I'm facing a serious issue with what I believe to be a high-level bootkit or rootkit on my PC. It started as a Trovi infection with browser redirects, and I've identified the main malicious processes as LsaIso.exe or Lsalso.exe in the System32 folder.
I've tried a few things to get rid of it: deleting the file manually, removing any suspicious scheduled tasks, and running sfc /scannow, but the file always comes back. I also did a complete format by using a clean USB drive (WinPE) along with the Diskpart CLEAN ALL command, wiped the primary hard drive, and reinstalled Windows on the unallocated space. Even after flashing my BIOS/UEFI with the latest official version, the virus continues to return.
My main questions are: Does this indicate that the issue might be a firmware Bootkit that's hiding in an unmodifiable part of my motherboard chip or possibly in the firmware of an integrated component like the network card? And are there any other steps I could try before resorting to a physical motherboard replacement? I'm really out of software solutions here. Thanks for any guidance you can provide!
4 Answers
Have you considered trying it with a different SSD? Sometimes issues can stem from the drive itself.
Did you really do a full wipe of the drive and not just a format? It's crucial to ensure you deleted everything and set up a new partition afterwards.
Make sure your system is completely offline during installation. Also, double-check that your reinstallation medium is safe. How confident are you in that ISO you downloaded?
It wasn't isolated since I downloaded the ISO on my home laptop.
Firmware-level malware is pretty rare. They exist but usually target specific high-profile users and not random individuals. This might not be as severe as it seems.
Yes, I did everything that was suggested.