Gmer mentioned Suspicious modification of Atapi.sys. Had it kill the file, system rebooted but Dcom still wigs out.
Malware bytes found around 40 some nasties that I had it remove, It still suffers a random DCOM error. I am unable to pin down any specific time after boot the DCOM error occurs. I also have Svchost.exe general faults.
Having not fought Rookits before: Is it safe to hook the infected drive into a different system that has fully updated AV (AVG9) and Malware (Malwarebytes) detection on it?
I plan to back up her data, wipe the system with a format and restore the dell image. Would this be certain to eliminate rootkits? A few Virii in the dos days could survive formats.
As the image's partition is hidden, it should be clean. Can't infect what the system itself can't see.
Edited by Orange Blossom, 30 January 2010 - 08:43 PM.
Move to AII. ~ OB