this program adds its self to the trused site on execution
cdnrep.reimage.com

then downloads 30,000+ files inc fake.trojan,virtumonde.
(most off the files are locked,i had to use a file killer to remove all)
then screws up your hosts files.
the said files wernt picked up by s&d alought it may off duped the deciction (sp) as it scans your manchine for all files ect..

its suppsed to repair your manchine hence the expected 30,000+ files
the fake trojan installs on reboot as does virtumonde.
this mabye a attempt to get you pay the £40 it asks for the repair.

i was lucky i have webroot installed witch on reboot checks for malware and also alereted me to "THostsFile::SetActive call to RemoveOldCASSEntries falted" imo i dont know what this means but it happened after running that program i am not asking for help at this point as i have asked webroot,i am simply posting what happened to my manchine after running this program.

downloading the program doesnt seem to be a issiue but running it and allowing it access to your manchine does.

i did have to use another program to remove et all (fake.trojan)

i do have logs off the found files if so needed.

Hello kinos,

If Spybot-S&D does not detect or remove an item and you can find the files, please zip or rar them and send to: detections(at)spybot.info (Replace AT with @)

Cheers.

sorry tashi.

i thought i might be asked for what your asking.
i knew i should off kept the two fake trojan files and made them non exeacutable.as i knew there location.but there now delted.

the virtumode files they where automaticly quarntied (sp) on reboot.and i delted them.

i thought this over i am guessing s&d didnt pick them up and they where set to run on reboot and mabye off lay dormant.and would off been picked up on rebooting.however thats a totaly wild guess.
i guess that as webroot and didnt pick the virtumonde files until i rebooted eiither,and the same i did scan before rebooting.
and mabye off been picked up if i had rebooted (i scanned before rebooting)

malware bytes picked up the two fake trojan files before reboot.

if it had just been two files i.e fake trojan i might off suspected a false positives
however for webroot to also pick up another two and now this hosts file issiue all happing after running this program i wouldnt expect them all to be false positives.

sorry next time i report anything like this i will be more constintant with whats required