I wanted to discuss this particular one because in some cases it is not completely removable. A few things I noticed running tests on a seperate system (xp sp3 32 bit) wich some might or might not know. - Process appears in task manager and shouts out to you "I am not healthy" (figuratively). - Can still kill explorer and internet explorer processes (so far in early stages). - Appears to use IE (doesn't matter the version) to get instructions. Regularily pins cpu usage when connected to internet. - The sooner you disconnect internet the better. - Does not seem to degrade system seriously if infected when there is no internet connection. Still cannot use AV and such but easy to get tdss killer to remove. - Kills all AV's / Anit-Malware programs very quickly reguardless of internet connection. - TDSS killer works great especially if found in early stages. - Gmer can find it but not clean. Will not be disabled either. - Windows firewall pops up wanting you to unblock IE. Will not give you any info or details. - If Malware Bytes is in the process of running a scan during infection it will not kill it immediately. Initiating scans after infection trigger the rootkit to disable. I am still going through testing and need to add more variables and time to the equation. As far as real world sightings and exp. I haven't seen it much and is usually associated with naughty vids, cracking, and keygens etc. I had a hard time finding a real infection source. Alot of sites with that particular rootkit have been taken down quickly but there are sites that have also been up for months which still have it. I hope ppl can add to this with their own exp. / brainpower. Thx in advance.