[QUOTE="Dustin"]\nHere's whats going on.. You were close tho.\n\nIt actually sets all files from root down to hidden. You lose your\ndesktop icons and your programs menu has no entries. It's also\nredirecting (via registry edit) executables to be launched thru it, so\nif you do remove the executable you get the infamous open with box when\nyou try to run something. You edit the registry to fix this... It's one\nline. ;p[/QUOTE]\n\nI wish I took pictures now. That's not what happened. My desktop icons\nwere present, all files were visible. When I checked the security\nattributes "System and Admin" had no control. Here is a pic to explain\na little better:\nhttp://img148.imageshack.us/img148/5871/unledus.jpg\n\n[QUOTE]\nReset your file attributes with attrib.\n\n\nI haven't seen DNS poisioning, You likely had the rootkit TDL4 as well.\nIt's a bitch too, man. Patches key windows files.[/QUOTE]\n\nI ran TDSS killer, nothing. Sas and MBAM, nothing.\n\nWhat's next for rootkit detection and removal, GMER?