this is for the variant I found on a 'desktop' PC that protects its file and restarts itself 'upon process execution' is allows control panel to run..and 'services',this protection is very 'funny':rename a random exe on your desktop to the name of the 'protected' 'file' and then open it with 'olly' and then 'attach to the real malware'.. this may only work because of a theoretical bug in the 'rootkit that comes along with..The bug is aptly seen if you 'can' look.

from this location further analysis can be done.. I will send a copy as soon as I find that damn thumb drive..

This thing is brutal and very 'self' protective in a rootkit like fashion...it hides module names 'in memory' and 'files' on disc, and uses 'filters' with self defense being a key 'note'..I am going to try to 'find' the rootkit but, I doubt I will be able to..(I want to get closer to it, then just 'guessing' a bug in logic. 0: ) and want to see if I can..A accurate 'undamaged' sample 'follows' this damaged one.. "PLEASE never 'be' careful"

MALWARE

I messed with the entry point a little bit 0: but you can fix iT!!

I changed a push -1 to push ebp at the top..

Password: MALWARE

So This little nuisance died after me initially cracking it..I was not able to attain the rootkit as I don't have time to analyze things when I'm just 'paid to fix it'.. but I got a name.. klmd.sys( loadable kernel module ) I 'felt' it was a incarnation similar to the linux idea, and maybe coincidentally similar to the idea 'code' for Ki.exe( By indy ), but it was simply TDSS..darn I was hoping for something a little more fun to play with..