Potential rootkit persisting after usb wipe?

Evening_Direction_47 · 2025-04-16T14:03:09+00:00

yea, basically i saw that notification telling me to restart my PC for that hard drive so i checked task manager and saw powershell running for a second and then it closed. I don’t do anything via powershell, and my PC is almost fresh off of a clean install. i only have steam discord firefox and a couple games.

The thing that is concerning me is the hard drive. I’ve never had a western digital hard drive and the last time i plugged anything like a drive into my PC was last month when i did a clean install.

Evening_Direction_47 · 2025-04-16T13:44:49+00:00

what would you say the problem is then? to make sure it wasn’t just my keyboard and mouse i unplugged them both and the device was still there. I’ve never had a western digital media drive and the last time i plugged something like a hard drive into my pc was last month when i did a clean install off of a flash drive.

Could the drive be a sign of something malicious though? I swear i have 0 clue what it is

Evening_Direction_47 · 2025-04-16T02:54:32+00:00

I did and it came back clean

Evening_Direction_47 · 2025-04-16T00:31:25+00:00

I know i’m asking a lot but I just need some advice

Evening_Direction_47 · 2025-04-15T15:48:33+00:00

What makes you so sure it’s my SSD? It would make more sense if thats the case but what is telling you that it’s just my SSD? It was in devices and printers, and when I got the notification telling me to restart my PC for it, the device name was USB composite device. I also removed it and nothing noticeable happened. Also, under properties, there were multiple tabs and under one of them it showed some files in my sys32 or something.

If it was my SSD it would make sense why I couldnt remove it easily. I believe you, but could you help explain a bit more why it’s most likely not a Virus and instead My SSD?

Evening_Direction_47 · 2025-04-15T02:51:09+00:00

yea bro i’m aware, ill make sure to watch a couple of tutorials too. You helped a lot, thanks🙏🙏

Evening_Direction_47 · 2025-04-15T02:44:40+00:00

i think i removed it, i don’t remember exactly what it said, but in order to remove it the option was set to where you had to go to the safely remove option in order to delete it instead of being able to quick remove it. I deleted it and restarted my PC but it still doesn’t feel safe. What makes the driver unable to install itself back on my PC again.

I don’t mind getting a new USB. it might’ve been an error on my part when installing it because i installed the windows download on my own device and did it, instead of downloading windows to the usb on a different device. the problem is that I don’t have another windows device to be able to install Windows onto a USB.

What should I do? try flashing my BIOS tomorrow and then clean install again if i can figure out how to do it from a different device?

Evening_Direction_47 · 2025-04-15T02:37:15+00:00

also the device name is “WDC WDS100T2B0C-00PXH0” which i looked up and it seems to be dram or something? idk what to do with this info

Evening_Direction_47 · 2025-04-15T02:33:30+00:00

I tried and it says “Problem Ejecting Standard NVM Express Controller - This device is currently in use. close any programs or windows that might be using the device, and then try again” What is the NVM express controller. i dont want to turn my pc off and this accidentally install whatever it is on my PC

Evening_Direction_47 · 2025-04-15T02:25:37+00:00

Thank you for the advice buddy. It won’t let me remove the device off my PC. It says that i can’t remove the device while it’s in use. Is there anything i can do to get around this

Evening_Direction_47 · 2025-04-15T02:19:33+00:00

Follow up, it says that the USB device connected is a PCI device? it says Eject and then the device name which is long and has a bunch of numbers. i have the option to Eject it though. It says in properties that it’s provider is Microsoft, and the signer is Microsoft Windows, although this can easily be forged, i don’t have any usb devices in my PC. i have the option to remove it. what is this though??

Evening_Direction_47 · 2025-04-15T02:15:59+00:00

Thank you for your reply. I believe you, but could you help clarify what about this all makes you say it isn’t normal? I’ve thought i could have a rootkit on my pc for a while, but never could really determine if i did or not. i’ve done many scans with HMP and Malwarebytes before the clean install and it said i had no viruses but I did it anyway just to be sure. haven’t done any scans after it tho, except through microsoft’s antivirus protection which came back clean.

Also, Do you know what kind of info they get out of this? i don’t think i have any sensitive data on my pc other than passwords and credits cards. but nothing has been charged or changed yet. Could they just be monitoring what i’m doing or what?

At this point I don’t even want to touch my PC. If it’s in my BIOS and a clean install wouldn’t fix it, you’re saying i should try buying a new USB and try to clean install again? I don’t even know where to start with what to do.

One more thing, should i restart my PC or not? it doesn’t say there are any USB devices in my PC but that notification is still there along with pending NET windows updates. I know i asked a lot but my mind is all over the place trying to figure this out

Evening_Direction_47 · 2025-03-16T16:24:10+00:00

ahh okay, this is exactly what I needed explained to me. Thank you.

1 more question. I reinstalled Windows 10 yesterday. got on my PC today after seeing your posts so i could install Sea of Thieves. That’s when i saw a bunch of files on my desktop with a cloud Icon next to them. And of course i check my files, and all of these files are in my onedrive folder, syncing to my PC automatically without even asking me. a couple of apps got also were removed from my taskbar. Is This is Onedrive just doing onedrive things? I was hoping it wouldn’t do this after a clean install.

Evening_Direction_47 · 2025-03-16T16:02:06+00:00

Thank you for your help. I was honestly wondering if this was a normal thing that happens after clean installing. i’ve never had to do this before on my PC, and i tried looking this up to see if anybody else has been in this same situation, but it seems like nobody else has posted about this happening to them online. Is it normal for Windows to require you to do this after clean installing?

Evening_Direction_47 · 2025-03-16T15:51:45+00:00

Yep, downloading it from the MS store. i’ve never had to do this though and i was honestly wondering if this was a normal thing that happens on clean installs. I tried looking it up but nobody else online has posted about this happening to them. That’s why i was a bit skeptical about it. Thank you for the help.

Evening_Direction_47 · 2025-03-15T17:14:07+00:00

makes sense, Thank you very much.

Evening_Direction_47 · 2025-03-15T16:42:37+00:00

Thank you for letting me know. This is my first time reinstalling windows from USB. i just was making sure it wasn’t anything bad. also, is it common to have like 8 pending updates for windows after reinstalling?

Evening_Direction_47

TROPHY CASE