Worried about identity theft.

[cutliquidsnake]

I wasn't sure where to put this, but anyways, a few weeks ago I got malware on my computer, it seemed really bad, I used Spybot to remove it, then it kept appearing again after another scan, the virus was disabling my firewall and everything. I got recommended malwarebytes and after I scanned with it my computer finally stopped acting up.

I have heard about people's lives being ruined by identity theft so this has me very worried. Is this a possibility? What kind of information does this sorta thing usually steal? I have a paypal account, bank account, ebay account, some online store accounts, etc. I changed my passwords to all of them once I removed it. Is there a possibility of someone using information like my name or something to buy things when I don't even know about it? I really have no idea about any of this stuff. I'll post my malwarebytes log. Here it is:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/22/2010 4:43:42 PM

mbam-log-2010-07-22 (16-43-42).txt

Scan type: Full scan (A:\|C:\|D:\|)

Objects scanned: 273029

Time elapsed: 1 hour(s), 11 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

[noknojon]

Hi and Welcome -

With all those Backdoor bots I would be very concerned - Please follow these instructions -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You -

EDIT -

Main symptoms of Trojan-Spy.Win32.Zbot infection

1. (One or several) files appear in the folders %windir%\system32 and %AppData%:

ntos.exe

twex.exe

twext.exe

oembios.exe

sdra64.exe

lowsec\\local.ds

lowsec\\user.ds

[cutliquidsnake]

Yes, I don't actually want to clean my computer, it seems fine now, the only real thing I want to know is if this type of thing can steal critical information and if a criminal could be using my information. :S

[mountaintree16]

I would get it checked anyway to make sure that everything is truly gone.

That was some nasty malware.

[noknojon]

Hi again -

The simple answer is yes - This may have already been done with these infections / intrusions - -

Above I have listed a quick detail from Kaspersky Labs that show lowsec\local.ds (Stolen.data) is a threat -

The usual thing to do is reset your passwords as soon as you can to protect yourself - That is why we want to remove these infections -

Without knowing how long they have been on your system , you are the one taking the chances -

All the services we provide are free and are handled only by trained experts -

You may note that Kaspersky fully identifies it ad a Trojan-SPY -

Thank You -

EDIT -

Do you use a decent Firewall and Anti Virus program ?? These 2 items are 100% required at all times -

At the very least do a Full Scan with Malwarebytes Anti-Malware and if any item is still there then you are still badly infected -

[cutliquidsnake]

Thanks for your help, I use AVG Free edition and the firewall that comes with Windows XP. I think I'll take my computer to a professional to get it cleaned. I could also do this right?

Then I change my passwords again?

But what else do I do? I heard you are supposed to contact the bank and everything, was the threat so serious that I have to contact credit card companies, contact my bank, etc. What all do I have to do in this situation?

[noknojon]

That is the information that our experts would be able to give to you -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

With just a small amount of information - As I have -

This statement is as far as I am actually allowed to go - The rest is defined by an expert checking your system -

Thank You -