Threatfire is behavior based malware detection (and cleaning).
I run it in addition to signature based AVG.

Free versions of
AdAware
MalWareBytes
AVG
Spybot S&D
Norton Insight free (white list based) scanner

apparently could not find it.

Details of my struggles too long and messy for me to remember let alone recite.

VirusTotal seemed to miss it too.

Making a windows restore point before DL & install software might have helped too, but not sure how I actually got infected.

It was Mal/VBot-A infection.

Whew! Close call. (Installing LINUX is probably too much work for me.)

Commie hacktivists attacked the Vietnamese Professionals Society (in France?) web site and infected their widely used Vietnamese keyboard program with malware (trojan).

The infected PC's apparently became part of a bot net to attack environmental activist Vietnamese trying to expose a possible environmental disaster in the making (aided and abetted by a commercial contract between VN Commies and Chinese company).

Google: Malware Targets Vietnamese Activists
Robert McMillan, IDG News Service
http://www.pcworld.com/article/192986/google_malware_targets_vietnamese_activists.html

Commie hacktivists attacked the Vietnamese Professionals Society (in France?) web site and infected their widely used Vietnamese keyboard program with malware (trojan).
I downloaded the software again from the Vietnamese Professionals Society AGAIN.
This time they had published the MD5 hash values for the programs next to the download links.
Of course this doesn't really solve the problem, because a hacker might also change the published MD5 hash to make it match the hash of any infected software. Such a precaution does make carrying out the hack to be a little bit more "labor intensive", I suppose.

I suppose one COULD check on The Internet Archive to find out BOTH the version release number and the MD5 hash. If the software had not changed but the hash had, then one would be suspicious.

P.S.
MD5 hash of a file may be checked at VirusTotal.

I had some stability problems with my XP SP3 yesterday Wed, April 13, 2011 after having XP automatically updated by Windows Update.

So I started eliminating some software of lesser importance from my startup. During this process I happened to try uninstalling Threatfire not for any particular good reason, just in the hope that fewer programs running might stabilize the system.

Unfortunately that uninstall broke Panda Cloud Antivirus. Originally the first release of this Panda did not have behavioral malware detection. Later it was added. So there is at least some reason to suspect they could be incompatible, even though I had disabled behavioral detection in Panda. Reinstalling Panda fixed the AV. So I won't run Threatfire any more with Panda, but I now DO have behavioral detection enabled in Panda.

I never did find out what caused the instability. Could have been windows update. Could have been the Conexant internal modem I installed for backup when DSL goes down. I disabled the modem for good measure in addition to taking 'digital line detect' out of startup.

For good measure I ran Malwarebytes and Spybot S&D scans. Spybot found Huntbar Stoolbar and cleaned it. Have no idea what it is.

In hindsight.

It was a matter of which AV companies first detected the malware.

Also it was my firewall which first attracted my attention and made me suspect something was 'off' in that some software had asked for access to the net without my having any idea what the software was for.

If it had been a keylogger instead of DDoS, my goose would probably have been cooked on the first day.

David,

Threatfire is nice, but it is only one of a medley of programs. When Avast came out with version 6, its multiple shields became my main defense. I currently run MalwareBytesPro, Avast 6.0.1000, and Outpost 2009 free firewall. Standalone apps right now: gmer, Hitman Pro, Pavark, Rootkitr, Spybot S&D, SysClean, and TDSS rootkit.

David,

Threatfire is nice, but it is only one of a medley of programs. When Avast came out with version 6, its multiple shields became my main defense. I currently run MalwareBytesPro, Avast 6.0.1000, and Outpost 2009 free firewall. Standalone apps right now: gmer, Hitman Pro, Pavark, Rootkitr, Spybot S&D, SysClean, and TDSS rootkit.
Nick,
Thanks for the list. I had forgotten the name of Hitman Pro :o

I'm sort of tired of playing with this antimalware stuff for a while :) though.

Nick,
Thanks for the list. I had forgotten the name of Hitman Pro :o

I'm sort of tired of playing with this antimalware stuff for a while :) though.

David,

Got hit some time ago and had to fdisk/format.... ever since I've been looking for holy grail... I think I'm close with Avast's multiple shields and MalwareBytesPro combo... I use a little menu program to load up all the standalone stuff and then just let it sit in the tray for use when needed.

David,

Got hit some time ago and had to fdisk/format.... ever since I've been looking for holy grail... I think I'm close with Avast's multiple shields and MalwareBytesPro combo... I use a little menu program to load up all the standalone stuff and then just let it sit in the tray for use when needed.
Yeah. Even in the old Avast 4 version I noticed that they had a user interface for turning on and turning off the various parts or layers of security.

I reinstalled Hitman Pro even tho' it doesn't clean any more because my free subscription had expired earlier, just detects. Because it claims to be a multivendor cloud based on-demand (i.e. non resident) behavioral detection system and it DID in the past seem to do a good job of cleaning up the remaining traces of the DDoS infection I got a couple years ago.

BTW, I'm still on XP SP3 and may stick with it until support from MS ends in 2014 or until my mother board fries.

Yeah. Even in the old Avast 4 version I noticed that they had a user interface for turning on and turning off the various parts or layers of security.

I reinstalled Hitman Pro even tho' it doesn't clean any more because my free subscription had expired earlier, just detects. Because it claims to be a multivendor cloud based on-demand (i.e. non resident) behavioral detection system and it DID in the past seem to do a good job of cleaning up the remaining traces of the DDoS infection I got a couple years ago.

BTW, I'm still on XP SP3 and may stick with it until support from MS ends in 2014 or until my mother board fries.

David,

I'm also on XP PRO SP3 and will remain so until I have to buy a new laptop and even then (if it comes with disc), I'll probably try and put XP on it instead. I've played with Windows 7 and don't like its folder by folder admin rights nonsense one little bit and, probably a sign of age, don't like its interface either.

David,

Got hit some time ago and had to fdisk/format.... ever since I've been looking for holy grail... I think I'm close with Avast's multiple shields and MalwareBytesPro combo... I use a little menu program to load up all the standalone stuff and then just let it sit in the tray for use when needed. http://tapcis.com/forums/attachment.php?attachmentid=508&d=1302930930 Nick, I happened to notice that Tor was in your list as pictured, at the bottom. Do you have any recommendations for when it might be useful for non-experts to use?

http://tapcis.com/forums/attachment.php?attachmentid=508&d=1302930930 Nick, I happened to notice that Tor was in your list as pictured, at the bottom. Do you have any recommendations for when it might be useful for non-experts to use? 16 September 2011, 13:32
Iranian block on Tor traffic quickly foiled
http://www.h-online.com/security/news/item/Iranian-block-on-Tor-traffic-quickly-foiled-1344762.html :)

:)

David,

No good reason, unless you happen to live in a country where the government spys on your every move on the web.... Oh Crap!

Seriously, some of my friends in China use it for obvious reasons. I seldom use it.

Private Mode in most modern browsers is a pale imitation of it, but useful to hinder those that might be interested in spying on your activity.