ibdb

Thanks for your help. On your suggestions: I have good backups (data saves to a RAIDed home server, with nightly to weekly backups of computers on the network, depending on their use). I'm generally pleased with my anti-virus, though it clearly dropped the ball on this one. Signatures were about a week behind, by my best guesstimate, though more frequent full system scans, instead of just the quick scans might also have helped. Antivirus is inherently a reactive solution, and I'm going to put a little more research into some proactive options. I use Secunia PSI to help keep current on patches. I used to be a regular Firefox user, but now find Firefox too unstable. It crashes on me at least a third of the time I try to use it, sometimes even when viewing static sites. I find it performs in a similar fashion on three different machines with three different hardware configurations in my home, so I'm going to hold Firefox responsible. I wish I could still use it. I am implementing some additional restrictions on my kids' accounts. Though neither has administrative priviledges, it looks as though the source of the infection that led me here originally made it to the machine while a kid was browsing. I will look at the hosts file suggestion. I'm also running K9's filtering package, and considering OpenDNS.

ESET completed with no threats found. I'm feeling more confident that Security Essentials was able to clean up the mess -- though it was also the program running when the malware got in. It looks like the malware was detected with signature updates that were about a week old. I think I'll set Security Essentials to run a full scan more often for a little while. Are you familiar with any of the malware I listed above? I couldn't find much detail about them when I did a search.

Thanks for the reply. While waiting for suggestions here, I ran a full system scan with Microsoft Security Essentials. It identified and removed: Trojan:Java/Mesdeh Exploit:Java/CVE-2008-5353.QZ TrojanDowloader:Java/OpenStream.AM Exploit:Java/CVE-2008.5353.SV Trojan:Java:Mesdeh.E Exploit:Java/CVE-2010-0094.D None of those had been detected in the earlier MalwareBytes QuickScan. I ran a full MalwareBytes scan after the Security Essentials scan, and it came up clean. A TrendMicro Housecall scan also came up clean. I'm feeling better about the results, but not 100% confident yet. Here's the most recent MalwareBytes results: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5154 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 11/19/2010 3:54:34 PM mbam-log-2010-11-19 (15-54-34).txt Scan type: Quick scan Objects scanned: 165395 Time elapsed: 6 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESET results to follow.

I recently installed k9's web filtering product and noticed some odd behavior -- browsing the local newspaper site k9 suddenly alerted to a huge number of hits to youtube within a single second, all with URL contents that were a variant of the spelling of "galileo." None of the virus scans I've run have turned up anything, and I haven't noticed any other strange behavior on the PC. I know something isn't right, but I have no idea what's going on to cause it. I don't know when it might have started, as I wouldn't have noticed anything without the suddent k9 alerts. Any guidance would be greatly appreciated. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5129 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 11/16/2010 5:15:29 PM mbam-log-2010-11-16 (17-15-29).txt Scan type: Quick scan Objects scanned: 172968 Time elapsed: 7 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-11-10.01) - NTFS_AMD64 Run by David at 17:53:58.98 on Tue 11/16/2010 Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22 Microsoft Attach.zip