

The thing is that once the protections are turned back on those drivers are not supposed to load or I've been told? Turns off protections and infects the system. This doesn't make sense to me though how this infection is able to retain kernel mode access? I know that it goes to the MBR and from there So I have been asking about digital signatures which I know you didn't used to have for 32 bit windows. I removed the hidden partition with a bootable CD and it was reformat time with a windows 7 CD. The MBR and created a hidden hard drive etc. I told her that it was probably best to just reformat because after reading about this infection it infects So one of the things that I do for a living is remove malware and recently I came across a clients PC that was infected with TDL4. So I don't know if this is the right place to ask this but you guys here seems very smart and I know just a titch about drivers and the kernel as I have "JUST STARTED" writing drivers myself and you guys have been very helpful.
