I've been fighting with a fake rouge antivirus program called AntiVirus Soft over the past month or two. I thought I eliminated it with Malwarebytes, but it keeps coming back. I recently installed Spybot and after removing the entries related to it my system seems fine. However, Spybot picked up Virtumonde.sdn in my Windows NT folder under the file name PFW. I've read that Virtumonde is known to spread fake antivirus software online. Is this a false positive or do I really have it? Spybot wasn't able to remove the Virtumonde entry because it said I needed administrator rights. I'm running Windows Vista.
Also should I use this removal tool to get rid of Vundo/Virtumonde if I have it?
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99
Thanks.