JJMAC

Many thanks Maurice for your helpful advice. I am holding the infected computer off line until such times as I can get round to reformatting the hard drive, a task that I am not looking forward to. My home network consists of the infected computer, a laptop and another computer. Can I safely assume that the malware infection has not spread into the other 2 computers in my network? Can I also assume that it is safe to use the (previously) infected computer so long as it is not connected to the internet?. Are there any precautions I should take when backing up files on the infected computer eg. are there any file types I should avoid.? I have been badly let down by McAfee Internet Security which carried out a scheduled scan of my computer and reported that my computer was secure (no action required.) while in reality I was unable to open a single program by clicking on the desktop icons prior to Malwarebytes’ cleanup operation.

On or about 4April 2012 I started to get messages to warn me that malicious programs had been detected. These messages were generated by a program called InternetSecurity.ink which appeared to have installed itself and scan my computer. Its executable file was isecurity.exe. Its target location was roaming. From the very start I suspected that this was a scamware program designed to frighten me into buying their program activation key. When I got a message to tell me that I had 91 useless and unwanted files on my computer any fleeting thoughts of activating security.ink were dispelled. I did have a problem though as not a single program including Internet Explorer and Windows Mail would open except McAfee Internet Security which continued to carry out scheduled real time scans and report that I was fully protected (no action is needed). The rogue InternetSecurity.ink program reported various malware infections. The most common one was W32Blaster-Worm which was said to infect the executable files of all the programs on my computer. Malwarebytes has done a good job at cleaning up my computer. I can now get access to all my files. I am concerned that my private data may have been compromised, including my life’s savings in bank accounts , building society savings accounts etc. I had left my computer switched on and unattended for three to four hours during which period it was connected to the internet. When I returned I got Security warnings & found that programs would not open. I switched off the computer. The following day I turned the computer on (with my router turned off) and was surprised that it booted up normally. All of the desktop icon were displayed but when clicked on them the associated programs failed with a message to say that the executable file was infected by W32Blaster-worm. However, I found McAfee Internet Security was carrying out a scheduled scan. I observed the progress of the scan going from file to file which took about 3 hours to complete. When it completed it reported that no viruses were found and my computer was secure (no action was required.). How could that be when not a single program would start.? I conclude that the rogue malware had made changes to the desktop shortcuts without infecting the actual programs? I had not tried to open any program directly instead of clicking on the desktop icons. I attach LOGS of scans carried out on 12,13 & 14th April 2012. Are there any conclusions to be drawn therefrom regarding the potential risk to the security of data found on my computer? Many thanks/ JJMAC log of malbytes SCANS ON 12, 13&14 of April 2012.doc