• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
Locked

‎03-10-2022 12:05 AM

HP Recommended
Operating System: Microsoft Windows 11

could you tell me how can i remove any rootkits after wiping my hard drive or ssd ?
and what if the malware had infect my motherboard how can i remove it ?

Category:
1 ACCEPTED SOLUTION

Accepted Solutions

‎03-10-2022 10:30 AM

HP Recommended

@Mrlucci --  Thank you very much for the reply Mr Jesper

 

I am not Jesper -- I just cited his article.

 

But i have another question. If it can't be removed why there is a lot of antivirus told us these antivirus could remove a rootkits. Like malwarebytes anti-malware it had a tool especially for that ?!

 

A rootkit can be compared to a hacker getting a key to your home.

The hacker can return to your home, many times, and steal some items everytime they visit.

The rootkit gives the hacker complete access to your computer, with the ability to "plant" other malicious software onto your computer, and all the computers inside your home network.

Changing the lock stops the hacker from entering your home, but it does not detect and remove any "other" items that the hacker has left -- web-camera(s), listening devices.

Similarly, while a company's software can remove the rootkit software, the software may not find all the "other" malicious software.  So, their advertising is correct, but only as far as it goes -- to "remove" only the rootkit.

 

What if i flash my bios after wiping my hard drive?

Could that make my computer new without any malware again ?!

 

For the small price of a new SSD, I would not try to "reuse" the previously-infected disk-drive. I would purchase a new disk-drive.

 

If the BIOS is "infected", then using a compromised BIOS to try to "flash" it may only APPEAR to be successful.  Ouch! 

 

View solution in original post

2 people found this reply helpful
Was this reply helpful? Yes No
11 REPLIES 11

‎03-10-2022 03:03 AM

HP Recommended

@Mrlucci -- how can I ...

 

After taking 3 minutes to read: Help: I Got Hacked. Now What Do I Do? | Microsoft Docs

written in 2009 by:

 

Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation

 

i.e., an influential person who really "knows his stuff", the short answer is YOU CAN'T.

 

As for "root-kits", see: RootkitRevealer - Windows Sysinternals | Microsoft Docs

It might indicate the presence of a "root-kit".

 

what if the malware had infect my motherboard how can i remove it ?

 

The only part of the motherboard that might get infected is the BIOS/UEFI code.

Following-on to Johannson's article, I doubt that you can remove it, except by replacing the BIOS firmware, starting from a trusted source.

 

 

 

 

1 person found this reply helpful
Was this reply helpful? Yes No

‎03-10-2022 03:36 AM

HP Recommended

Thank you very much for the reply Mr Jesper

But i have another question 

If it cant be removed why there is a lot of antivirus told us these antivirus could remove a rootkits

Like malwarebytes anti-malware it had a tool especially for that ?!

 

Was this reply helpful? Yes No

‎03-10-2022 04:46 AM

HP Recommended

What if i flash my bios after wiping my hard drive 

Using usb ?  could that make my computer new without any malware again ?!

Was this reply helpful? Yes No

‎03-10-2022 10:30 AM

HP Recommended

@Mrlucci --  Thank you very much for the reply Mr Jesper

 

I am not Jesper -- I just cited his article.

 

But i have another question. If it can't be removed why there is a lot of antivirus told us these antivirus could remove a rootkits. Like malwarebytes anti-malware it had a tool especially for that ?!

 

A rootkit can be compared to a hacker getting a key to your home.

The hacker can return to your home, many times, and steal some items everytime they visit.

The rootkit gives the hacker complete access to your computer, with the ability to "plant" other malicious software onto your computer, and all the computers inside your home network.

Changing the lock stops the hacker from entering your home, but it does not detect and remove any "other" items that the hacker has left -- web-camera(s), listening devices.

Similarly, while a company's software can remove the rootkit software, the software may not find all the "other" malicious software.  So, their advertising is correct, but only as far as it goes -- to "remove" only the rootkit.

 

What if i flash my bios after wiping my hard drive?

Could that make my computer new without any malware again ?!

 

For the small price of a new SSD, I would not try to "reuse" the previously-infected disk-drive. I would purchase a new disk-drive.

 

If the BIOS is "infected", then using a compromised BIOS to try to "flash" it may only APPEAR to be successful.  Ouch! 

 

2 people found this reply helpful
Was this reply helpful? Yes No

‎03-10-2022 10:42 AM

HP Recommended

Thank you very much bro👍👍👍

Was this reply helpful? Yes No

‎03-11-2022 02:22 AM

HP Recommended

@Mrlucci -- since that article written in 2009, I find it really disappointing that the following search:

 

   http://www.google.ca/?q=site:microsoft.com+remove+virus 

 

returns some articles, apparently written by Microsoft employees, that contradict Mr. Jesper's conclusion.

 

All of those employees really should read Mr. Jesper's artifle, and then re-assess their opinion.

 

1 person found this reply helpful
Was this reply helpful? Yes No

‎03-11-2022 02:36 AM

HP Recommended

Thank you very much for the reply  👍👍👍👍

Could you please  send me the link again The link doesn't work 

 

Was this reply helpful? Yes No

‎03-11-2022 01:17 PM

HP Recommended

@Mrlucci --  Could you please  send me the link again The link doesn't work 

 

Which link? 

What error-message do you get when you click the link?

What web-browser are you using? Safari? Firefox? Google Chrome? Microsoft Internet Explorer? Microsoft Edge Beta? Microsoft Edge? 

 

1 person found this reply helpful
Was this reply helpful? Yes No

‎03-12-2022 03:35 AM

HP Recommended

This link doesn't work 

http://www.google.ca/?q=site:microsoft.com+remove+virus 

I use samsung internet browser

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.