cutliquidsnake

Thanks for your help, I use AVG Free edition and the firewall that comes with Windows XP. I think I'll take my computer to a professional to get it cleaned. I could also do this right? Then I change my passwords again? But what else do I do? I heard you are supposed to contact the bank and everything, was the threat so serious that I have to contact credit card companies, contact my bank, etc. What all do I have to do in this situation?

Yes, I don't actually want to clean my computer, it seems fine now, the only real thing I want to know is if this type of thing can steal critical information and if a criminal could be using my information. :S

I wasn't sure where to put this, but anyways, a few weeks ago I got malware on my computer, it seemed really bad, I used Spybot to remove it, then it kept appearing again after another scan, the virus was disabling my firewall and everything. I got recommended malwarebytes and after I scanned with it my computer finally stopped acting up. I have heard about people's lives being ruined by identity theft so this has me very worried. Is this a possibility? What kind of information does this sorta thing usually steal? I have a paypal account, bank account, ebay account, some online store accounts, etc. I changed my passwords to all of them once I removed it. Is there a possibility of someone using information like my name or something to buy things when I don't even know about it? I really have no idea about any of this stuff. I'll post my malwarebytes log. Here it is: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/22/2010 4:43:42 PM mbam-log-2010-07-22 (16-43-42).txt Scan type: Full scan (A:\|C:\|D:\|) Objects scanned: 273029 Time elapsed: 1 hour(s), 11 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

Thank you for your help! I would like to know something before we get started though. I did some searching around this forum before I made this thread, and I came across a thread where someone was having trouble with malware. The expert posted that his computer is very at risk and critical information could have been stolen. The expert gave him this link: http://www.dslreports.com/faq/10451 What I'm wondering is, from the malware I had, is it possible that I need to take the steps listed in that link? Any chance of identity theft or fraud? It has me really worried! I do have facebook, banking, and some other things on here but I make sure to not save my password on here. How at risk is my personal information? Thanks in advance for any help. I'll get to posting the logs as soon as I can!

How serious are these threats? Should I contact my bank to make sure my account number doesn't get stolen? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/22/2010 4:43:42 PM mbam-log-2010-07-22 (16-43-42).txt Scan type: Full scan (A:\|C:\|D:\|) Objects scanned: 273029 Time elapsed: 1 hour(s), 11 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.