Mark Russinovich has posted another step-by-step case of determining the root cause of a malware attack. This particular piece of malware went so far as to attempt to block sysinternal applications from opening. I find the steps taken to solve these types of problems very interesting and informative. It is much like a puzzle game in trying to rid the system of the malware. Here is the link: The Case of the Sysinternals-Blocking Malware.

Mark Russinovich posted an excellent step-by-step article on how a Microsoft Support Engineer tracked down a rather nasty autostart malware program that was causing networked printers to spew out garbage printings. A combination of several very useful Sysinternals tools were used to track down the bug including: Process Explorer, Listdlls, Autoruns, Process Monitor (to log boot activity), Sigcheck and Strings. In the final step to fix the problem, he used the Windows Preinstallation Environment in order to replace dlls that would otherwised by locked if logged into Windows.

Definitely worth a read. The article is: The Case of the Malicious Autostart