1. Any realtime capability in the anti virus is switched off, so as to allow the rootkit to be installed.

2. The rootkit is allowed to install. Installation is verified by using generic cross viewers, and change detectors running from a clean boot.

3. The On-Demand scanner is told to scan, and if it finds anything, to clean the system. Cleaning is verified by again checking with generic cross viewers and change-detectors running from a clean boot.

4. This process is repeated each month for between 10 and 20 samples for the current month.

5. Pass is 90% detection, and 90% effective cleaning.

6. Current OS platform is Windows XP Pro.