Jump to content

Recommended Posts

Hello,

First, I can't believe that you guys thoroughly assist so many users daily. Thanks for doing such a wonderful job.

I run Windows XP Service Pack 3 on a Dell Inspiron 1525 laptop. My problems started with AVG's detection of a process called DWM.exe two days ago. It quarantined it along with some registry values and files. 15 minutes later I got the "Windows XP Recovery" virus with fake alerts and everything, all files on the system hidden, Task Manager disabled, and other symptoms. It seems to be a new virus as I only found mentions of it on the web in the past few days. I ran an Anti Rootkit scan. 0 infections found. I went into Safe Mode. I ran an AVG command line full system scan. It found 1 infection (Trojan Horse Downloader.Agent2.AHOT) I ran Ad Aware Free full scan simultaneously. It found 2 infections but I can't remember or find out what they were now. Anyway the Windows XP Recovery symptoms were still there. I followed instructions on bleepingcomputers about removal of the virus (http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-recovery). Followed all steps. Step 8 said to run a scan with Malwarebytes' Anti-Malware. It found about 11 infections, removed them and the virus' alerts went away. I followed Step 18 to use Unhide.exe which unhid my files but most folders in Start\All Programs were empty, including Accessories. After some web research, I used this app (http://windowsxp.mvps.org/Accessories.htm) to restore Accessories. Wordpad and Volume control were missing completely from the system. I got the files from the internet and put them in their supposed locations. Most folders in All Programs related to applications I have are still empty though. I was going to live with this but today I realized I still have problems as AVG, after a scheduled automated scan, alerted me of 17 infections found. All of them (Trojan Horse Cryptic.CVD) The files are many instances of iexplore.exe, explorer.exe, and services.exe Some of them were healed, others inform me that "Object is inaccessible".

Please tell me what I should do.

Thanks a lot,

Andrew

Link to post
Share on other sites

I should also mention that a week ago, AVG found the following threat:

C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\9\42e30a09-7b7e722e

Trojan horse Generic22.ALEE

Moved to Virus Vault

The Malwarebyte scan of 2 days ago also found instances of threats in that Java cache folder.

Link to post
Share on other sites

  • Staff

Andrew97,

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6630

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.May.11 12:35:19 AM

mbam-log-2011-05-21 (00-35-15).txt

Scan type: Quick scan

Objects scanned: 155160

Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Andrew\Desktop\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Andrew at 1:16:55 on 2011-05-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.471 [GMT 2:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Switch Off\swoff.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Dell\Dell Mobile Broadband\systray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Documents and Settings\Andrew\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea youtube flv downloader\MoyeaCatcher.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java

Link to post
Share on other sites

No problem.

I disabled antivirus and antispyware programs like the instructions said, I ran ComboFix, it started extracting things , and then I suddenly got the blue screen of death and the computer restarted by itself. After startup, the Windows Error Report informed me that the problem was "caused by spooldr.sys" and that this program might be malware.

Link to post
Share on other sites

  • Staff

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

2011/05/25 04:31:02.0312 5924 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23

2011/05/25 04:31:02.0515 5924 ================================================================================

2011/05/25 04:31:02.0515 5924 SystemInfo:

2011/05/25 04:31:02.0515 5924

2011/05/25 04:31:02.0515 5924 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/25 04:31:02.0515 5924 Product type: Workstation

2011/05/25 04:31:02.0515 5924 ComputerName: HOME-ANDREW-PC1

2011/05/25 04:31:02.0515 5924 UserName: Andrew

2011/05/25 04:31:02.0515 5924 Windows directory: C:\WINDOWS

2011/05/25 04:31:02.0515 5924 System windows directory: C:\WINDOWS

2011/05/25 04:31:02.0515 5924 Processor architecture: Intel x86

2011/05/25 04:31:02.0515 5924 Number of processors: 2

2011/05/25 04:31:02.0515 5924 Page size: 0x1000

2011/05/25 04:31:02.0515 5924 Boot type: Normal boot

2011/05/25 04:31:02.0515 5924 ================================================================================

2011/05/25 04:31:02.0968 5924 Initialize success

2011/05/25 04:31:20.0046 5180 ================================================================================

2011/05/25 04:31:20.0046 5180 Scan started

2011/05/25 04:31:20.0046 5180 Mode: Manual;

2011/05/25 04:31:20.0046 5180 ================================================================================

2011/05/25 04:31:20.0484 5180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/25 04:31:20.0531 5180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/25 04:31:20.0593 5180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/25 04:31:20.0640 5180 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/25 04:31:20.0765 5180 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/05/25 04:31:20.0812 5180 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/05/25 04:31:20.0875 5180 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/25 04:31:21.0046 5180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/25 04:31:21.0093 5180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/25 04:31:21.0156 5180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/25 04:31:21.0203 5180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/25 04:31:21.0265 5180 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/05/25 04:31:21.0296 5180 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/05/25 04:31:21.0328 5180 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/05/25 04:31:21.0390 5180 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/05/25 04:31:21.0437 5180 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/05/25 04:31:21.0468 5180 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/05/25 04:31:21.0500 5180 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/05/25 04:31:21.0531 5180 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/05/25 04:31:21.0609 5180 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/05/25 04:31:21.0687 5180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/25 04:31:21.0765 5180 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys

2011/05/25 04:31:21.0796 5180 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/05/25 04:31:21.0859 5180 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/05/25 04:31:21.0906 5180 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/05/25 04:31:21.0937 5180 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2011/05/25 04:31:21.0968 5180 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

2011/05/25 04:31:21.0984 5180 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/05/25 04:31:22.0031 5180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/25 04:31:22.0078 5180 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/25 04:31:22.0109 5180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/25 04:31:22.0156 5180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/25 04:31:22.0171 5180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/25 04:31:22.0250 5180 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/25 04:31:22.0281 5180 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/25 04:31:22.0375 5180 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

2011/05/25 04:31:22.0468 5180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/25 04:31:22.0546 5180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/25 04:31:22.0578 5180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/25 04:31:22.0609 5180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/25 04:31:22.0671 5180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/25 04:31:22.0734 5180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/25 04:31:22.0750 5180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/25 04:31:22.0781 5180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/25 04:31:22.0812 5180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/25 04:31:22.0828 5180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/25 04:31:22.0875 5180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/25 04:31:22.0937 5180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/25 04:31:22.0953 5180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/25 04:31:22.0984 5180 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/25 04:31:23.0015 5180 genmcmnUSB (c791d0c9178baf98a5886175ffcda1bf) C:\WINDOWS\system32\DRIVERS\gflmouhid.sys

2011/05/25 04:31:23.0031 5180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/25 04:31:23.0078 5180 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/25 04:31:23.0125 5180 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/25 04:31:23.0187 5180 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/05/25 04:31:23.0218 5180 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/05/25 04:31:23.0296 5180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/25 04:31:23.0375 5180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/25 04:31:23.0609 5180 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/05/25 04:31:23.0859 5180 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/05/25 04:31:23.0890 5180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/25 04:31:24.0000 5180 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys

2011/05/25 04:31:24.0031 5180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/25 04:31:24.0078 5180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/25 04:31:24.0093 5180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/25 04:31:24.0140 5180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/25 04:31:24.0171 5180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/25 04:31:24.0218 5180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/25 04:31:24.0250 5180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/25 04:31:24.0296 5180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/25 04:31:24.0328 5180 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/25 04:31:24.0359 5180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/25 04:31:24.0390 5180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/25 04:31:24.0453 5180 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/05/25 04:31:24.0484 5180 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/05/25 04:31:24.0562 5180 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/05/25 04:31:24.0625 5180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/25 04:31:24.0687 5180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/25 04:31:24.0718 5180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/25 04:31:24.0750 5180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/25 04:31:24.0765 5180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/25 04:31:24.0828 5180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/25 04:31:24.0859 5180 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/25 04:31:24.0890 5180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/25 04:31:24.0953 5180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/25 04:31:24.0984 5180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/25 04:31:25.0015 5180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/25 04:31:25.0031 5180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/25 04:31:25.0062 5180 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/25 04:31:25.0078 5180 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/25 04:31:25.0109 5180 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

2011/05/25 04:31:25.0140 5180 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/25 04:31:25.0171 5180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/25 04:31:25.0203 5180 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/25 04:31:25.0234 5180 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/25 04:31:25.0250 5180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/25 04:31:25.0265 5180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/25 04:31:25.0296 5180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/25 04:31:25.0328 5180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/25 04:31:25.0359 5180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/25 04:31:25.0421 5180 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/25 04:31:25.0437 5180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/25 04:31:25.0484 5180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/25 04:31:25.0531 5180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/25 04:31:25.0578 5180 NWADI (9edf6fd48a9eb4afdf225eb9c5111df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

2011/05/25 04:31:25.0625 5180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/25 04:31:25.0640 5180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/25 04:31:25.0671 5180 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys

2011/05/25 04:31:25.0718 5180 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys

2011/05/25 04:31:25.0734 5180 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys

2011/05/25 04:31:25.0781 5180 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/25 04:31:25.0812 5180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/05/25 04:31:25.0828 5180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/25 04:31:25.0859 5180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/25 04:31:25.0906 5180 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/05/25 04:31:25.0937 5180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/25 04:31:25.0984 5180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/25 04:31:26.0015 5180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/25 04:31:26.0156 5180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/25 04:31:26.0187 5180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/25 04:31:26.0234 5180 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

2011/05/25 04:31:26.0265 5180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/25 04:31:26.0281 5180 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/25 04:31:26.0390 5180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/25 04:31:26.0421 5180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/25 04:31:26.0437 5180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/25 04:31:26.0468 5180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/25 04:31:26.0500 5180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/25 04:31:26.0515 5180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/25 04:31:26.0562 5180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/25 04:31:26.0625 5180 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/25 04:31:26.0656 5180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/25 04:31:26.0703 5180 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/05/25 04:31:26.0718 5180 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/05/25 04:31:26.0750 5180 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/05/25 04:31:26.0843 5180 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/25 04:31:26.0906 5180 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/05/25 04:31:26.0968 5180 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/05/25 04:31:26.0984 5180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/25 04:31:27.0031 5180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/25 04:31:27.0062 5180 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/05/25 04:31:27.0078 5180 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/05/25 04:31:27.0109 5180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/25 04:31:27.0171 5180 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/25 04:31:27.0234 5180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/25 04:31:27.0296 5180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/25 04:31:27.0343 5180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/25 04:31:27.0421 5180 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2011/05/25 04:31:27.0484 5180 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/25 04:31:27.0562 5180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/25 04:31:27.0609 5180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/25 04:31:27.0796 5180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/25 04:31:27.0843 5180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/25 04:31:27.0906 5180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/25 04:31:27.0937 5180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/25 04:31:27.0953 5180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/25 04:31:28.0046 5180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/25 04:31:28.0140 5180 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/05/25 04:31:28.0203 5180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/25 04:31:28.0265 5180 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/05/25 04:31:28.0296 5180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/25 04:31:28.0328 5180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/25 04:31:28.0359 5180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/25 04:31:28.0406 5180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/25 04:31:28.0453 5180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/25 04:31:28.0468 5180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/25 04:31:28.0500 5180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/25 04:31:28.0546 5180 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/05/25 04:31:28.0593 5180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/25 04:31:28.0656 5180 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/25 04:31:28.0656 5180 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025

2011/05/25 04:31:28.0656 5180 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/05/25 04:31:28.0671 5180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/25 04:31:28.0734 5180 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/05/25 04:31:28.0781 5180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/25 04:31:28.0859 5180 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/05/25 04:31:28.0937 5180 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/05/25 04:31:28.0984 5180 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/05/25 04:31:29.0031 5180 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/25 04:31:29.0078 5180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/25 04:31:29.0125 5180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/25 04:31:29.0265 5180 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/05/25 04:31:29.0359 5180 MBR (0x1B8) (a85844a0d2ae290fb601360a641e5962) \Device\Harddisk0\DR0

2011/05/25 04:31:29.0375 5180 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)

2011/05/25 04:31:29.0375 5180 ================================================================================

2011/05/25 04:31:29.0375 5180 Scan finished

2011/05/25 04:31:29.0375 5180 ================================================================================

2011/05/25 04:31:29.0406 5160 Detected object count: 2

2011/05/25 04:31:29.0406 5160 Actual detected object count: 2

2011/05/25 04:31:58.0437 5160 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/25 04:31:58.0437 5160 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025

2011/05/25 04:31:58.0828 5160 Backup copy found, using it..

2011/05/25 04:31:58.0843 5160 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot

2011/05/25 04:31:58.0843 5160 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure

2011/05/25 04:31:58.0890 5160 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot

2011/05/25 04:31:58.0890 5160 \Device\Harddisk0\DR0 - ok

2011/05/25 04:31:58.0890 5160 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/25 04:32:09.0203 2324 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

I'd like to know a little more, if possible, before I decide, though I think I'll probably re format in the end. I'm sorry to bother you further, but it's just not an easy thing to do as it takes lots of time and really wears me down for days backing up my files, then reinstalling of all the drivers, apps, updates, etc...

1) You say the system can allow "collection and transmiission of personal identifiable information without your consent." What kind of information does this include? Can a hacker access my system, delete, read, move files, etc ?? Can my passwords to sites, email, etc, be stolen ??

2)

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information...

Well I have accounts on many sites including amazon and ebay where I do buy stuff by credit card from time to time. I have an app called RoboForm which remembers my passwords and my information to fill out online forms. Should I change ALL passwords right now for any sites where I'm registered?? The problem is that I don't have a list of all those sites, and I usually use two or three variants of the same password for everything.

3) I'd like to know how I got infected in the first place. Is it just something that can happen to anyone? Because I had AVG, Ad Aware and Spybot protections (the free versions) running all the time. Am I just unlucky?

4) Are there any additional steps we can follow now to better assess the severity/extent of the current danger on my PC before I decide ?

Thanks a lot,

Andrew

Link to post
Share on other sites

  • Staff

Hi Andrew,

1) You say the system can allow "collection and transmiission of personal identifiable information without your consent." What kind of information does this include? Can a hacker access my system, delete, read, move files, etc ?? Can my passwords to sites, email, etc, be stolen ??
Impossible to determine what exactly is being collected, but the potential is limitless. What usually ends up being the case is that your computer becomes part of a botnet and contributes to sending out spam. Passwords, etc. may also be collected.
2) Well I have accounts on many sites including amazon and ebay where I do buy stuff by credit card from time to time. I have an app called RoboForm which remembers my passwords and my information to fill out online forms. Should I change ALL passwords right now for any sites where I'm registered?? The problem is that I don't have a list of all those sites, and I usually use two or three variants of the same password for everything.
Change all passwords from a known clean computer. It's the only way to guarantee you'll be safe (if you haven't been compromised already).
3) I'd like to know how I got infected in the first place. Is it just something that can happen to anyone? Because I had AVG, Ad Aware and Spybot protections (the free versions) running all the time. Am I just unlucky?
Could have been a number of things. There are many dangerous places on the Internet and you need good realtime anti-malware protection (see below).
4) Are there any additional steps we can follow now to better assess the severity/extent of the current danger on my PC before I decide ?
Unfortunately no, not really; the specific extent of the damage can't really be determined until something were to happen (you'd get a phone call from the bank about odd banking activity, for instance). In this case, no news is good news.

Here is my standard prevention speech for after you format and reinstall Windows.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.