Well, I just finished working on a client’s system and it nearly did me in.  Somehow (they claim they didn’t click on anything) they contracted what appeared to be some typical malware/spyware garbage.  After using my typical process of using MalwareBytes, SuperAntiSpyware, Microsoft Security Essentials, and of course, CCleaner, it seemed all was well.  However, I was about three blocks away when I got the call that it was back. 

Sure enough, the system continued to open Microsoft Devlopment Environment and MSE kept finding malware and claiming to clean it.  Upon further inspection, I found that IE would open, and for the most part it seemed fine.  However, it wouldn’t go to Windows Update or allow me to update MSE.  Something was amiss.  I even resorted to my ‘only use in drastic measures’ ComboFix, and while it claims to have found and resolved the issue, upon rebooting, we were back to square one. 

Enough–I took the system to my workshop and tried every form of anti-malware, anti-spyware, rootkit remover, etc.  But it kept coming back.  Now, I know at this point everyone says to just format and start over.   Fine if it is your machine, but for a client, that just isn’t always an option.  Googling the name of the apparent rootkit I had (TDS4), I was directed to ‘Unhackme’.  This is software made by Greatis.  I downloaded their trial version, paid the $14 to download an ISO for a bootable PXE, and ran it.

It worked!  It found it, cleansed it, re-ran it, cleansed some more, and upon re-booting, everything was working.  Oddly enough, the machine also seemed to boot faster, shut down faster, etc.  All that to say, I am now the proud owner of the full version of the software, and am anxious to try it out on some more stubborn root kits!  Seldom do I recommend commercial software, but this one did what no other could do…a real winner in my book!