I got hit with this yesterday, I don't know how, whether it was through surfing around looking for a movie from forums like divxturka or somewhere else, but it popped up as a security alert and when I thought it was the windows security alert, I clicked on "enable protection" and it pops up a browser that has me try to buy some antivirus software, which I know is a fake then. I had ESET Antivirus enabled before then but for some reason, it did not catch this virus I ran full scan with Malware Malbytes, and it detected 2 problems, but none of them had the title of win32.zafi.b, they were related to svchost and something else. I rebooted into safe mode and did that full scan again and did a full scan of ESET, which after hours, found nothing. I tried using hijackthis, but it did not catch anything suspcious when I analyzed the file. but every time I log in to my normal boot login, it pops up and when I use any browser like IE 7 or Mozilla, it pops up as well. it slows now anything that I load as an app, and my browsing, even as simple as opening up a saved txt file. I downloaded PC Spyware Doctor full version and ran a full scan last night, it was able to find some spyware, but not anything related to this virus. After cleaning a few dozen of what it found in the browsers, I rebooted and the same problems are happening again. Take a look at this screenshot http://img156.imageshack.us/my.php?image=68279301lr6.jpg http://img155.imageshack.us/my.php?image=66445468pf8.jpg I'm currently installing and trying to update symantec endpoint protection, but it seems that virus seems to have disabled some options or something isn't right. If none of these work, are there manual ways that I can get some help in looking around in the registry or any hidden folders? Symantec keeps catching things as you can see from how thin that scroll bar is. it's not taking out the source, something is replicating these files.