Please download Malwarebytes' Anti-Malware to your desktop. Click here
Double Click mbam-setup.exe to install the application.
 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Full Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Run malwarebytes again, post a log

I think spybot is finding a left over registry entry, next time you run malwarebytes disable all your security, if Teatimer is running disable it, if you are using Adware SE, uninstall it, if the computers stable flush all the system restore points by turning system restore off reboot turn system restore back on and create a restore point,

Run the cleaner below:

Download ATF Cleaner by Atribune to your Desktop.

Note: Vista users must use Run As Administrator
 Under Main: Select Files to Delete choose: Select All.
 Click the Empty Selected button.
 If you use Firefox browser click Firefox at the top and choose: Select All
 Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
 If you use Opera browser click Opera at the top and choose: Select All
 Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
 Click Exit on the Main menu to close the program.

Run spybot again.

Post the log from spybot if it cont. to find Virtumonde.sci

I was running McAfee Security Suite at the time my PC began having numerous popups. AdAware and Spybot detected nothing.
I purchased Webroot Spysweeper which detected Virtumonde (and other trojans)and quarantined them. Problem solved. Have since dumped McAfee and changed over to Webroot Internet Security Essentials (which includes Spysweeper).

****Malwarebytes should have no problem removing Virtumonde, that's whats kind of strange and that's why I think it's a left over registry entry, or one of the programs (Spyware) is putting the entry back in the registry on reboot,

AdAware SE is noted for this it takes a snap shot of the registry and places them back on reboot that's why I asked user to uninstall it if they have it.

Before we download yet more software we need to see the spybot log to to see where spybot is finding Virtumonde.

It's sort of like this problem in the link below,

Here is a link that might be useful: keep-finding-adware

I reran Malwarebytes (the 3rd run) as instructed. It reported "The scan completed successfully. No malicious items were detected."

I have a copy of the happy details which I can post here if you still want to see them.

I rescanned with Spybot and this time it gave me the bright green all-okay check mark and made no mention of virtumonde.sci.

I retried the TrendMicro Housecall and it made its way through all the C and D files and I think through the grayware/spyware category when it came to a halt and the dreaded box appeared saying "An error occurred while trying to transfer data from the Internet. Do you want Trend Micro Housecall to try resendingÂ". I did retry several times but the box reappeared repeatedly. At the time, the progress tab on the left showed the program was "updating security check information".

Trying to learn what I could, I clicked on the results tab and it showed ADWARE_MEMWATCHER (98 infections) but the program and computer were frozen there and I could only close the browser.

I did have AdAware installed on my computer but uninstalled it in July 2008. I uninstalled using the Add/Remove feature, I uninstalled because of a thread in this forum related to compatibility issues between Spybot and AdAware.

Anyway, I digress, but IÂm relating these events in the order they appeared.

I came back to this forum to report and saw additional instructions about disabling TeaTimer, etc. In trying to find out how to do so, I was in Spybot and clicked on the recovery tab. There I found a backup for virtumonde.sci.

The system wouldnÂt allow copy and paste of what it was saving in backup so I copied it manually (and hopefully without error).

Browser helper object
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(AAAE832A-5FFF-4661-9C8F-369692D1DCB9)

The above was listed 4 times for

1/4/09 9:57:00 AM
1/30/09 10:33:44 PM
1/31/09 5:07:20 PM
1/31/09 7:14:07 PM

The following was also listed once:

Class ID
HKEY_CLASSES_ROOT\CLSID\(AAAE832A-5FFF-4661-9C8F-369692D1DCB9)
1/4/09 9:57:01 AM

Should I still run the ATF Cleaner?

Thanks so much for your help - June

"Should I still run the ATF Cleaner"?

I would..