Rootkit infection on my laptop

[Piyush55]

Hello,

My laptop was recently attacked by ransomeware and my norton security detected it and removed 12 ransomewares but it couldn't remove last one and asked me to remove it manually and I removed it.Then it asked me to restart the laptop.After restarting I saw that norton wasn't acting properly so I restarted my laptop again and now it was protecting like usual.I noticed that all my files were encrypted by .jdyi extension however I didn't  receive any notification or message demanding money.I couldn't open my files.

    So I formatted my laptop and installed OS again from service centre.Then I started getting different blue screen errors like win32kbase.sys,win32full.sys,i8042.sys,SYSTEM SERVICE EXCEPTION etc.These errors I got everytime when I turned on my laptop.So I formatted and reinstalled windows 10  1909 again and the blue screen errors were still present.I scanned my laptop with kaspersky tdsskiller to check for rootkit infection and it detected one.However it couldn't remove it so I manually deleted file from quarantined folder.I again scanned my laptop this time it didn't detect any infection.I scanned using malwarebytes too it didn't detect any infection.Finally I scanned with GMER 2.2.19882 and it gave the message \Device\Harddisk1\DR1 sector 0: rootkit like behaviour.

 Today I installed windows 2020 october update and blue screen errors have stopped for now.But when I scanned my laptop with GMER it again gave the same message rootkit like behaviour .So I ran full scan and it closed automatically within minute.I tried to scan in safe mode it gave me blue screen error" IRQL not less or equal "within a minute and retarted.

   Can anyone help to remove this rootkit?

My laptop is Acer nitro 5 AN515-55

[Berny]

IRQL not less or equal

 

Welcome. If you have a paid Kaspersky product please contact K-Lab Technical Support

 

[Piyush55]

Hello,

Thankyou for quick reply.

I tried the trial version of tdsskiller .I don't have purchased product currently.

[huang1111]

The blue screen usually appears in the Windows folder MEMORY.DMP file, and when the blue screen occurs, it will prompt which driver has a problem, you need to find this driver and try to uninstall it, so that the blue screen will no longer occur. (You may need to enter PE or safe mode to process this driver).