I was an amateur departmental sysadmin/PC troubleshooter for about 10 years, full time in a tour operators for 2 years and I thought I was pretty hot on fixing computers.

Anyway I lost the best part of a day with a rootkit virus. Once you get one on the system they disable your AV software and prevent you installing a new one.

They add hidden entries to your registry that you can't read or delete.

They add hidden folders that you can't view with explorer or in DOS mode.

They prevent you from booting in safe mode.

They update themselves when you connect to the net.

In other words you're completely ****ed.

Download both of these rootkit removal tools now and put them on a non-writeable floppy or CD.

Use this one from F-Secure (http://www.f-secure.com/blacklight/try_blacklight.html) (use the GUI version)
And this one from pandasoft (http://www.pandasoftware.com/com/downloads/register2006?Tipo=1&CodigoProducto=39&Idioma=2&TipoUsuario=1&sec=down&Country=US-en&TipoLead=2&Ref=WWEN-ROOTK-DES&track=36258).

Enough said! :tools:

yeah, rootkits are really nasty on a windows box because the security is so lax - the basic user account has admin rights (!).

Thats why Linux is so secure - to install anything major you have to log in as root. That OS is such a hostile environment for viruses, etc that there are only proof of concept viruses out there.

Sony even produced a rootkit that ****ed up your PC - the aim was to prevent copying of software but ended up blocking legitimate burning of data (eg backing up your documents) and breaking dvd-writers (no jokes). Big fiasco for them, it was.

Rootkits are nasty little SOBs because they reside very close to the kernel - meaning that they are low-level processes and can't be touched by a lot of removal programs :(

Sometimes the best (or only) way to completely remove one is to format :(