I did a clean nLited XP install, having the ethernet cable disconnected. After I installed Window Blinds I added a theme and having Nod 32 running in the background (I installed this before hand ofc) the word Win32/Adware.Virtumonde pops up. NOD cleans this up but I since I'm using firefox (I removed IE with nLite) I don't see any pop-ups/ads as I've installed the Adblock Plus addon for FF before hand.

FF also have the pop whatever blocker integrated as we all know, but still... I can't even visit google or most of the sites I visit regularly (trusted domains). Killing explorer.exe solves the problem. I do suspect that Virtumonde is still there but Nod won't detect it. I'm all up to date with XP/NOD 32 and still can't get rid of this.

I did some lurking on my iPod Touch on forums I can't even access (till now that I killed explorer.exe) about Virtumonde. And I read that it's pretty hard to remove compared to other puny malewares.

So what's your suggestion? Do a reinstall (format etc) or find a solution before taking the hard yet easy way?

Note: Nothing seems to be getting slower, FF won't just open/load the sites at all. Last time I got infected was around the beta of SP2, so I kinda haven't thought about maleware at all... Virtumonde is supposed to open sites/popups but I have that all blocked >.>

Try scanning with Malwarebytes Anti-Malware.

Love ya dude. Seems that I had more to clean up than I expected.

You may want to get my program, LunarDownloader. It can help you get the programs you need to do a thorough cleanup. Download the Professional package and under the Links menu, select the PC Maintenance guide to get your computer cleaned up. Then post a HijackThis log.