I have been trying all day to clean this out of my system. I have no problem purchasing your program, but after spending much $$$ on technical support all day, I have a few questions about it. At this point I am only able to use Safe Mode, and the Windows installer does not work anymore. I have deleted FU*.exe directdll.sys Fu Root out of my regestry and have run Adaware & Mcafee, they claim to have removed the virus, but alas, when I reboot to get out of safe mode, the file directdll.sys is back. Mcafee notifies me that it detected a virus and locks up the system. (Back to safe mode). I understand I need to update my windows with the security patches, but I don't know which patch to download/copy to cd/copy to infected system. Can your program help me, and can it help me without installing through windows. PLEASE! I have payroll on monday! Bricklayers are not fun when they don't get paid. Sorry for long post. Thanks. Tam

If your running XP make sure System Restore is turned off and try deleting the re-occuring DLL in safe mode logged in as administrator ... Secondly you may also choose "Last known good configuration" at the same screen that you enter safe mode from.

If your not using XP then maybe someone else here can help you.

I forgot to add earlier that Windows Installer runs as a service and may have gotten turned off by this rootkit ... also i have had mine set to manual and had it not initiate for whatever reason many times. You can select the service and manually start it.

If Windows is damaged beyond repair you may be better served $$$ wise to look into data recovery tools if you have no backups previously created.

Hi Mephisto, TDS3 should bre run in safe mode with all of the scan options enabled, this is an in depth scan and will take time to complete. Any Trojan found in the lower console should be deleted.
If you know the name of the .dll file you can use DelLater to remove it. http://www.diamondcs.com.au/index.php?page=products
To find other parts try running UnHackMe from here: http://greatis.com/unhackme/ if TDS3 does not find it.Rootkits are the most dangerous threats around ATM and I would advise you to install ProcessGuard which will stop rootkits from installing their service and stop .dll injection into other processes.
Running the trial version of ProcessGuard may enable you to get back control of your system and nail any rootkit before it loads it's service or at least enable you to track the process.

HTH Pilli