Almost every machine that is infected with new rogue anti-malware have rootkits from them and ACPI rootkits are now common.

Scanning via OS is no good even running from a boot cd still does not work, just yesterday again a customer with a rootkit in his bios, pulled hd flashed bios, used bootcd and cleaned his hd.

When you have something like this your better off pulling the hd and flashing the bios spending hours and hours scanning will get you nowhere, even if you low level format and re-install os fresh it will be infected every boot.

What is even more scary is fact that all current av can detect some rootkits but are VERY limited most new rootkits go undetected so they really need to have a boot time rootkit detection and have a way to update detection techniques so they don't slip by.

So, Galdorf, when you're saying "pull the hd", are you saying, pull it, then scan it in a known-clean machine to remove the baddies? Or are you permanently pulling the HDD for a new one with a clean install of Windows? If so, how are you backing up the client's data before moving it to a new machine, or are you?

Sounds like this stuff is getting nastier by the minute, but I've always said it's like radar and radar detectors. New one comes out, new detector comes out. Never-ending game of cat-and-mouse. Good that I don't drive fast. ;)

I just remove the ide/sata cable from drive this prevents rootkit from writing to hdd again then i flash the motherboard using floppy, put cable back boot and install either unhackme or hypersight clean rootkit then clean keyloggers/malware out.

Yes your average tech that works in a big box store would be stumped with machine i was working on other day AV and all malware cleaners showed it was clean, all cd av and spyware scanners shows it was clean.

Yet after running unhackme it found a rootkit then after a mbam scan 30 items show up after the cleaning the machine worked like clockwork, it prevented combo fix from running even in safemode.

First thing i do now everytime is scan for a rootkit they show up on almost every scan.

Here is something to scare you even more:

http://www.pcadvisor.co.uk/securityadvisor/blogs/index.cfm?entryid=113363&blogid=4&sa

Yes you heard it right a worm that can infect routers mostly home routers but this old news that many don't know about.....

What really scares me i have done tests on every major AV on customers machine they ALL FAILED to detect rootkit thus missed all the worms and bots on his system.

If AV companies don't wake up and put good rootkit detection they will not be worth anything most people have no idea what a rootkit is AV programs are being defeated right left and center by rootkits.

Just yesterday a customers machine had an unknown rootkit, using unhackme it found a strange named file which i removed low and behold malwarebytes ran again after it was removed found bots part of botnet on his system.