Have any of you seen this one yet? It's a nasty one - it had taken over more aspects of my client's computer than any I have seen yet. It's either a variant of the ol' Antivirus 2009, or AV2009 invited it onboard. She had browser hijacks, desktop "warnings," My Documents folders mysteriously opening, and what looked like part of the kit masquerading as a system hardware device, which kept prompting to install "drivers" at reboot, and freezing the system. It also froze the machine periodically at reboot at the "Personal settings" screen when selecting a user account - I'm sure it was working its nefarious plots behind the frozen screen.

I've run all of the tools mentioned in these forums (while disconnected from the net, of course), and it seems to be clean, but of course, being a rootkit, it's tough to be sure. I'm still going to recommend to the client that we reformat and reinstall regardless, due to the nature of this infection. Thoughts?

Thanks,


Sky

Found and got rid of one yesterday actually. I used the NOD32 Boot Disk, and Avira Boot Disks to ensure it was gone.

Tough call, rootkits are a bitch. I'd be inclined to let it go back with a proviso that you'll take it back again if she experiences problems within the next 5 days.

Exactly what I was thinking - thanks! I'm also going to monitor it all day today, do a bunch of restarts, etc., in case there's something counting reboots to reinstall this stuff from somewhere I missed after a certain number of restarts.

A fine learning case, that's for sure!

If you haven't already, i would run scans in another pc.

If you haven't already, i would run scans in another pc.

Yep, I did that - good advice. I'm 99.9% sure I nailed that rootkit and all its buddies. I monitored the computer for a full day, and gave it back to the client the usual caveats and aforementioned agreement. Happy client, happy technician. :)