Removing rootkits

Since December 2010, WoW users have been crashing to a rootkit family which appear to be associated with fake antiviruses.

However, this rootkit usually also hides a trojan (keylogger) which Warden detects, and then the rootkit shuts down Warden, crashing wow.

Known Crash addresses
Note that all these crash addresses, the instruction matches the referenced memory.

Could not "execute"
0x00000000

0x00000001

0x00000002

0x00200202

Could not "read"
0x00000001

0x00000063 - This version requires method 2 for proper removal.

0x00000246

0x00000397

Method 1

 * 1) Run Rkill.
 * 2) If the .exe version doesn't run (or BSOD's the system), run the .com version.  This program needs to run, so if need be, keep attempting to launch this program until a DOS command screen pops up, and tells you its running.
 * 3) This program will temporarily shut down malware - long enough to run programs to remove the rootkit.
 * 4) Download Combofix.
 * 5) Rename Combofix.exe to Kittysnack.exe
 * 6) Run Kittysnack.exe
 * 7) Just a warning: Combofix will cut your internet, then restart your system if it finds anything.
 * 8) The log should show "Kitty had a snack :p" if it removed the rootkit.
 * 9) Rename Kittysnack.exe to Combofix.exe
 * 10) Go to Start->Run and type Combofix /u to uninstall Combofix
 * 11) Download, install and fully update Malwarebytes.  Do a full scan.  Allow it to fix ANYTHING it finds.

Method 2
While the above removal instructions work for most variants of the rootkit we've been seeing, it doesn't fully remove the latest variants.
 * 1) Run Rkill.
 * 2) If the .exe version doesn't run (or BSOD's the system), run the .com version.  This program needs to run, so if need be, keep attempting to launch this program until a DOS command screen pops up, and tells you its running.
 * 3) This program will temporarily shut down malware - long enough to run programs to remove the rootkit.
 * 4) Immediately afterwards, run FixTDSS.  This will restart your system to run properly.
 * 5) Download, install and fully update Malwarebytes.  Do a full scan.  Allow it to fix ANYTHING it finds.

If FixTDSS doesn't work, try [TDSSKiller] in place of FixTDSS.

If you're still crashing after doing one of the methods, do the other method's instructions as well.