From FPROT....is this you?
http://www.f-secure.com/weblog/archives/00001510.html
Mebroot is the most advanced and stealthiest malware seen so far
It operates at the lowest level of the Windows operating system
Mebroot writes its startup code to the first physical sector on the hard drive
When an infected machine is started, Mebroot loads first and survives through the Windows boot
Mebroot hides all changes made to the infected system
It heavily uses undocumented features of Windows
It creates a complex network communication system, involving pseudo random domain names
Large parts of the code is highly obfuscated
Mebroot uses a very complex installation mechanism, trying to bypass security products and to make automatic analysis harder
All botnet communication is encrypted with advanced encryption mechanism
The malware has apparently gone through extensive quality assurance. It never seems to crash the systems it infects, even though it runs at the kernel level
The Mebroot gang has so far registered around 1000 com/net/biz domain names for their communication needs
The botnet backdoor functionality is very powerful, even allowing the upload and execution of arbitrary kernel-mode modules
As a payload, Mebroot attacks over 100 European online banks, trying to steal money as users do their online banking on infected machines