So far I haven't had any real problem with Avira either, and sometimes it has even detected some unwelcome visitors. In this case it appeared to be rather useless, but then quite a few other programs (MS scanner, Malwarebytes etc.) seemed to fail too, at least after the infection (using them as scanners in safe mode).

Since PC Linux seems to be hardly ever a target machine of these trojans, keyloggers etc., I used to use a Linux installation for careless web surfing in shady web pages etc. At the same time though, somehow I still trusted it more also for bank transactions etc. than e.g. XP. Not sure though how much Android is targeted these days, and how insecure it is.

Security Sphere 2010 sounds a lot like the ransom ware I was dealing with as you describe many of the same symptoms. Black desktop, missing icons, all files hidden, unable to run apps due to file association being deleted, continuous multiple pop-ups, etc, etc. Also, System Restore was disabled both in a normal boot and in Safe Mode which made that solution useless.

It seemed to get harder to remove as I encountered each new infection. In the last couple of infections it came down to deleting all the system restore points as even after I got system restore to work manually the malware had managed to insert itself into all restore points.

bleepingcomputer.com's solution for the malware also uses the process kill method by downloading a file that kills the running processes for that infection. That was essential before I could remove the similar malware. I finally found the registry entry that was reinstalling the malware files / registry entries on re-boot.

Don't know that it's worth the trouble to remove it since installing Linux would be an easy solution . . . =)

The procedure on that page seemed to work, and Security Sphere 2012 was defeated. Apparently it didn't have quite such hold of the computer yet, because for me the following manual steps:

- disabling proxy configuration
- TDSSKiller
- RKill
- hosts file replacement

were apparently not needed, but I did them anyway. Running Malwarebytes full scan in Safe Mode, logged as the user who was infected, seemed to work after all. I made a mistake before that I logged in as admin and not the infected user (I don't know if that really matters, but that was suggested in those bleebingcomputer steps), and I apparently ran quick scan instead of full scan.

Now onto wiping the HD and installing Ubuntu... I also went ahead and replaced Avira Antivir with MS Security Essentials on another XP machine, even though I can't really tell if that makes it any more secure. (On work Win7 laptop I obviously use the security solutions that the employer is providing, whatever they may be). I've apparently lost touch to what are the recommended third-party antivirus and antimalware solutions today that every Windows user should be using, I'm not sure if I had even heard about "Malwarebytes" before this problem, and whether it sounded any more legit software than "Security Sphere 2012". I guess SpyBot and AdAware are not the most highly recommended antimalware shit anymore like they used to be years ago?

Earlier (many many years ago) I used to install Avira Antivir to my friends' XP machines simply because it seemed a hassle-free, free, solution compared to many other contemporary antivirus programs, which either required you to register your copy with a valid email address (sorry I don't feel like doing that to dozen friends one by one, plus some required you to do re-registration every year if you wanted to continue using it), or would require manual re-installation whenever a new major release came out, ie. I would be called back to site again when re-installation was needed.

At least back then Antivir seemed rather easy from my point of view, no registrations and it would automatically update to a new release if needed. The only drawback was the nagging screen when updates were made, but so what.

Maybe this has changed since and the other solutions (Avast, AVG, whatever there are today) don't require any more attention nowadays. Obviously official MS Security Essentials would be the preferred choice today from this point of view, no even nagging screens. Maybe I thought earlier that it would be more interested in finding pirated Windows software than actual malware. But maybe it is as good as some folks say.

I wonder if it would make sense for any commercial antivirus and antimalware companies to secretly release malware that only their product detects in the beginning, just to get into limelight? Of course no one would ever really do anything like that (right?), but sometimes I wonder why some new anti-whatever SW may be so much more successful in detecting and removing certain new malware than other players.

Nope. Most of the times, one would be fine with using only MSE and a non-admin user account. Security on Vista and 7 has improved a lot since the XP days.