32 cookies and four trojans

[baroque_quest]

I built a new PC, expecting to make it a dual-boot with both boots being W-7 (don't ask). I finished the first partition and loaded Norton AV and Malwarebytes on it. Then I finished the second partition except for antivirus. Up until then I had not accessed the Internet except to download Microsoft updates. Using the Norton/Malwarebytes partition, I looked at a few common news sites, e.g. BBC News and CBS News. I am fairly certain that the only new site I accessed was sogdianamusic.ru. Then I ran a scan with Norton, which turned up 32 cookies. I had never seen so many cookies with any antivirus product before. I allowed Norton to remove the cookies. This worried me, so I ran Malwarebytes, which turned up four trojans -- and the trojans were on both partitions, two on each. I thought this was strange given that I had not used the Internet on the second partition at all except for Microsoft updates. I allowed Malwarebytes to handle the four trojans.

Then it got worse. I booted into the second partition and tried to load F-Secure. Immediately I was notified that my Internet connection was down. Obviously there was yet another trojan, whether one which Malwarebytes did not completely remove or a more cleverly-hidden one. The trojan was not going to allow me to install F-Secure. I booted into the first partition and the Internet connection was fine.

It was time to terminate trojans. I shut the system down, removed the drive, and, using another PC and a USB 3.0 external enclosure, used Western Digital's Data Lifeguard to write zeros to each and every bit. Then I reinstalled both OS, Norton, Malwarebytes, and F-Secure. Just in case something was lurking in the firmware, I immediately ran anti-virus scans, which showed no problems at all.

I am not sure if I was stung by zero-day malware or trojans which both Norton and Malwarebytes were not aware of.

The lessons here are:

- sogdianamusic.ru is dangerous

- Norton completely missed all of the trojans, both during access and scan

- Malwarebytes only partially cleaned up the trojans

P.S. If this had been a customer PC, I would have tried Norton's Power Eraser. But since the PC wasn't even finished, I just started over.

[daledoc1]

Hello and welcome, baroque_quest:

Sorry to hear you might be infected.

We cannot work on malware removal in this sub-section of the forum, so please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum. (Please see helpful tips below.)

OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" sticky topic.
  
• -->If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.
  
• Then please start a new post in the Malware Removal Forum.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.
  

• -->>When starting your new post, please note the following:<<--
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  
• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
  

OPTION 2:

If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them HERE.

OPTION 3:

If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site HERE.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

[baroque_quest]

I do not see any way to edit my post, so here is a correction. All scans were full, covering all partitions on the drive.

[daledoc1]

Hi:

You won't be able to edit posts until you achieve Honorary Member status (50 posts).

Having said all that, please see my reply above for the suggested steps to start the detection and cleaning process.

Thanks!

daledoc1

[baroque_quest]

This is a reply to daledoc1.

My PC is no longer infected; obviously yours was a canned response. And I am a licensed PRO-MBAM user.

[baroque_quest]

Now I realize I posted in the wrong forum. If possible, have the moderator erase this thread and I will post in the proper place.

[daledoc1]

Hi, again:

Yes, both MBAM staffers and many longstanding members use pre-drafted forum code -- this is the norm.

If you browse this section of the forum, you'll see that even the members of the mod team use these standard text passages, in order to provide forum newcomers with explicit, detailed, accurate advice & guidance. Such "canned" verbiage is tweaked/edited as needed, on a case-by-case basis.

No offense was intended.

It remains the case that malware-related issues are not covered in this particular sub-section of the forum.

This is for the safety of the users looking for help, and for the convenience of the trained malware experts who provide guided assistance.

This is the norm at any of the computer disinfection communities -- it permits the OPs and experts to work in a dedicated, distraction-free environment without input from well-intentioned, but untrained forum members.

So, while I'm sure the MBAM staff will value your having shared your malware removal experiences here in the General forum, it remains the case that regular members aren't permitted to provide malware removal advice: http://forums.malwar...showtopic=12264

If you would like any sort of expert assistance, please select one of the three options presented earlier.

Different users have different preferences for the means by which they would like assistance -- that's why 3 options are provided.

Thanks for your patience and understanding,

daledoc1

[daledoc1]

Now I realize I posted in the wrong forum. If possible, have the moderator erase this thread and I will post in the proper place.

Not to worry -- the mods will either move or close this thread, as needed.

Thanks for your input!

daledoc1