Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

10 Posts

03-07-2017

Norway

24 Signins

296 Page Views

  • Posts: 10
  • Registered: ‎03-07-2017
  • Location: Norway
  • Views: 296
  • Message 1 of 16

firmware rootkit

2017-03-07, 12:22 PM

Hi i have a lenovo g50-80 that has been rootkited in firmware.. It has been detected by antimalware and in cmd by the (netstat -ano) command. I have tryed everyting i can tink off but have been unsuccessful in removing it. Is it possible to obtain the factory firmware to reflash the entire machine?

Reply
Answer
Options

2506 Posts

05-01-2010

United States of America

12747 Signins

147253 Page Views

  • Posts: 2506
  • Registered: ‎05-01-2010
  • Location: United States of America
  • Views: 147253

Re: firmware rootkit

2017-03-17, 18:05 PM

This malware removal topic is continued here: http://spywarehammer.com/post-here-for-malware-removal/possible-rootkit/






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.

Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply

Replies(15)
Options

571 Posts

07-07-2014

Philippines

314 Signins

10362 Page Views

  • Posts: 571
  • Registered: ‎07-07-2014
  • Location: Philippines
  • Views: 10362
  • Message 2 of 16

Re: firmware rootkit

2017-03-07, 15:33 PM

Hi fkpc,

 

Welcome to the Community, nice to have you here.

 

I would recommend that you use OneKey Recovery. This will wipe out the contents of the Windows partition and clear out the root kit.

 

Here's a guide for Onekey Recovery : https://support.lenovo.com/us/en/solutions/ht077084

 

Note : This will delete verything on the system.

 

Cheers,

Did someone help you today? Press the star on the left to thank them with a Kudos!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"
Reply
Options

1232 Posts

09-12-2012

United States of America

2341 Signins

21237 Page Views

  • Posts: 1232
  • Registered: ‎09-12-2012
  • Location: United States of America
  • Views: 21237
  • Message 3 of 16

Re: firmware rootkit

2017-03-07, 15:37 PM

You mentioned "rootkited in firmware". Do you mean that your BIOS has a rootkit? If not, what firmware are you talking about?

Hoov
Former Microsoft MVP - Consumer Security
SpywareHammer.com
Reply
Options

10 Posts

03-07-2017

Norway

24 Signins

296 Page Views

  • Posts: 10
  • Registered: ‎03-07-2017
  • Location: Norway
  • Views: 296
  • Message 4 of 16

Re: firmware rootkit

2017-03-07, 16:53 PM

Hi, thanks for your quick replys:) I've tried everything possible including Onekey Recovery, BIOS update, antimalware tools, but every effort results in its reappearances... so there cant be anything else than firmware... i suspect that it's either the moterbord firmware, network card firmware, harddisk firmware or a shadow copy in ram... so i intend to flash everything from another pc if possible :/ so clearly i need the factory firmware and flash tool for all components on the machine!

 

The rootkit is hidden from most anti malware tools but is clearly visible in cmd and the firewall, its an advance ting i tell you, it's really fights back against any attempt to scan and remove, and it's currently running a network test in cmd because i manage to block it in by whitelisting my firewall.

 

if everything fails il resort to the nuclear option "travel insurance" ;)

Reply
Options

571 Posts

07-07-2014

Philippines

314 Signins

10362 Page Views

  • Posts: 571
  • Registered: ‎07-07-2014
  • Location: Philippines
  • Views: 10362
  • Message 5 of 16

Re: firmware rootkit

2017-03-07, 17:03 PM

Hi, 

 

Just like to ask what rootkit are you detecting? 

 

Cheers

Did someone help you today? Press the star on the left to thank them with a Kudos!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"
Reply
Options

10 Posts

03-07-2017

Norway

24 Signins

296 Page Views

  • Posts: 10
  • Registered: ‎03-07-2017
  • Location: Norway
  • Views: 296
  • Message 6 of 16

Re: firmware rootkit

2017-03-07, 17:28 PM

sadly it's unknown.. antimalware only describe it as a rootkit

Reply
Options

571 Posts

07-07-2014

Philippines

314 Signins

10362 Page Views

  • Posts: 571
  • Registered: ‎07-07-2014
  • Location: Philippines
  • Views: 10362
  • Message 7 of 16

Re: firmware rootkit

2017-03-07, 17:44 PM

Hi, 

 

Interesting, what antimalware are you using, this might be a false positive. Can you try running HitmanPro and TDSSKiller to confirm the kootkit. Also did you try any 3rd party BIOS or firmware for the system? 

 

Cheers,

 

Did someone help you today? Press the star on the left to thank them with a Kudos!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"
Reply
Options

10 Posts

03-07-2017

Norway

24 Signins

296 Page Views

  • Posts: 10
  • Registered: ‎03-07-2017
  • Location: Norway
  • Views: 296
  • Message 8 of 16

Re: firmware rootkit

2017-03-07, 18:04 PM

i do not think this is a false positive.. i wouldn't have all this server rules in the firewall and network test running.. but i will try HitmanPro and TDSSKiller. I have been using gmer witch detected it.

Reply
Options

10 Posts

03-07-2017

Norway

24 Signins

296 Page Views

  • Posts: 10
  • Registered: ‎03-07-2017
  • Location: Norway
  • Views: 296
  • Message 9 of 16

Re: firmware rootkit

2017-03-07, 18:17 PM

update.... HitmanPro is beeing blocked and cant run :/ TDSSKiller is detecting some unsigned files but noting more.. No i haven't used any 3rd party firmware or software, everything is genuine from lenovo and windows!

Reply
Options

571 Posts

07-07-2014

Philippines

314 Signins

10362 Page Views

  • Posts: 571
  • Registered: ‎07-07-2014
  • Location: Philippines
  • Views: 10362
  • Message 10 of 16

Re: firmware rootkit

2017-03-07, 18:26 PM

Hi,

 

I hope you dont mind if I ask you to post a screen capture of the results of the scan by GMER. 

 

Cheers,

Did someone help you today? Press the star on the left to thank them with a Kudos!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms