I have a Win7 32bit box and Kaspersky finds this rootkit. It requires a reboot to clean but it never does it.
I used TDSSKiller - it finds atapi.sys infected and the same thing happens after rebooting - the problem still exists.
I have used Combofix. This fails with similar results if I launch it from CMD. However, it proceeded to completion, rebooting a couple times, going through all stages and generating a log file after I executed it via PowerShell.
After all that, Kaspersky and TDSSKiller still tell me I'm infected. Good ol' ATAPI.SYS still infected. I'm debating putting much more effort into this versus rebuilding from scratch with a complete drive wipe. (Would mean I'd finally switch to 64 bit that I've been putting off for 6 months or more!).
What say the experts?
Edited by Orange Blossom, 10 May 2010 - 06:07 PM.
Move to AII as no logs posted. ~ OB