win32/adware.fakeantispy.s Need help removing

I have a virus very similar to the Virtumonde trojan i think where I get fake pop ups saying I need to download anivirus programs. The pop ups look like they are coming from AVG which is what I use. I also got the internet security pops up 2011 but those seem to have gone away. I am hoping someone has a solution as no system restore is available. Now I am getting an AVG Identity Protection pop up saying malware detected. It is not allowing me to open certain programs on desktop as well. ANy help once again is really appreciated

I used malwarebytes and still shows this after

Memory process infected 1
registry values infected 2
registry data items infected 7

Files infected 11

I am still unable to open up certain programs and the rogue, trojan whatever it is still seems to be here

I have tried running superanti spyware and malwarebytes and they cannot find any infected files but I know I still have Virus. Avg pops up saying malware detected and I get an identity one that pops up also. I cannot open up any programs on the desktop. I am trying to do rootkill but cannot log on to firefox or Internet explorer. Someone please help!!!

I am getting an AVG Identity Protection pop up saying malware detected.

What is the name of the threat identified by AVG?

Did it provide a specific file(s) name associated with that threat and if so, where is it located (full file path) at on your system?


Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.

• Click the Logs Tab at the top.
• The log will be named by the date of scan in the following format: mbam-log-date(time).txt
  -- If you have previously used MBAM, there may be several logs showing in the list.
• Click on the log name to highlight it.
• Go to the bottom and click on Open.
• The log should automatically open in notepad as a text file.
• Go to Edit and choose Select all.
• Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
• Come back to this thread, click Add Reply, then right-click and choose Paste.
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs


If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side or on the back as shown here which could have accidentally been moved to write protect.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

• Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
• If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• When the program opens, click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
  Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
• A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!

• Be sure to read all the information Norman provides on that same page.
• Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
  The tool is very slow to load as it uses a special driver. This is normal so please be patient.
• Read the End User License Agreement and click the Accept button to open the scanning window.
• Click Start Scan to begin.
• In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
• After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
• Copy and paste the contents of that file in your next reply.

-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.