WARNING: New Rootkit?

I was troubleshooting a client's computer and came across a strange
problem. The shares I had setup on their server were randomly
dropping. To say the least, I was quite confused. I rebooted the
server and a Security Warning appeared prompting me if I wanted to run
svchos32.exe. At this point, I suspected some sort of virus infection.
According to the security warning, this file was located in the
C:\Windows\System32 folder. I made sure not to hide hidden files,
inspected the directory in question and could not find anything. At
this point, I began thinking perhaps this could be a rootkit. I went
to the Sysinternals website and downloaded both autoruns and rootkit
reavealer. After performing a search from the autoruns program, I
determined that the file in question was trying to start from an entry
in the registry. The entry had a description of "Microsoft Box."
After disabling this file from starting, I have not experienced any
more problems. I am currently running rootkit revealer and will post
my results if anything of interest appears.

"Todd H." <comphelp.DeleteThis@toddh.net> wrote in message news:84d5f2effa.fsf@ripco.com...

> But if you've been owned enough to have a full rootkit installed on a
> given machine, you'd be completely nuts to trust any tool to remove a
> rootkit.

In this instance, a rootkit could be a single program - and easily removed

> You'd want to reformat and reinstall from original media.

Rootkits ain't what they used to be. It could be as simple as a filter driver
that hides the presence of one directory from the system's utilities by filtering
data returned from the file system before the utility gets it.

....it used to mean you were completely hosed by the presence of multiple
trojaned executable files