Hello, I have obtained the virtumundo malware ect. In attempting to follow your instructions, I run into a problem. First a bit of background. After obtaining this, I ran a scan with NOD32 antivirus and was deleting various .exe files it was red flagging and prompting me about. A log: Scan performed at: 5/24/2007 13:22:17 PM Scanning Log NOD32 version 2277 (20070518) NT Command line: c:\windows\system32\drvlal.dll c:\program files\ipwindows\ipwins.exe C:\WINDOWS\system32\drvlal.dll Date: 24.5.2007 Time: 13:22:18 Anti-Stealth technology is enabled. Scanned disks, folders and files: c:\windows\system32\drvlal.dll; c:\program files\ipwindows\ipwins.exe c:\windows\system32\drvlal.dll - a variant of Win32/Agent.QT trojan c:\program files\ipwindows\ipwins.exe - Win32/Adware.Toolbar.888Bar application - deleted Number of scanned files: 2 Number of threats found: 2 Number of files cleaned: 2 Time of completion: 13:22:44 Total scanning time: 26 sec (00:00:26) Notes:  File is being used (open or running). System restart is required for the cleaning to complete. So I reboot, and then this occurs every time I try to complete the scan/cleaning: Time Module Object Name Threat Action User Information 5/24/2007 17:26:13 PM AMON file C:\WINDOWS\system32\ntio256.sys Win32/Rootkit.Agent.CF trojan NT AUTHORITY\SYSTEM Event occurred when attempting to access the file. Exasperated by several reboots when I attempted to get rid of this, I google searched drvlal.dll thinking it was a system file that I needed to get a clean copy of and put back into the system32 folder, which if you were to do this is the only website that comes up. After looking around, I was attempting to follow your instructions and run the online scan when I ran into the same NT AUTHORITY\SYSTEM forced reboot. It seems any time I get near this thing it forces a reboot. Any advice on how to proceed is greatly appreciated.