This is a nasty little bugger. I just found out about this particular rootkit through a forum and website I frequent. In my previous entries before my site went down I believe I wrote about removing some spyware and then having the machine blue screen everytime I tried to boot into normal mode. I was able to get into safe mode, no problems. After a while I realized that there was always a correalation of removing a particular folder with a random generated name and then having the machine blue screen.
Sure enough, I came across another machine who was infected by this rootkit. For some odd reason I was able to get rid of it just by removing the files piece by piece. However, I guess I haven’t been removing the entire thing as there have been registry entries naked to the eye unless you’re in safe mode. The ONLY way to see the files or registry entries is through safe mode. The fix for this was made by someone at the Spyware Info Forums and you can go there if you need help with this fix. I’m unable to host the file as the owner would like to make sure it’s only being hosted by legit sources. I do want to say that this rootkit is harmful and is very annoying. The good news is that this removal tool that was created pretty much gets rid of all traces of the rootkit.