'mal' = 'bad'

There's a reason they call it 'malware'. I'm still at work, and likely to be here for a while yet. A user machine got infected with a nasty bit of malware [a few 'easy' ones to clean, and an evil variant of the CoolWebSearch beast, if that means anything to you]. None of the usual suspects worked...this thing is *evil*, and survives reboots and safe mode, and kills off any processes that might harm it [like most of the normally useful antimalware apps]. And not just the apps themselves...it killed Windows Explorer windows that I was simply using to browse to the program directory, along with web browser windows that were trying to load some common online scanning tools.

I think I've got it, though [she says, taunting the silicon gods]. Some sleuthing tracked down a couple DLLs that weren't right; more detective work in the registry led me to some keys that shouldn't be there. Delete those, then boot with an NTFS boot CD to access the drive from a command prompt, delete the DLLs and a few suspicious directories. Reboot into safe mode, and now I was able to run some of the anti-malware tools [finally!]. Used them to clean up a few more traces, then fully patch the OS, quickly install an anti-malware app to complement the antivirus software.

Now I'm doing the final cleanup [resetting System Restore, hiding system files again, deleting temp files, defragging]. Once that's all done, I lock the machine up for safety and head on home.

Here's hoping the beastie stays dead...