The website in this malicious iframe led to the download of a BREDOLAB variant detected as TROJ_BREDOLAB.BY (by Trend Micro). This malware family is well-known for being a downloader of other malware onto affected systems, particularly ZBOT and FAKEAV variants.

BREDOLAB first gained prominence in late 2009 when the number of reported infections significantly grew. Upon investigation by senior advanced threats researcher David Sancho, it was found that BREDOLAB was a new malware family similar to earlier PUSHDO variants.

Later investigations by senior advanced threats researcher Loucif Kharouni established the key role BREDOLAB plays in the criminal underworld. As mentioned earlier, cybercriminals running pay-per-install (PPI) scams frequently use BREDOLAB to infect user systems.

Botnet Model

Lenovo has acknowledged the incident on its official forum and has indicated that the affected pages have now been cleaned. Reports from Vietnamese antivirus vendor Bkis indicated that the pages have been infected since at least Sunday afternoon. Some users also reported getting antivirus warnings while visiting Lenovo’s download website since Saturday.

Users who did go to the Lenovo pages to download support materials from late on June 18 (Friday) to June 21 (Monday) may have been affected by this compromise and should check their systems accordingly.

This further proves the point that you should always have an antivirus program running on your computer at all times (and make sure its updated as well!). Even websites that you think are safe can fall victim to these types of attacks leaving everyone at risk. So be safe out there… cause the internet is one crazy place!

Unlike its predecessors, however, this sample uses the file name AV.exe. If users are not into computers, they may think this is a valid antivirus application. It uses registry shell spawning as autostart technique, which means the malware is executed every time a user runs files that have the .EXE file name extension. It also uses any of the following application names:

• %1 Antispyware 2010
• Antivirus %1 2010
• %1 Guardian 2010
• %1 Guardian
• %1 Defender 2010
• %1 Antivirus
• %1 Antivirus 2010
• %1 Antivirus Pro
• %1 Antivirus Pro 2010
• %1 Internet Security
• %1 Internet Security 2010

Note that %1 refers to the OS installed on the affected machine. This makes the malware flexible in that it is able to take advantage of the features of an infected user’s OS.

Whenever an infected user attempts to access the Internet via Internet Explorer (IE) or Firefox, this malware displays warning messages saying these browsers are malicious. (Internet Explorer on the left and Firefox on the right)

This may cause the user to panic since these are two of the most commonly used browsers. Users who are tricked into purchasing the bogus product are redirected to multiple rogue antivirus domains.

This list ensures that the malware can access other domains even if some have already been taken down. Lastly, this malware does not allow users to execute files from security companies, which prevents the affected user from scanning the affected computer.

When faced with these kinds of false alarms, I would urge users to calm down and avoid purchasing rogue antivirus products. This does not help solve the problem. Instead, it makes things even worse, as this is just a waste of hard-earned money.

This is only the latest tactic seen from the perpetrators of rogue antivirus malware. Recently, advanced threats researchers spotted another FAKEAV run using Sandra Bullock’s recent marital difficulties to spread malware. If you have any questions about this type of malware, please feel free to contact me and I will be glad to answer any of your questions.

New research from Trend Micro details how Koobface’s creators monetize the worm through scareware or fake antivirus, click fraud, information-stealing malware, and online dating services. “Unlike in the past when we always thought of malware as one piece of malware, like Melissa or Lovebug, in today’s world Koobface is an ongoing criminal enterprise using hundreds and thousands of pieces of code,” says David Perry, global director of education for Trend Micro. “That makes it more difficult to describe to the public at large. It’s not just one file.”

And the Koobface gang uses multiple channels for generating revenue with its malware, which when it infects a machine turns it into one of its bots. “Koobface has been a fantastically successful attack on social networking,” Perry says. And its criminal model represents the type of “evil corporation” that runs today’s successful malware operations, he says.

While some botnets do their work by downloading other malware, Koobface is the revenue-generating malware for the Koobface botnet gang, according to the report (PDF).

The group is affiliated with five different fake antivirus groups, including Safety Center and Security Tool. Fake antivirus creators have been pushing their phony software via botnets recently using pay-per-install tactics. The fake antivirus software typically is installed on the victim’s machine via Koobfaces’s pp.12.exe module, which acts as a fake AV downloader.

Click fraud, in which the bad guys basically hijack search results as a way to artificially increase traffic to earn ad revenue, is another way Koobface pays for its creators. The search hijacker basically intercepts a user’s request for a URL and redirects the user to a page that registers the click fraud.

Koobface also installs a variant of the Ldpinch information-stealing Trojan that steals user credentials and then either resells them or uses them to hack Websites. “In turn, compromised sites can be rented out or used by the cybercriminals behind KOOBFACE to host phishing sites or malicious scripts,” says the Trend Micro report.

The notorious AdultFriendFinder online dating site is also a Koobface vehicle for money-making. When users click on Flash animations of chat windows, they get infected with Koobface: “It seems that AdultFriendFinder is also back to its old ways, serving unsolicited adult-oriented ads using malicious software. In December 2007, AdultFriendFinder has agreed with the Federal Trade Commission (FTC)’s mandate, which barred it from displaying sexually explicit online ads,” says the Trend Micro report. “However, as can be gleaned from our research, the site has revived its former practice.”

Trend’s Perry says he wasn’t surprised by the inner workings of the Koobface gang. “This is exactly what we were expecting to see,” he says. “The reason we came up with this [research] is that we get the question all the time of, ‘What is this doing?’ This indicates that Koobface does not just do one thing,” he says. “They are using social networking to plant malware and Trojan downloaders on millions of PCs. They then use those to create an enormous botnet, and take portions of that botnet and sell or lease it to other criminals.”

AV-Test.org reports that MSE found and killed all 25 rootkits tossed its way during a test it conducted on the new software, which Microsoft rolled out on Tuesday. MSE basically replaces Microsoft’s subscription-based OneCare product, but focuses solely on anti-malware — detecting and removing viruses, spyware, rootkits, and Trojans. It doesn’t come with security “suite” functions, like a firewall, computer maintenance tasks, or backup.

AV-Test.org tested the new version 1.0.1611.0 with virus and spyware definitions 1.67.178.0 on Windows XP SP3, Vista SP2, and Windows 7. Rootkits traditionally have been the nemesis of many AV products. But Andreas Marx, CEO of AV-Test.org, says MSE’s 100 percent rootkit detection rate was “very impressive.”

MSE also detected all 3,700 samples of static malware, but the software was unable to detect new, unknown malware using dynamic, behavior-based detection. “None of the samples were detected based on their suspicious behavior,” Marx says. But, he says, other AV-only packages don’t include this dynamic detection feature, either. It’s usually only available in Internet security “suite” versions of the products, he says.

On XP, MSE found 98.44 percent of current samples of viruses, worms, Trojans, and bots, and 90.95 percent of adware and spyware. AV-Test.org found that MSE was able to remove all active malware components during the repair and cleanup phase, but in some cases residual pieces from the infections remained, such as inactive executable files and a disabled Windows firewall.

“The scan speed is quite OK when compared with other AV products. The scanner is not the fastest one, but also not the slowest available,” Marx says. He notes the test was a quick summary of some of the product’s features, and that the lab plans to conduct more in-depth testing and reviews of MSE. So this is early good news for Microsoft’s brand new product that is being put to the test. Only time will tell if it is able to keep up with the new threats that will target it and try to break through its defenses.

Microsoft Security Essentials (MSE), which Microsoft had code-named “Morro,” basically replaces Microsoft’s subscription-based OneCare product, but focuses solely on anti-malware — detecting and removing viruses, spyware, rootkits, and Trojans. It doesn’t come with security “suite” functions, like a firewall, computer maintenance tasks, or backup.

Interestingly, Microsoft is neither pushing the product via Windows updates nor bundling it with the operating system. “You have to proactively go to the Microsoft site to download it,” says Alex Eckelberry, CEO of Sunbelt Technologies, which sells enterprise AV, email, and other security tools for Windows. Eckelberry says Microsoft’s freebie software is ultimately “good for the consumer.”

What about commercial AV vendors? Eckelberry says he doesn’t expect the software to hurt them as much as AV vendors, like AVG, that also offer free anti-malware software. While it’s mainly a consumer product, he says it will also attract small mom-and-pop shops. “It won’t affect enterprise SMBs because it’s not manageable, so they won’t touch it,” he says.

Overall, Eckelberry says, MSE is good for consumer security.

Siobhan MacDermott, head of public policy, corporate communications, and investor relations for AVG Technologies, says while free AV sounds good at first glance, it could actually hurt consumers in the end.

“On the surface, a free offering from the company with a dominant market share would appear be a good thing. We believe, however, broad adoption could, in fact, put consumers at greater risk,” MacDermott says. “The strength of the security community rests in its diversity of products and the innovation delivered by companies like AVG, whose entire focus is keeping our users’ personal data and computers safe. It is our core business and one in which we simply cannot fail.”

Because Microsoft’s OS base is so large, a large community of MSE users will attract more attackers, according to MacDermott. “It is a law of numbers; large communities create large pools of opportunities for thieves,” she says. “If Microsoft leverages the power of its OS market to rapidly create a large community of MSE users, we believe those customers will be doubly vulnerable.”

Microsoft provided a peek at Security Essentials in June when it released a public beta version of the software.

The company says the software alerts users only when they need to take action due to a threat that’s detected, for instance, and it limits CPU and memory usage.

“Consumers have told us that they want the protection of real-time security software, but we know that too many are either unwilling or unable to pay for it, and so end up unprotected,” says Amy Barzdukas, general manager for consumer security at Microsoft. “With Microsoft Security Essentials, consumers can get high-quality protection that is easy to get and easy to use — and it won’t get in their way.”

MSE doesn’t require any registration or renewals, and is available for download here. For those interested, check out the review that is already up from arstechnica.com!

As reported in detail by Trend Micro researcher Rik Ferguson in the Counter Measures blog, the New York Times issued warnings through both Twitter and its website’s front page about malvertisements that trigger the display of a malicious pop-up window. The said pop-up window displays the typical fake antivirus warning indicating malware infection. This forces the affected user to purchase a full version of a rogue antivirus software. Of course, the reported infections are in reality nonexistent. The alarming messages are mere distractions to convince the user into giving away important information.

Not only is good money wasted on purchasing a useless software. Important information such as credit card details are also compromised and made available to cybercriminals.

Lately I have been personally seeing a ton of computers at work with this exact infection (Personal Antivirus). The odd thing I take from it is that it doesn’t usually bring along any other malware with it when it gets onto a system. From time to time I see this program on a system that is infected with a rootkit or other more vicious piece of malware, but for the most part, it seems to work alone and does nothing but want to get your money and credit card information.

So it would seem that the creators of this certain rogue security software don’t want to harm their victim’s computers why placing harmful trojans on the system with it, but merely to create an annoying piece of software that will bug you until you pay it to stop… or remove it with a program such as Spybot – Search and Destroy. So be careful out there… cause even well trusted websites seem to be getting hit with these types of breaches that can harm your computer!

What makes it worse is that the people who out there making all the bad and dangerous stuff on the internet do it for a couple different reasons. A few of them being to steal your personal information (such as bank information, credit card numbers or usernames and passwords), try and scam you with bogus software, or just mess up your computer for the fun of it because they can. I like to call these people “the bad guys”.

While there are a ton of people out there making these bad programs and websites, there are also a big number of people who are on the other side writing software and various tools to help protect your computers as well as clean them if they have gotten infected.

Most users don’t realize that just having an antivirus program is not usually enough to keep you safe from all the bad things that our out there trying to get into your system. I found an great article that talks about 10 pretty simple ways to increase your online security so you don’t have to worry when browsing the web or checking your email. So lets get on to the list!

1. Augment your anti-virus tool
2. Switch to plain text mail
3. Don’t click mail links
4. Vet your email
5. Switch web browser
6. Check web sites before you visit
7. Manage your passwords
8. Screen all downloads
9. P2P basics
10. Create a virtual sandbox

These 10 things are a great start to help keep your PC safe from a majority of the threats that are out there lurking in the shadows of the internet. While these aren’t fool proof, they can help the average user stay away and avoid all together most stuff that can harm their computers.

For a description of each of these 10 ways to further protect yourself, head over to this article on techradar.com to read up on each of these steps.

Many people think that as long as they have their antivirus software updated and running while they surf is enough to keep them safe. While this was true a couple years ago, much of the malware causing problems today has found ways to trick the user into getting around their antivirus software and infecting the system. Once it gets into the system, 9 times out of 10 it is usually too late for your antivirus software to help you.

Even though the good guys are constantly changing their strategies to try and stop the malware from effecting their users, the most common case is that the bad guys are constantly changing their ways as well to get around the good guys. Internet Explorer is usually the most targeted browser of choice simply because since it comes with Windows by default, by exploiting that, you have the greatest chance to actually succeed by infected users. This has resulted in a higher demand for alternate and more safe browsers to take its place.

Today, Mozilla’s Firefox is the most popular browser that users pick to replace Internet Explorer. One of the main reasons for this is the fact that you can add “extensions” to the browser to help keep unwanted websites from messing with your computer. Below is a quick list of 10 very helpful extensions you can add on to Firefox to help making your web browsing more safe.

1. BetterPrivacy
2. BlockSite
3. Dr. Web Anti-virus
4. FormFox
5. Ghostery
6. Locationbar
7. NoScript
8. Password Hasher
9. QuickJava
10. Web of Trust

After looking over this list, I have to agree that these extensions do indeed help a great deal in keeping you better protected while browsing the internet. Even though it can’t keep you completely safe from everything, they do a fantastic job in keeping you safe from a good percent of the dangerous and just plain annoying things out on the internet. If you would like to read up more on these extensions, you can click HERE to read up on them and help you decide which ones you would like to use.

“This was done at the factory,” said Schouwenberg. “It was completely brand new, still in its packaging.”

With a little more digging, Schouwenberg found multiple Windows system restore points, typically an indication that the machine had been updated with new drivers or software had been installed before it left the factory. One of the restore points, stamped with a February date, included the malware, indicating that it had been put on the machine before then. And the malware itself hinted how the netbook had been infected. ”In February, the manufacturer was busy installing some drivers for an Intel product in the netbook,” said Schouwenberg, citing the restore point. Among the three pieces of malware was a variant of the AutoRun worm, which spreads via infected USB flash drives.

“The USB stick they used to install the drivers onto the machine was infected, and it then infected the machine,” said Schouwenberg. Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. M&A Technology, which is based in Carrollton near Dallas, specializes in providing computers for education. The Companion Touch is a ruggedized netbook designed to be handed out by schools for students to take home.

M&A is relatively small – most brand-name computer makers don’t update their products’ drivers with USB flash drives. Still, this story can serve as a cautionary tale, particularly for those buying computers from so-called “white box” and custom-build vendors. You never know what the level of quality-control is going to be like in a small shop. But malware can bite even big names. Samsung sold some digital picture frames last year that came with a little something extra - a Trojan downloader. It was included on the CD that contained Windows-based software for managing the frame’s content. And in 2006, Apple shipped a handful of iPods that included a Windows virus.

Schouwenberg had some advice for those starting up a new machine. To ensure that a new PC is malware-free, Schouwenberg recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer and transferring that update to the new system, then running a full antivirus scan. ”That’s the best course of action, even though it sounds like a lot of work,” said Schouwenberg.

With cases like this starting to pop up for and more, it is starting to leave people wondering if anything is safe from the ever growing army of malware. Which backs the arguement even more that it can’t be stressed enough to keep your antivirus software up to date and always perform routine system scans!

In this article I am going to shed a bit more light on a extremely fast and hard to detect piece of malware called a “Rootkit”. 

The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system that surreptitiously granted root access. If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would allow the intruder to maintain root access over the system while concealing these activities from the legitimate system administrator. 

This type of software (if you want to call it software) became more well known and understood in 2005 when Sony installed rootkits on its music CDs in order for enforce the DRM that came with the CDs. With these events making the rootkit well known to everyone, (even the hackers that write malware) this opened the doors for almost endless possiblities for more ways for these hackers to gain access to a user’s computer. 

A successfully-installed rootkit allows unauthorized users to maintain access as system administrators, and thus to take and keep full control of the “rootkitted” or “rooted” system. Most rootkits typically hide files, processes, network connections, blocks of memory, or Windows Registry entries from other programs used by system administrators to detect specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes.

Lately though, it seems these rootkits are doing more than just opening doors for hackers to get into “rooted” computers. They like to help other malware in the disabling of the user’s antivirus software so it won’t try and clean up a growing infection as well to make it seem as though the antivirus program is still working how it should. Once this is complete it then will start to download tons of other malware onto the system to do anything from steal personal information or trick that user to buying a fake license for a “Rogue Security Application“. In other cases it will try and keep itself hidden and just hijack the computer to form a zombie machine to work as part of a botnet that sends out spam emails.

While these infections are harder to spot by the average user, the easiest way to notice that something is going wrong is usually just a few common symptoms. Usually the computer starts acting extremely slow as if it is doing a ton of computing, even if it isn’t doing anything you can see, or when the user tries to use the internet there are an unusual amount of popups that aren’t usually there for commonly visited sites. If you would like to scan your computer for this type of infection I suggest you download and run ComboFix.exe and let it do its thing. Even if it can not clean the infection it will let you know about them so you can take the needed actions to get it cleaned up ASAP! (note: if combofix will not load on your computer, then you are defiently infected with something dangerous as these types of malware commonly try to block it from running)

Last but not least… please always make sure your computer is up-to-date! It is pretty easy to do, so no one really has an excuse to not check it once a month or so as with an up-to-date system you are less likely to get infected! If you would like to make sure your system has all the latest patches from Mircosoft, all you need to do is click HERE (make sure you open the site in Internet Explorer) and follow the steps they give you on the website. Any questions feel free to leave a comment and I will help or answer your questions as best I can!

On Sunday Damballa researchers grabbed control of the C&C domain, but they say this is likely just one of many versions of the rogue Windows 7 OS: “In this case, we neutralized one release version of the Trojan’ed OS,” Cox says. “So if users have an older version and install it, we’ve neutralized it from downloading additional malware.”

Cox says the main goal of the Trojan tucked into the pirated OS is to add additional malware packages to the victims’ machines in a “pay-per-install” scheme, where the software piracy ring makes money from cybercrime groups who pay them to successfully install the malware. “The pirated software is the social enticement initially, and the second state is downloading additional packages of malware installed and distributed [via] the Trojan on a pay-per-install [arrangement],” Cox says.

Windows 7 has, indeed, become the newest lure: Trend Micro researchers have reported a Trojan downloader posing as a copy of the Windows 7 Release Candidate on popular torrent sites. The Trojan appears as a file called “setup.exe” when users download what they think is the Windows 7 RC. The Trojan, dubbed “TROJ DROPPER.SPX” by Trend Micro, downloads TROJ AGENT.NICE, both of which can be detected by Trend Micro’s Smart Protection Network.

Meanwhile, software piracy is on the rise, especially in the U.S., according to a report released yesterday by the Business Software Alliance and IDC. One-fifth of all PC software in the U.S. is pirated, which is the lowest rate in the world, according to the report. But the U.S. also boasts the biggest losses from piracy, at about $9.1 billion, according to the report. And most of the bots in the pirated Windows 7 OS scheme are in the U.S., according to Damballa, with about 10 percent of the bots, followed by 7 percent in both the Netherlands and Italy.

Damballa’s Cox says most traditional antivirus software is unable to detect the pirated Windows 7 Trojan because the OS itself is infected, and because most antivirus solutions don’t yet support Windows 7. “We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution,” Cox says. “Since our takedown, any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster. The old installs are accessible.”

The actual Windows 7 Release Candidate can be downloaded from Microsoft here.

Unlike viruses, a Trojan does not replicate (i.e. infect other files), nor does it make copies of itself as worms do. Now, there are Trojan Horses and there are viruses, but there’s no such thing as a Trojan Horse virus. In fact, the very definition of each precludes any chance of there being such a thing. A Trojan does not replicate. Viruses do. That fact alone means there can never be a “Trojan Horse virus”.

There are several different types of Trojans. They are classified based on how they breach and damage systems. The six main types of Trojan horse payloads are:

· Remote Access Trojans : controls your computer from remote locations. 
· Data Sending Trojans : used to sensitive data such as passwords, financial information to hackers. 
· Destructive Trojans : used to corrupt or delete files on your computer. 
· Proxy Trojans : uses your computer to send spams, financial fraud and other illegal activities. 
· FTP Trojans : used to open port 21 (FTP port) and lets the attacker connect to your computer. 
· Security software disabler Trojans : disables security software’s such as an antivirus program or firewall. 
· Denial-of-service attack (DoS) Trojans : used to shut down a website, server or network.

A Trojan horse usually get installed on a computer along with the installation of free software. For example, A program named “waterfalls.scr” serves as a simple example of a Trojan horse It may well be the program you wanted. But someone (usually a 3rd party) may well have attached a Trojan to it. The author claims it is a free waterfall screen saver. When running, it instead unloads hidden programs, scripts, or any number of commands without the user’s knowledge or consent.

The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have free virus remover installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. You should also install a firewall as well.

While some of these methods are quite simple and will do most of the job, there are also some more in-depth things that can also be done for users who swim in increasingly dangerous waters and need the extra security. So without me talking for pages about what can be done, I am going to jump right into the list and let you know what can be done to help secure your system from the dangerous waters known as the internet!

1. Turn off File Sharing
2. Install a Firewall
3. Scan for Spyware
4. Use Antivirus Software
5. OS Updates
6. Security Scanner
7. Secure Instant Messengers
8. Secure Email
9. Secure your Files
10.  Safe Passwords
- Taken from source. 

While some of these steps are more complicated than others, they are all worth looking into. Most of them are pretty easy to setup and use, and even the ones that do take a bit more knowledge to use have plenty of good websites that do a great job of explaining how to use them in amazing detail! 

So check this stuff out, and if you have any questions or suggestions please feel free to leave a comment about this and I will respond as soon as I get a chance. Also the orginial article / source for this list is listed right under the steps, which also does a good job in explaining so check it out and stay safe!

While I have seen a large variety of different forms of infections, the most common one right now is the Rogue Security Application. More specifically a couple of related programs called “WinAntivirus 2007,2008,2009″. Basically how this programs work is pretty simple and easy to spot if you know what to look for. They are usually found in popups while looking around on the internet, and once you have downloaded the “free” version it can claim to find HUNDREDS or even THOUSANDS of security risks or other threats on your system. It then goes on to tell you that to remove all of these threats you need to purchase the “Pro” version of the software as the FREE version can’t remove the threats, and can only identify them for you.

Little do most users realize that infact it has pointed out harmless cookies and registry files as these high alert threats and also in the background is secretly downloading real viruses and other threats to your computer wihout telling you are anything. Because of this users usually start to notice their computers get really slow, the Rogue Security Application start bugging them more frequently to upgrade to the “Pro” version, and as it downloads random BAD things into your system, system files can go missing, and your computer can stop working at all if the more worse ones are downloaded and executed on the system.

This is where a user will either realize something is wrong and seek help (like from us!) or will by that “Pro” version that it keeps popping up on their computer saying it can fix all of these problems. The real problem here is not only will this “Pro” version not fix anything, but it also gives the hackers access to your information of your credit card as well as the money you just paid them for this “Pro” edition. But the good news is there are tools out there to help you clean out your computer if it has been infected by these types of infections. So keep reading!

Here are a few easy steps to help clean out your system if you think you are infected:

1. Boot the computer into “Safe Mode with Networking”
2. Download the file “Combofix.exe” onto your desktop double click it and let it do what it does.
3. If the computer reboots itself make sure to catch it and load it up into Safe mode again.
4. Download and install “ClamWin Portable” to your system. (remember to update the program after it is installed to get the latest updates for the program) Go into the setting and make sure you have it set to “REMOVE” the harmful or infected files and not just report them!
5. Let this program run (though it make take a while) it scans all the files on your computer so it is a very good and intensive tool.
6. Download, Install, and Update Spybot – Search and Destroy and let it check your system for infected files, then clean out anything that it may find on the system!
7. Download AVG 8.0 Trial (must be installed in normal mode not safe mode), update it, then go to scan the computer. Make sure you check the “Change scan settings” and allow it check check for rootkits and to scan media files. Then tell it to scan and clean out anything it finds.

NOTE: Make sure to uninstall any previous Antivirus software you may have on your system because if the system has been infected it is probably pretty likely that your current install of Antivirus software has been damaged and will not work how it should. If you are looking for something to replace and old or outdated Antivirus software on your system to keep it safe from future attacks, what we suggest at my work and what I personally use is the AVG 8.0 Free Edition. This edition is mostly the same as the paid version (the trial you used in the removal process) but it is completely free and has about 95% of the same features that the paid version has to offer.

There you have it, and if you have anymor questions / concerns feel free to contact me or simply leave a comment and I will be happy to reply and help as much as I can!