I would have though hiloti would be detected as Vundo, the rogue security suite could be slipping through as there are so many variants.
Do you have artemis set to high when you scan? ( you may want to set just to notify on the first run in case it deletes some thing you want though)
There is a specific stinger tool associated with all the scareware aswell from the http://vil.nai.com/vil/averttools.aspx
Obv any samples you get I would send them to virustotal and to webimmune with the virustotal links so we can get them into the DATS.
links are on the vil.nai.com site.
I would be running the microsoft online scanner and malwarebytes to try and isolate as much as you can of the infection