I know this thread is old BUT…
I have a rootkit GMER found it but everything is blocked to remove it.
It is on my LT also. so I did a CLEAN install on the LT
W7 - Deleted C: and win partition - recreated and formatted - installed
there are 2 other partitions but neither contains a system
2 other rootkit detectors were blocked and on found nothing.
as soon as the install was done I check the reg - it was still there. Ran GMER and it was still found - however the copies that showed up previously were gone.
SO________CLEAN INSTALLS DO NOT NECESSARILY CLEAN ROOTKITS
My reference to reformatting the hard disk means the whole shebang using low level format. I suggest you start a new thread asking for help and not tagging onto an old one when you want help. Be clear in the title what you want.
Did you check for the rootkit immediately after re-installing Windows, i.e. before you restored anything you had previously backed up? If not, seeing the rootkit again might be due to a reinfection.
Formatting a disk creates the basic patterns that the disk controller uses to work out where it is, where the block boundaries are, and the physical encoding algorithm used to represent the data. This includes the block preamble and postamble, timing marks sector identifiers and so on.
Back in the day you could change these things. I remember when Adaptec came out with a new SCSI controller for disk drives that increased the drive capacity by reformatting, and using a newer data encoding.
Writing data to a disk does not reformat it. It just writes data. Imagine you have a piece of paper ruled with lines into boxes. You write numbers into the boxes. Reformatting this data storage involves rubbing out the ruled lines and drawing new ones. It isn’t a matter of rubbing out the contents of the boxes, but making new boxes.
Of course, if it really takes special hardware (not just software) to be able to do it, then there’s nothing a virus could muck around with that would make it necessary, either.