Windows 10: Rootkit infection on my laptop

Hello,

My laptop was recently attacked by ransomeware and my norton security detected it and removed 12 ransomewares but it couldn't remove last one and asked me to remove it manually and I removed it.Then it asked me to restart the laptop.After restarting I saw that norton wasn't acting properly so I restarted my laptop again and now it was protecting like usual.I noticed that all my files were encrypted by .jdyi extension however I didn't receive any notification or message demanding money.I couldn't open my files.

So I formatted my laptop and installed OS again from service centre.Then I started getting different blue screen errors like win32kbase.sys,win32full.sys,i8042.sys,SYSTEM SERVICE EXCEPTION etc.These errors I got everytime when I turned on my laptop.So I formatted and reinstalled windows 10 1909 again and the blue screen errors were still present.I scanned my laptop with kaspersky tdsskiller to check for rootkit infection and it detected one.However it couldn't remove it so I manually deleted file from quarantined folder.I again scanned my laptop this time it didn't detect any infection.I scanned using malwarebytes too it didn't detect any infection.Finally I scanned with GMER 2.2.19882 and it gave the message \Device\Harddisk1\DR1 sector 0: rootkit like behaviour.

Today I installed windows 2020 october update and blue screen errors have stopped for now.But when I scanned my laptop with GMER it again gave the same message rootkit like behaviour .So I ran full scan and it closed automatically within minute.I tried to scan in safe mode it gave me blue screen error" IRQL not less or equal "within a minute and retarted.

Can anyone help to remove this rootkit?

My laptop is Acer nitro 5 AN515-55

:)

 

Rootkit infection

That file is an anti rootkit scanner by Avast. And I'm not sure whether it works on Win 10.

If you have an Avast anti-rootkit scanner and you’re running another rootkit scanner (such as GMER) then the two programs are possibly causing software conflicts.

Running too many AV programs concurrently is not always a good idea.

Assuming you’re using Avast recommend you seek their advice:
https://forum.avast.com/index.php?board=2.0

Also suggest you review
Best Practices for Safe Computing - Prevention of Malware Infection

Regards…

Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them. | Emsisoft | Security Blog

 

ROOTKIT infection that evades Norton AND Defender

How were you able to determine that your computer was infected with a rootkit?

A rootkit affects the computer before Windows loads, so any program installed on Windows, including anti-virus programs, is not likely to detect a rootkit. It often takes sophisticated software to detect and remove a rootkit.

More recent computers, with the UEF interface and Secure Boot, were designed in part to prevent a rootkit-infected computer from starting, so rootkits are much less of a problem now than they were in older computers.

 

Rootkits.... Questions

Suggestion to do some reading:

• What is a rootkit?
• Rootkits - Windows security
• Glossary of Malware Related Terms
• Best Practices for Safe Computing - Prevention of Malware Infection