First, a little background. I had a program called stopsign acceleration, which is an anti-virus/spyware program. And for almost a year I was very happy with it. I had it on regular scans and daily, very few, if any infections were ever found. Then, like the calm before the freakin' storm, I get absolutely bombarded with fake alerts, porn pop-ups, and many, many windows flooding my screen. Stopsign found many infections and required a reboot to rid the remainders. So I reboot and windows cannot load at all any more.

I took my computer to my friend and he found out that the stopsign program itself was the reason that my computer wouldn't load. We tried reinstalling windows and stopsign would automatically start scanning and cause the system to reboot early on during the windows reinstall. So we had to delete the program through dos-prompt and that solved the problem. What a nightmare that program caused!

Anyways, since then I've switched to spywaredoctor at the recommendation of my friend. But the problem is that my computer is still finding around 60 to 200 infections every day, and I still get some intrusive popups, especially if I dare to use IE. Now I've followed all the advice on in the tech support faq and I've tried everything that they recommend. So I go through the processes recommended and the result is usually a clean scan. But by the very next scan, there's something like 64 infections. The main threat is almost always Trojan.virtumonde. I am careful not to engage in high risk online activity, and I generally keep it limited to trusted sites that I visit semi-daily. What could be responsible for all these infections that seem to have mushroomed from out of nowhere?

Try these freeware products,

Malwarebytes antimalware www.malwarebytes.org
Superantispyware www.SUPERAntiSpyware.com
Avira antivirus www.avira.com

They should get the last remnants.

Virtumonde can be very annoying to remove as new variants are always created. Some security apps specialize in removing this type of infection. You can run the Malware detective tool in SD to send a log file to the team and they will be able to assist you with removing this.

c_edge

Malwarebyte's anti malware is good to remove virtumonde

reinstall operating system.

reinstall operating system.

No! Use Malwarebytes for Virtumonde. The free version will do the job.

If using the recommended tools do not get rid of it, you may have to clear your recycle bin and disable the System Restore and then run the tools again.

Do this only if your system is stable and bootable.

This is a stubborn malware and I have had to perform this procedure to finally get rid of it.

Make sure that you enable the System Restore when finished.

I recommend Malwarebytes antimalware. I agree with everyone that said to remove Virtumonde using Malwarebytes antimalware. The threat will be completely removed. This is a very hard threat to remove. sometimes it is invisible so you can't even remove it.

Hope it helps

While reading this post, my daily scan finished and flagged: Virtumonde!
First time in quite some years.
Great -gives me an opportunity to test cleaning and detection ability.
Clicked 'FIX' in PCTIS, and closed down Firefox. Ran C Cleaner to get rid of all crap and ran a new 'Full Scan' with PCTIS.
Again the same infection detected. Luckily I was following the scan progress, and noticed it was this time in the System Restore section.
Turned off System restore, restarted comp, put on system restore, uppdated my old friend and scan favourite for this kind of malware (SAS) and ran a complete scan = clean.
Did another scan with PCTIS = clean.
Now it is just to wait and see if gone, or resurfaces.
Where I got it from, have no idea, but I suspect an e-mail from my lawyer!
(Not the first time I've cleaned out his comp! We are kind of changing services).

You might want to try the Mebroot removal utility just as a precaution.

Another good utility to download and install is Comodo Memory Firewall. It works by using DEP to protect all program memory since a lot of malware install themselves by causing buffer overruns in unprotected memory.

In 'theory' the PCTIS should have the maximum of security with the minimum of conflict risk. I'm a bit disappointed it did not catch and remove the one in the system restore section at first scan, but that might be due to it was only an intelli scan and not a full scan. However Virtumonde being one of the most common infections, I still think it should have been taken care of the first time.
Time will tell if I got it and I'll keep You up dated.

Is it safe to turn off system restore if I'm experiencing some errors when booting? I'm not going to go into perfect detail, but I sometimes get a message that a 'win32' error occurred upon bootup and the OS needs to restart. Sometimes this happens twice in a row, but mostly just singly. More recently I got a message during start up that a corrupted system filed was restored (successfully). My issue is that if I turn off system restore, and there's an error that requires restoration, am I screwed? I'm not very computer savy. I can get around fine, but when it comes to fixing intenser issues, I am dependent upon others for help.

Malwarebytes didn't fix after two scans. The second scan took almost seven hours!!!! ;)

If your system is unstable and you rely on system restore to fix it, then I do not recommend turning off system restore.

If you are infected, then you will have to use several tools to really clean it.

Better yet, find a friend or associate with good anti-malware tools, mount your hard drive in that PC as a slave and run the scans on it.

I'm starting to lose my faith in spyware doctor. Increasingly the program crashes during the removal process. I read in the FAQ that it *may* crash due to it removing too many infections at once. But many times it's just one threat, and thus one set of infections to click, and it still freezes. Also, if it doesn't freeze, it asks for a reboot. I click, "reboot now" and then the computer doesn't reboot and I'm forced to do a manual shut down via the switch. Now I have no idea if the manual switch off cancels what spyware doctor was fixing to do during the normal reboot, which is impossible sometimes.

The freeware links provided earlier seem to be doing a much better job, albeit incomplete, as I still have problems. Superantispyware finds infections not found by spyware doctor, and when it asks for a reboot, it does not freeze my computer. And this is FREEWARE!

Keep in mind that you have a severly infected PC.

This is why I suggested turning off the system restore. But, know that this is a risk. In my personal experience fixing PCs, I use this technique a lot and have not been burned yet. You may have to do this if the stuff keeps coming back.

Also get a program like CCleaner or Cleanup! to remove all your temp files.

Going forward, you may have to scan multiple times with each tool. Some of the nasty malware actually try to mess with the cleanup tools.

I would try scanning with each of the tools in safe mode as well.

I'm starting to lose my faith in spyware doctor. Increasingly the program crashes during the removal process. I read in the FAQ that it *may* crash due to it removing too many infections at once. But many times it's just one threat, and thus one set of infections to click, and it still freezes. Also, if it doesn't freeze, it asks for a reboot. I click, "reboot now" and then the computer doesn't reboot and I'm forced to do a manual shut down via the switch. Now I have no idea if the manual switch off cancels what spyware doctor was fixing to do during the normal reboot, which is impossible sometimes.

The freeware links provided earlier seem to be doing a much better job, albeit incomplete, as I still have problems. Superantispyware finds infections not found by spyware doctor, and when it asks for a reboot, it does not freeze my computer. And this is FREEWARE!

I would also suggest you run a scan/fix in safemode.

How to Shutdown and Restart the Computer in Safe Mode with Networking:

1. Click on the Start button menu on your Task Bar
2. Select Shut Down from the menu (''Turn off Computer'' in XP). The 'Shut Down Windows' dialog box will appear.
3. Select Shut down (or, ''Turn Off'' in XP) and click the Yes (or OK) button
4. When the computer starts back up, begin immediately by pressing the F8 key repeatedly until the Windows Startup menu appears with various options
5. By using the up and down arrow keys on the keyboard, select 'Safe Mode with Networking' and not any other modes.
6. Login to your account (if asked)
7. Wait and eventually Windows will start in Safe Mode
8. Run Spyware Doctor - Perform a scan and fix

Note* Onguard / Intelli-Guard and Immunizer cannot be activated in Safe Mode.

Please remember to reboot your computer after you completed these instructions.

Note: If you have any difficult getting the Windows Startup menu to appear at step 6, try the following to get into Safe Mode:

Try holding down the left shift key instead of pressing the F8 key while booting up it. Begin immediately pressing the F5 key, about once a second, until the message 'Windows is bypassing your startup files' appears.

Let us know if it still freezes during safemode?

As an update to my above post:
No further indications of infections. FP or real, who knows. At least everything seems to work.

Thanks for the suggestions and it looks as though my options are still open. I have done many scans in safe mode, and you're right in that it doesn't freeze during a safe mode scan. However, the infections come back right away when I reboot in regular mode.

I have read that scanning in safe mode prevents the infections from reinstalling while running safe mode. My question is, if I remove infections while in safe mode, and then reboot in regular mode, what's stopping the infections from reloading in regular mode? I cannot perpetually use safe mode to prevent them from reinstalling. Do you follow my logic? Please help sort out my confusion on this issue.

In theory, if I load in safe mode AFTER the infections are removed, and then run another scan while in safe mode, there should be no infections left: system not connected to the internet, infections could not reinstall during safe mode, then the subsequent scan should be clean. But it never is.

Also, what's everyone's take on SmitFrautFix? It's a program that is supposed to remove a lot of malicious programs from your system while running in safe mode, and it kills all windows operations during the process. I've tried running the program first, and then a regular scan with another program. And it still won't do the job.

Running in safemode is just a test to see if SD does function properly without other processes and applications running.

Could you run the Malware Detective in SD? We want to analyze the log files to investigate this further. You will need a ticket number to run the MD tool. If you haven't submitted a ticket to Support before, send me your email address via PM and I will create one for you, otherwise you can use the ticket number if you already have one.

I would bet that if you stopped your System Restore, did the scans and started you System Restore, you would fix your problem.

The bad guys are hiding out here. Assuming that you used a good temp file cleaner as well.

Since you are able to consistently boot and re-boot, your risk is minimal.

I have used Smitfraud fix a couple of time with good results, a safe tool.

I believe that the reason that it won't do the job either is... you guessed it... System Restore.

I think that it is time for you to give that a go.

I would bet that if you stopped your System Restore, did the scans and started you System Restore, you would fix your problem.

The bad guys are hiding out here. Assuming that you used a good temp file cleaner as well.

Since you are able to consistently boot and re-boot, your risk is minimal.

I have used Smitfraud fix a couple of time with good results, a safe tool.

I believe that the reason that it won't do the job either is... you guessed it... System Restore.

I think that it is time for you to give that a go.

When you say "The bad guys are hiding out here," what exactly do you mean? Also, would it help anyone to say that all my current uncleanable infections are found in the registry files? I ran three scans in safe mode with SuperAntiSpyware and the first one turned up mostly registry infections and a few minor ones in the regular files. The minor ones were cleaned up easily, as usual. But in the registry was Vundo_Variant, which I'm assuming is a bad one since it would go away after three consecutive scans in safe mode. What was interesting was that right after I booted in regular mode, my desktop was changed to just a plain blue background. Why did this change? It's things like this that make me fearful of turning off system restore, since the malware seems to be screwing with my personal settings. but if you insist that it's the answer, then I'll be trying it soon. Thanks again.

Bad guys = malware. Finding the malware in the registry is not surprising as that is a part of the System Restore process. In many instances, malware regenerates itself from the Sysem Restore which is probably why yours keeps coming back.

I am not insisting that you turn off system restore, I am recommending it, as in my experience, this was the only way that I cold clean up some deep rooted malware.

The blue background change was probably due to one of the anti-malware programs removing a potentially bad wallpaper or due to the malware itself.

If you have an image backup proram, make an image to an external USB hard drive before you turn off the System Restore. Then you can always restore the image (malware and all) if needed.

I turned off system restore and I ran several scans in safe mode. One with PCtools, one with Malwarebytes, and one with Superspyware scanner. I'm still infected. PCtools reports one virtue_mounde, Malwarebytes reported ten infections with Trojan BHO (?) being unable to remove, and Superspyware scanner found three infections with Vundo_Variant. Are these all different infections or do different programs recognize them by different names?

When you say "The bad guys are hiding out here," what exactly do you mean? Also, would it help anyone to say that all my current uncleanable infections are found in the registry files? I ran three scans in safe mode with SuperAntiSpyware and the first one turned up mostly registry infections and a few minor ones in the regular files. The minor ones were cleaned up easily, as usual. But in the registry was Vundo_Variant, which I'm assuming is a bad one since it would go away after three consecutive scans in safe mode. What was interesting was that right after I booted in regular mode, my desktop was changed to just a plain blue background. Why did this change? It's things like this that make me fearful of turning off system restore, since the malware seems to be screwing with my personal settings. but if you insist that it's the answer, then I'll be trying it soon. Thanks again.

Could you please run the Malware detective tool in Spyware Doctor? as this will help us to assist you further. See my above post.

This works if one is lucky enough to have another uninfected computer:

Take your heavily infected computer's hard drive out and mount it in an external USB case. Plug it into your good computer. DO NOT open "My Computer" at all. Use the Systray USB icon to determine which drive letter was assigned to your external infected drive. Or you can run compmgmt.msc and open Disk Management to view the drive letter assignment.

That drive is in a "passive state" in that it wasn't used to boot or launch anything; everything on there is merely just a file and no processes are hooked to associated with it. You can now run against its drive letter your library of anti-malware apps which you, of course, have installed on that computer.

It is imperative, tho, you never open or explore My Computer while the "bad" drive is plugged in or worse, open or explore the drive itself.

Once the drive has been cleaned of bad guys, this would be a great time to run a scandisk and a defrag. :)

Don't forget to use the USB "safely remove" function to unplug the now fixed "bad drive."

Cheers!

I tend to find for more stubborn infections of virtumonde bartpe is very good.
First of remove any old versions of Java as this once source of infection.
Turn off system restore.
Run spyware doctor in safe mode.
Let it clean up then reboot in safe mode and scan again
If it still infected look in the log and right down the registry entries and fiel locations.
Now it's the time for bartpe and a plugin registry editor.
Boot off bartpe and delete files via bart
Load up the registry entry and remove the registry entries.
Reboot in safe mode and run spydoctor again and it'll probably find a few previously hidden files let it clean and that hopefully will be that after another scan in normal mode.

This works if one is lucky enough to have another uninfected computer:

Take your heavily infected computer's hard drive out and mount it in an external USB case. Plug it into your good computer. DO NOT open "My Computer" at all. Use the Systray USB icon to determine which drive letter was assigned to your external infected drive. Or you can run compmgmt.msc and open Disk Management to view the drive letter assignment.

That drive is in a "passive state" in that it wasn't used to boot or launch anything; everything on there is merely just a file and no processes are hooked to associated with it. You can now run against its drive letter your library of anti-malware apps which you, of course, have installed on that computer.

It is imperative, tho, you never open or explore My Computer while the "bad" drive is plugged in or worse, open or explore the drive itself.

Once the drive has been cleaned of bad guys, this would be a great time to run a scandisk and a defrag. :)

Don't forget to use the USB "safely remove" function to unplug the now fixed "bad drive."

Cheers!

Not a bad method but the registry won't be scanned and if that has the master file as such which isn't detected you'll be re-infected once again.
Very good method if the pc is so badly infected it won't run properly.