Polonus could you look at his Rootkit attachment above- thanks
Dear sb
you might wonder why we do it the way we do it
most high volume shops run HJT and then run "COMBO fix" and if nothing is active they are done and if not they go on from there
The problem with this is that there are lots of "traces" "fragments" registry enteries, files etc that are left over
Then one of your programs improves detections and these leftovers are found and "YOU HAVE MALWARE"
of course it's just crap but like the files in quarantine - cause nothing but problems down the road
We try and find the "universe" what's out there
and
then run general purpose scanners to hopefully get the main thing AND all associated garbage
This also turns up other things which would not have been found by the usual quick and dirty method
We then travel down each lead tll we get rid of everything we can find
In your case I think we are getting there (as soon as we rule out rootkits which could start us all over again and we DO NOT WANT THAT
SAS has some new updates ( and always will
hope to hear from you soon