Safe mode w/command prompt doesn't work. I've messed around with the permissions a bit--no soap there, either.
Since it's an NTFS system with RAID, I can't boot from Knoppix. Is there a safe way to boot to raw DOS in this system, without messing up the RAID and NTFS? Would you recommend--should I even worry about this? No other part of the infection was on that drive. It's quite possible that I have just bollocksed up the info2 file and that's why I can't empty the directory ...
A final question--do rootkits like fu rootkit commonly make use of alternate data streams, cloaked registry entries or any of this other freakish-sounding stuff that I have not detected? The registry is clean, TDS-3 is now clean, etc.
Basically, how paranoid should I be?
Thanks in advance (very much!) for your thoughts,