I thought I would share my experience of yesterday (2 August) with you and ask a few questions about this horrid virus/malware. I'm usually very careful about opening exe. files but I had downloaded a email client with a keygen application (I know, I know ) from a torrent file. I know that torrents are notorious for carrying and spreading malware/spyware/viruses etc. I'm still giving myself a hard time about this . Ironically, the email client loaded fine and the key from the keygen application worked! I've since uninstalled though. I don't condone this sort of thing either. My OS is Windows XP with Service Pack 2 and I have the ESET (Nod32) Security Suite installed as a firewall and antivirus. The first thing that happened was that every icon on my desktop was wiped leaving only my background desktop wallpaper. So I rebooted and there was a strange message just before the dektop was about to load (I can't remember the message) giving me options to continue, retry or cancel. I clicked on continue and my desktop loaded but within 10 seconds, the icons had gone but they came back and then disappeared about 5 times before finally disappearing altogether again. During all this, a message from Scotty the watchdog from my Winpatrol application kept asking me if I wanted Windows/System32/mlJDvcSka.dll to run on startup as a browser help object which I kept ignoring. I knew then that this dll. was part of my problem. I rebooted into safe mode but the same thing happened to the desktop icons there too. In the brief time available between the icons appearing and disappearing, I managed to do a system restore on 4 past dates but all were unsuccessful. The next thing that happened really scared me. I managed to run a scan with Lavasoft Adaware. Any application that I could open before the desktop icons were wiped actually stayed open. Within 20 seconds of the scan (the registry first I think), it had found 5,000 infected files or instances of spyware that included all kinds of stuff like Opera, IE add ons, browser help objects, toolbars etc. I have to admit to panicking at this point when the message came up to the effect that my computer was heavily and crtically infected with spyware. But, as soon as I clicked on the 'remove selected items' button, my screen went black and closed down! . I tried this a few times after rebooting, even in safe mode, but the same thing happened. I knew I had to try and remove the Windows/System32/mlJDvcSka.dll but I couldn't get to it in time between the disappearing icons scenario. I then managed to do a scan with Spybot Search & Destroy which amazingly remained open throughout the whole scan and there it was - Virtumonde.dll with the mlJDvcSka.dll in it's sub folder together with 2 seperate registry entries. That's all that was found which I did find a little strange seeing as my Adaware told me that my computer was kind of critically infected . Anyway, I successfully deleted the damn thing, rebooted and, wallah, desktop fine, everything working fine - UNTIL - desktop icons began disappearing and reappearing again and Scotty the watchdog came in with the same message but with a different dll. (Windows/System32/nnnlijki.dll) which of course I ignored. At this point, I ran a Hijack This scan and found nothing and I ran a smart scan with my ESET (Nod32) Antivirus and found nothing . So I ran another scan with Spybot Search & Destroy which picked up the Virtumonde.dll with the regenerated nnnlijki.dll in it's sub folder and 2 different registry entries. I navigated to all three source items and physically deleted them, ran CCleaner and TuneUp One click optimizer that I thought would find loads of stuff but didn't, rebooted and everything has been fine since then. Incidentally, I ran a Hijack This scan this morning which showed up Winlogon Notifier nnnlijki.dll (file missing) and deleted that. I've also ran an Adaware scan that didn't find any trace of the original 5,000 infected items Anyway, sorry this is long winded but it might help others who become infected with this horrid thing. And those questions: 1. Why did Adaware show up 5,000 'critical items' within a few seconds of scanning yet my antivirus and Spybot Search & Destroy didn't pick up any of the 'toolbars, browser help objects, IE add ons etc'? Could it be that Virtumonde 'conditioned' Adaware to tell me that my computer was critically infected? 2. Why didn't my ESET (Nod32) application pick up Virtumonde from the outset. I didn't get any message at all from it when I was about to run the exe. file. And why didn't it pick up on the nnnlijki.dll in Windows/System32 when I ran a scan? 3. In hindsight, is there anything I could have done differently to get rid of Virtumonde more quickly than I did (it took me 5 hours!) or is there a security application (other than Winpatrol) that can run in the background and give real time system protection that maybe would have picked up on Virtumonde immediately? Thanks for listening!