Inanis.net

So, I was bailing out two of my technicians, because a computer they both worked on came back for Blue Screen Of Death and Firefox crashing issues. (To their credit, the suggestions I gave them based on the information they gave me didn’t help them fix it. P) After some digging, and a very lucky crash while trying to convert the filesystem from FAT32 to NTFS, I found out it was a rootkit infection! So, if your Windows 2K/XP/2003 machine is giving a STOP 0×0000008e on boot,.reboot, or during lots of filesystem access -or- STOP 0×00000044 while surfing the net, especially in Firefox, -or- you get a STOP error message with the module lzx32.sys, you probably have a Backdoor.Rustock.B infection. Quick Fix: Boot your machine to a Recovery Console using your Windows Install CD, type DISABLE pe386 (this disables the rootkit), eject CD, Boot into normal mode, and run rustbfix.exe. Thanks to Symantec and the guy who made the rootkit killer.

Found a cool article here and here that talks about hacking the boot.ini file in XP/Srv2003 to completely shut off Data Execution Prevention. Useful if the machine is infected with some sort of baddie and the friggin shell won’t load because Explorer has had code injected and it keeps crashing and you want to pull your flippin hair out… Disable Data Execution Prevention (DEP) completely

1. Click Start, and then click Control Panel.
2. Under Pick a category, click Performance and Maintenance.
3. Under or Pick a Control Panel icon, click System.
4. Click the Advanced tab, and in the Startup and Recovery area, click Settings.
5. In the SystemStartup area, click Edit.
6. In Notepad, click Edit and then click Find.
7. In the Find what field, type /noexecute and then click Find Next.
8. In the Find dialog box click Cancel.
9. Replace the policy_level (for example, "OptIn" default) with "AlwaysOff" (without the quotes). WARNING: Be sure to enter the text carefully. Your boot.ini file switch should now read: /noexecute=AlwaysOff
10. In Notepad, click File and then click Save.
11. Click OK to close Startup and Recovery.
12. Click OK to close System Properties and then restart your computer.

This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. Verifying DEP is Disabled

1. Click Start, and then click Control Panel.
2. Under Pick a category, click Performance and Maintenance.
3. Under or Pick a Control Panel icon, click System.
4. Click the Advanced tab.
5. In the Performance area, click Settings and then click Data Execution Prevention.
6. Verify that the DEP settings are unavailable and then click OK to close Performance Settings.
7. Click OK to close System Properties then close Performance and Maintenance.