of this.  The hard drive itself could very easily be the cause... they do fail... and they are relatively inexpensive to replace.  Also, a bad memory module could cause this.... Any of these are possible, b/c it is very possible that in your day to day activities, prior, you just didn't access the particular sector(s) and/or block(s) which has/had the issue(s).

Another thing to try (I realize you had no issues, apparently, before this, but it's still possible) is to disconnect every non-necessary piece of hardware for the installation.  If you've got a PCI Wireless card, and don't need it, remove it.  PCID sound card?  remove it.  Extra hard drive(s) and/or optical drive(s), remove all but what is necessary - every single piece, just unplug it all...  If it works afterwards, then just make sure you first get Windows up to date, and THEN plug back your devices... it's very possible the Windows install does does not have the necessary driver for a particular piece of hardware, but that it was fixed via a service pack.

Anyway, give any/all of that a try, and post back.

As an alternative OS, you could download a live Linux distro, burn to CD or DVD, and try it out, to see.  Ubuntu (probably most popular right now) is a live CD by default.

--

"If to err is human, then I must be some kind of human!" -Me

RE: RootKit problems

(OP)
kjv1611,

Thanks for the thoughts, they are appreciated.

I don't have any perhiperals that are unnecessary to the install.  The only expansion card I have is video, all else is on the motherboard.  I'm using the same hard disk that was used in the last six or so installs of the OS.  Driver compatibility with all componants hasn't been an issue before.

The PC seems to operate OK using my BART PE disk.  That kind of leaves the hard drive and the install CD.  I guess I could find another XP disk for a test install to rule these two out.

Thanks again for the ideas.  You don't want to hear how I feel about the people that come up with this stuff, what a waste.

David.

RE: RootKit problems

DTracy, replace the drive, they are cheap now a days...

and I agree with kjv1611, that a BIOS rootkit or virus is rare these days... there used to be one that KILLED the BIOS, but that was ages ago...

though it is more believable that a RK or Virus destroys a drive, e.g. that it always writes to a certain cluster until it becomes damaged...

when something along those lines happen to me, I usually KILL first all partitions on the drive, using GParted from the PartedMagic CD (a Linux LiveCD)... then I nuke the drive with DBAN or similar program, or I format it with a Linux FS and transfer DATA onto it until it is almost full and then remove all partitions again...

usually that will allow me to install XP once again...

now as to the BSOD's, since you mention that they are random, it could denote a problem with the RAM or the install CD itself (as mentioned)...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: RootKit problems

(OP)
Thanks Ben, good points.  I'm tight as bark on a tree, so I'm looking in the salvage bin for a drive.  Yes, I know, I gave $45 dollars for the drive that's in there right now and it's two years old.  I have a hard time saying n-n-new!

Thanks everyone for the input, your valuable time is very much appreciated.

David.

RE: RootKit problems

David,

as to being tight as the bark on a tree, I know that feeling, and if you lived around the corner, I would give you one...

but if you take a gander over at NewEgg 80gig HDDs go for around 35 bucks and for 4 bucks more you get double that (160gb) (SATA)... for IDE there is a Maxtor MaXLine II 320GB going for $39.99... sometimes you can get good deals also on eBay, but I would be very very careful with that, as there are lots of black sheep out there...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: RootKit problems

(OP)
Ben,

I bought the drive from NewEgg a couple of years ago, they have very good deals.  My old motherboard won't support SATA drives, I'm kind of stuck with IDE right now.  I've been eye balling a different motherboard that's in the salvage room right now.  It supports SATA and has a 3 Gig processor.  That is a tad faster than my 2.4 Gig that I currently have.

Thanks Ben,
David.

RE: RootKit problems

DTracy,

I can fully appreciate the tight as bark deal, as well.  I honestly live right there... at least for the past 2 - 3 years.  It's amazing what a change can come when you go from no child to having a child...  My wife worked full time before that, and her income was almost equal to my own (full time income).  So, when we decided it best for her to stay home with the baby, well, it's been tight to say the least! smile  But it's been well worth it.

So, just to put a perspective on it, when I say it's relatively cheap, I mean relative as compared to many other things in life - I'd say computer components, but really, all of them are super cheap now, unless you want the latest and greatest... say an SSD for system (good one), Core i7 CPU, DDR3 - high end - ram, Blue Ray Burner... yeah, those are steep. :o]

--

"If to err is human, then I must be some kind of human!" -Me

RE: RootKit problems

(OP)
Ok, here's the final outcome:

I borrowed an old drive that was known good and installed it.  Restarted the install procedure using the same disks.  This failed, same as before.  I then removed the memory from bank 0 and resumed the install.  All went ok.  I re-installed my old drive and performed the install on it using the same disk.  All went ok.

I replaced the memory with new.  

Thanks to all for their kind assistance, it is greatly appreciated.

David.

 

RE: RootKit problems

Thanks for the follow-up.  It'll be good "case history" for anyone who runs into the same situation in the future.

--

"If to err is human, then I must be some kind of human!" -Me

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close