AntispywareXP 2009 malware body with a rootkit heart that is masking under an old signature... very tricky ?

Rootkit revealer showed that AntispywareXP 2009 has a TDSserv rootkit in it... No AV software is going to clean a rootkit. I'm still in the middle of attacking the rootkit.. but if you are not familiar with cleaning rootkits.. give up and wipe your system... this thing is creating havoc.. it's protecting itself in every way possible and has peppered windows full of holes... pinging MS hits my loopback, cant install anything... I have already ran subinacl.msi and corrected permission, (registry is hosed), etc. etc... Anyone having any sucess in salvaging a infected system?AntispywareXP 2009 malware body with a rootkit heart that is masking under an old signature... very tricky ?
http://www.pcthreat.com/AntispywareXP 2009 malware body with a rootkit heart that is masking under an old signature... very tricky ?
AntispywareXP 2009 is a rogue anti-spyware program that displays false security messages to lure the user into purchasing the AntispywareXP 2009 full commercial version.AntispywareXP 2009 was designed by Russian hackers. Once you are tricked into clicking AntispywareXP 2009 deceptive ads, you鈥檙e taken to a purchase page where you are prompted to download the AntispywareXP 2009 software. AntispywareXP 2009 may hijack your browser, display fake security warnings, and it comes bundled with other spyware. It is recommended to remove AntispywareXP 2009 from your computer.


---------


try manual removal guide
two things that could remove it malware bytes in safe mode or avast with a boot sector scan before windows load





Malwarebytes Anti Malware http://www.download.com/Malwarebytes-Ant鈥?/a> FREE EDITION





Avast Home Edition http://avast.com/eng/download-avast-home鈥?/a> Free Edition
Try To Use This Download and Scan Use Malwarebytes http://www.download.com/Malwarebytes-Ant鈥?/a>





Download and Scan Use SuperAntispyware http://www.superantispyware.com/
If you know what file(s) the rootkit code is residing in try this:





Remove the hard drive from the computer.





Connect the hard drive to a USB adapter and then plug the adapter into another computer.





Once the second computer boots up you can delete those files from the USB hard drive from the command line, or change their names, since the files cannot load.





I did this with my father's computer when it got infested with some spyware - at that time Spybot identified the registry entries but could not remove them. Spybot only listed one suspicious files. Since my father knew exactly what day the problems started, I looked for files in the file listings after that day and found four and wrote down the filenames and directories. Then I renamed the files (to make them inaccessible).





-OR- use the second computer's anti-virus / anti-spyware / anti-malware software to delete the files. But I have never tried this, and I would not want the registry on the problem hard drive messed with.





This will not remove the registry entries, but I suspect the files were 'protecting' each other and their registry entries and the registry entries were protecting the files. Removing the files with another computer means the registry entries cannot be protected anymore (unless there is a file or two that you haven't found yet) and when you put the hard drive back into its original computer and reboot you might have a chance at cleaning the registry of the entries that protected those files.





Good luck!





Another way - connect the problem hard drive as a slave drive in another computer, and be absolutely sure when the other computer boots up that computer boots from its original drive. Then look for the suspicious files.





Or, for those who use Linux, boot with a Linux disk, and commence working on the suspicious files.