Hey Joe. Is PrevX able to detect (not the dropper but the rootkit!) AND to clean this rootkit? I am working as a Malware Removal Assistance for a german AntiMalware Board. We saw several infections over the last month with this brand new rootkit variant. This variant has backdoor and elaborated rootkit functionallity and is very dangerous. The important thing is that it will always send a valid file or checksumm if you try to upload or copy it! The rootkit is called TDL3 and is described here: http://www.rootkit.com/newsread.php?newsid=979 You can use Combofix with installed recovery console to fix this infection but i would advice you to fix it manually cause CF can cause heavy damage to the system if anything goes wrong with restoring the system files via the recovery console. Other AntiVirus vendors are helpless in cleaning because they need the original windows files to replace the infected drivers. I think it should be possible for PrevX to provide the cleaning modul with the original files cause you could grap them from your server. Am i right or terrible wrong?