Rootkits: review of an infection

I think we finally discovered the potential damage of Windows rootkits when we have to deal with MBR (master boot record) rootkits. Recently my father got infected by one of those rootkits. It basically hides a service (random name), some registry keys and a DLL driver in %SystemRoot%, plus a directory in the MBR. I've tried with Gmer and I succeeded in removing the service, but I wasn't able to remove the registry entries and the DLL driver. What's more, this rootkit disables the view/hide hidden file option on Windows XP. According to Gmer and catchme, also Nod32 is affected by this rootkit, in the sense that the rootkit hides himself from the antivirus. Oh well. Sophos and Norman Cleaner don't detect any anomaly. Fine. I think I need a little help. Any ideas?

Leave a Reply

Note: Only a member of this blog may post a comment.