I followed mikey's malware remover steps. Is this something else I need to look into running?

If you did everything in that doc, then no. The combofix, malwarebytes, and hitman pro are the 3 big ones... they'll all find different stuff.

If you'd like to prevent this from happening again, I'd suggest purchasing Malwarebytes Pro. $25, but it works very very well.

I thought i had it removed, but it came back....twice.

I finally backed up and restored to factory settings. Clean as a whistle now. All that reinstalling sure was a PIA, but at least now i am sure it's gone.

That's the only way you can be sure. Anti-malware tools are too spotty and inconsistent. Obviously this thread speaks volumes to the kind of snake oil is being sold by AV and Anti Malware vendors as well. Circumventing these things is very trivial for anyone who knows what they are doing.

I'll add that you guys need to turn off system restore while troubleshooting these malware episodes. Enable and create a new restore point when system is clean and behaving normally.
I anticipate this thread getting more and more attention.

It also scares me the number of novice users running combofix at the first sign of a infection. It should really be used at a last resort - before a wipe and reload.

I've gone back and forth with that in my head... I've never had a problem with it, but I've thought about editing the OP to include "for starters, reboot into safe mode, scan with malwarebytes & antivirus, etc" ... "and for a kill-it-with-fire approach, here's combofix...". I actually started editing it last night, but thought it came off like it was so time consuming, you might as well just restore.

This is a really good point. If you have an infection, and it happens to go unnoticed by your virus scanner or if your scanner doesn't detect that sort of thing, the virus will get backed up into a System Restore point. And system restore info can't be scanned by normal antivirus/malware scanners. So if you get an infection, and it's able to go unnoticed and ends up in a sys restore point, it can infect your system later.

After you purge your system of a bug, always delete all of your restore points just to be safe.

1. Open System by clicking the Start button http://res2.windows.microsoft.com/re...a2fd33_818.jpg, right-clicking Computer, and then clicking Properties.
2. In the left pane, click System protection. http://res2.windows.microsoft.com/re...75bf05b_48.jpg If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Under Protection Settings, click Configure.
4. Under Disk Space Usage, click Delete.
5. Click Continue, and then click OK.

http://res2.windows.microsoft.com/Re...xpcol_imgs.png

To add to fish's instructions:
For XP users :
Disabling system restore will automatically wipe all restore points.
Right click on My Computer and select System Restore tab and you will have a checkbox to turn off system monitor - do this.
After repairing the system go back to same tab and turn it back on.

AAAAAAGGGGGGGGGHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

yup. me too.:banghead:

Got the flashblock add-on on Firefox. Been roaming around CP for about 20 minutes, and my webroot just blocked a rogue. I'm still here, though, and not Vista Internet Security 2012 pop-ups....yet.

I posted this on Facebook, but I'll put it on here. It's a knb.exe rogue file that attaches itself to any executable you try to run. The information on bleepingcomputer.com was a huge help.

This time, it caught it whenever I clicked to go into the Media Center forum. I've been browsing different threads, including one that I know I was in before when it happened. I've also been posting on a few people's profile pages.

I've got about 10 minutes before I need to head back to work, so I'll keep snooping around here and see what happens.

Yea I got that Vista Internet Security crap the other day as well. I did a restore and everything appears fine. I have since added MSE to my computer so hopefully that will do the trick.

Annoying. I have to disable flashblock for some sites, but, if I forget to enable it, then something always, without fail, triggers my anti-virus on this site.