Hi all,

Just found a rootkit that Spybot was unable to find. Ended up having to use SysInternals RootKit Revealer and boot into BartPE to remove it.

Attached is the files and the RootKitReveal log that shows which reg keys it generates.

Hope thats all thats needed to get it into the detection lists

Sorry, forgot to mention what it actually does.

Blocks WindowsUpdate website
Blocks most security vendor websites
Link redirections

Hello r4z3r,

Infected Files. How To Submit. Please do not attach or link them here. (http://forums.spybot.info/showthread.php?t=1699)


Please zip or rar the file/s and send them to:

detections(AT)spybot.info (Replace AT with @)

Put a password like 'infected' on the archive to avoid it being filtered by automatic scanners.

That is the preferred method for our detectives attention. Please do not attach to a topic.

Thank you. :)

FYI, an anti virus program will detect. Win32/Agent.ODG trojan-deleted.

Best regards.