I ran across 2 rootkits this week that hid inside of Mouse.drv (in Windows\System32). Both PC’s had CPU’s pegged to 100% from 2 processes running at 50% each. The processes were svchost.exe and services.exe.
I tried to run GMER and Combofix in safemode, but neither would finish their scans. Eventually I had to use my UBCD and Avira found 1 infection…mouse.drv. I deleted mouse.drv and copied another from the Windows XP disc.
I have no idea what this rootkit did (except to piss me off), I suppose I’ll try and find another and upload it to virustotal.com