XP pro infected with InternetSecurity2010 malware and H8SRT rootkit. Was not able to run any of the usual tools so booted into NTFSDOS to delete files manually. The H8SRT file was in the Drivers folder and there were several files in the system32 folder such as pr09.dll, pr10.dll and winlogon86.exe.
I was NOT able to delete these files ... running the DEL command produced no errors but the files were still there. I deleted them several times, each time with no errors on the screen but they still showed up with DIR.
I tried it with the full file name and the the 8.3 format with the same result.
I was able to REN the files without any errors but on doing a DIR they showed up back under the original names --- it was as if the files were re-generating themselves as they do when running in Windows but this isn't supposed to be possible in real mode DOS.
I have used NTFSDOS dozens of times before to kill malware and have never had this problem. NTFSDOS ver is 3.03.
Hopefully someone else has seen this also so I'll know I am not in the twilight zone
Edited by YardieTech, 05 January 2010 - 02:14 PM.