We are a small town (PC/Windows) computer company, MCSE certified with expertise also in Linux/Unix Platforms. we just ran into a computer that had The Reveton you described here: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
The Client Was running windows xp home edition.
I am posting a comment on your removal guide because this is NOT how we had to remove the trojan; this trojan has gotten smarter and updated beyond your guide. If you try to start the windows xp home pc in safe mode (of any sort) it will make the kernel think there is a hardware error when there really isnt; I bleep you not
We had to remove the laptop's hard drive, dock it, and manually use another pc to search through the registry and remove the startup item. Its still executed the clever way you describe though, using rundll32 process to invoke it.
I just thought you might want to update the removal guide as no one will be able to run the hijackthis, as they can never get into any safe mode.
I told my customer whether they had antivirus or not, windows 7 would have prevented it from being this hard to remove even AFTER it had gotten on a windows 7 pc, as windows 7 wouldnt have allowed user interface interaction from another program (with UAC). meaning, when you tried to do ctrl break or opening the task manager, windows 7 would have made the task manager appear OVER top of the trojan's splash screen OR killed the executable that was running it, even with it being rundll32 invoking it.