Well over the holiday weekend I managed to pick up a nasty variant of Vundo.H and Trojan.Fake.Alert which dont want to leave my system be. I have tried using Pc Tool's spyware doctor in conjunction with Malware-bytes spybotSD and Ad-Aware. All programs seem to think they can remove the infection but it quickly reapears even if disconnected from the internet physically. The visible symptoms seem to be limited to opening popups in internet explorer whether it is being used or not. The infection seems to build up if allowed to sit online at one point I had over 37 infections of Vundo detected by malware bytes but it was able to beat it back to 3 infections that wont clean even with MB's reboot. Once cleaned to these 3 remaining infections spywareDoc typically wont see anything on the computer but when fully infected will display 3 instances of virtumonde/vundo and 5 trojan.Fake.Alert detected. Also VundoFix could not detect any instances of vundo at anytime. I am at work right now but if anyone can help me I will happily make and post some fresh Hijackthis and MB logs when I get home tonight.

Print out the Malwarebytes report so you know which files (.dlls, most likely) are infected. Then boot from a utility CD such as "ultimate boot CD" to manually delete those files. This is a terribly persistent malware - I couldn't delete it even in any flavor of safe mode. You have to find some way to boot and get at those files without "activating" anything on your hard disk. Because I was working on a server (with a RAID), Ultimate Boot CD crashed and I had to purchase Active@Boot CD, which worked well. After deleting the bad files and rebooting, I ran Anti-Malware again to clean up the remaining traces.

Hi, here in Italy are the 11 in the evening ... :) download to your desktop http://www.suspectfile.com/systemscan open it and make sure that all options are checked, click on "Scan Now" at the end of the scan will be released (always on your desktop inside the folder suspectfile) two files. Go to office http://www.freefilehosting.net the zip file and write in your next reply URL where I can get it. [b] Remember the scan with no connection with the antivirus disabled unless then resume scanning finished. [/ b] [i] NB the duration of the scan may be long, it might even seem that the program is not working, do not worry is not so;) [color = red] SystemScan is recognized, [u] mistake [/ u], by some antivirus as infected. [/ color] [/ i] -- Ciao, Marco

I can sympathize. I went through two days of hell and tried everything imaginable...but I did eventually defeat this Vundo Variant, which I believe is fairly new. It took me five steps to finally eradicate the Trojan: 1. Run HJT and you will likely find a false BHO entry created by the virus; it must be removed. 2. Run an updated version of SuperAntiSpyware. TODAY's update seems to get at the root of this Trojan. 3. Run combofix.exe. I believe it was this last step that really finished off the Trojan and deleted all of the false Windows system files it spawned. 4. Turn off Restore before you reboot; 5. Reboot into safe mode each time Good luck with this.

Well I would like to say I appreciate the response from multiple people. I Went through my options and started with the one offered by Resolute since I have all the required programs already setup. So far it seems good it took multiple runs of HJT, SAS and CF to eliminate what seems to be all traces of Vundo.H and Fake.Alert. Im reconnecting the net right now and seeing how it does. Also it seems in combofix doing its magic it has left traces that PC Tools Spyware Doctor picks up as a low threat, I dont mind the changes at all but is there anyway to clean it up so Spyware doc doesnt think im infected? It's detected as info & PUA's and is labeled application.nircmnd there is 26 instances and all of them point to combo fix changes to my registry.Once again I dont mind this at all I just dont want hav to see 26 infections as norm in my pc doc. Once again thank you all for the help even if I have more work to do it is appreciated!