I'm coming to the end of a long battle to clean my mum's computer from a nasty virus (or possible set of viruses) and wanted to make sure that the computer is clean before installing some proper protection...

I'm also curious to find out more about the threat which seems to have evaded detection and/or fixing by all the progs I tried.

It seemed to start with something generating loads of pop-ups, and a search bar that installed itself in the taskbar (called 'deskbar') eventually slowed inet traffic down to a complete standstill. Bit by bit i was able to remove offending items, but it wasn't until the very end that inet access was back to normal. Very frustrating as I was unable to download spyware updates or post to forums for help!

The first thing to appear was a prog called command.exe. It appeared that this was then generating a series of programs called 'project1' and adding various .exe files to C:\ & C:\windows

This was detected each time by spybot, along with a serious of changes to windows firewall and sp2 update settings. Each time i fixed them they came back. Following advice on forums related to getting rid of command.exe I used a combination of spybot, spysweeper, hijackthis, combofix and killbox

The files would typically run with the process name 'defender' and were called:
dov9.exe
pwr.exe
dfx.exe
doc.exe
Generally these were picked up and deleted by sweeps, but would be continually regenerated. Finding and deleting relevant registry keys after deleting these files still didn't help.

In the end the only way I could fix the problem was by getting rid of two processes that were running that were not picked up by spybot, clamwin, combofix, spysweer as problems:
lviss.exe
lsyss.exe
I was only able to get rid of them using hijackthis to find thier location, then killbox to get rid of them as they didn't appear in windows explorer (even when showing hidden/system files)

This got rid of the problems with general slowness of the PC and also the total internet block. Finally i could download updates and sweeps this time revealed the same system settings changes as before, plus an entry of Smitfraud.C. These were fixable and have not returned on a re-scan.

Obviously a bit of a botched effort, now I'm now not sure how clean the system is (i'll post a current hjt log when I'm back at my mum's).

1) Does anyone know what problem/combination of problems this might have been?

2) Why is it that both times i have had a serious virus/trojan problem none of the spyware/anti-virus programs picked them up? (even with the latest definitions)

3) Could anyone recommend a good basic software firewall I could install? The computer had previously been behind a router and had no problems at all. A few days of broadband without the router and a deluge

Sorry for the long post, I wanted to include all the details for others to find as I kept searching for ages with my symptoms but never found anything that was quite the same...

Richard