Options
Scary-sounding malware.
I was wondering if somebody could help me. I have some unknown programs running in my registry. I also scanned my system using spybot and it found:
Virtumonde
Crypt.Spambot.qk
Element
Virtumonde.generic
I then followed everything the "Before you post a log" thread said and here it is...
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:25 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rwkgjnuzroz.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newmilfordschools.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43F85621-6A64-4CB3-ADCA-65FC4F259514} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7EABCB33-DFF2-4D7F-87C2-1FA268BCA753} - C:\WINDOWS\system32\oppqq.dll (file missing)
O2 - BHO: (no name) - {F9C79A6F-9F08-4F3F-969F-451173E1FD1A} - C:\WINDOWS\system32\urqop.dll (file missing)
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [xtmpouwdme] C:\WINDOWS\system32\xtmpouwdme.exe
O4 - HKLM\..\Run: [rwkgjnuzroz] C:\WINDOWS\system32\rwkgjnuzroz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunServices: [szblneajb] C:\WINDOWS\system32\szblneajb.exe
O4 - HKLM\..\RunServices: [xtmpouwdme] C:\WINDOWS\system32\xtmpouwdme.exe
O4 - HKLM\..\RunServices: [rwkgjnuzroz] C:\WINDOWS\system32\rwkgjnuzroz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\xurduxkb.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XM...h/XMLCache.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111274866408
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152727605292
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.co...oadControl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: efcywvw - efcywvw.dll (file missing)
O20 - Winlogon Notify: oppqq - C:\WINDOWS\system32\oppqq.dll (file missing)
O20 - Winlogon Notify: urqop - C:\WINDOWS\system32\urqop.dll (file missing)
O20 - Winlogon Notify: yayvsqr - yayvsqr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Print Spooler Service (oaxis7kugxzd) - Unknown owner - C:\WINDOWS\system32\rwkgjnuzroz.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Windows Maintenance Monitor (wmoisvc) - Unknown owner - C:\WINDOWS\winrss.exe (file missing)
--
End of file - 9224 bytes
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 25, 2007 8:08:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 25/09/2007
Kaspersky Anti-Virus database records: 423082
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 54380
Number of viruses found: 7
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:51:41
Infected Object Name / Virus Name / Last Action
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469202.CPY Infected: Trojan-Downloader.Win32.VB.db skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469203.CPY Infected: Trojan-Downloader.Win32.VB.ec skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469204.CPY Infected: Trojan-Downloader.Win32.VB.ec skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469205.CPY Infected: Trojan-Dropper.Win32.Small.nm skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469206.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469207.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469208.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB CAB: infected - 7 skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469209.CPY Infected: Trojan-Downloader.Win32.VB.db skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469210.CPY Infected: Trojan-Downloader.Win32.VB.df skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469211.CPY Infected: Trojan-Downloader.Win32.VB.ez skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB CAB: infected - 3 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd2381.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\vstelbh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\rvhpa.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\qkaynqvpqm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\nuvatlvfnspq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\rwkgjnuzroz.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\TEMP\ZLT07993.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT079a0.TMP Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\FAMILYROOM.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{60015F56-8116-4E59-8FC7-D603D0F591EA}.bin Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NLZHMJX5\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents And Settings\Bryan\NTUSER.DAT.LOG Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\History\History.IE5\MSHist012007092520070926\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\Bryan\Cookies\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\change.log Object is locked skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025930.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025931.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025932.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025933.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025935.exe Infected: Trojan.Win32.Obfuscated.gy skipped
Scan process completed.
Virtumonde
Crypt.Spambot.qk
Element
Virtumonde.generic
I then followed everything the "Before you post a log" thread said and here it is...
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:25 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rwkgjnuzroz.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newmilfordschools.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43F85621-6A64-4CB3-ADCA-65FC4F259514} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7EABCB33-DFF2-4D7F-87C2-1FA268BCA753} - C:\WINDOWS\system32\oppqq.dll (file missing)
O2 - BHO: (no name) - {F9C79A6F-9F08-4F3F-969F-451173E1FD1A} - C:\WINDOWS\system32\urqop.dll (file missing)
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [xtmpouwdme] C:\WINDOWS\system32\xtmpouwdme.exe
O4 - HKLM\..\Run: [rwkgjnuzroz] C:\WINDOWS\system32\rwkgjnuzroz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunServices: [szblneajb] C:\WINDOWS\system32\szblneajb.exe
O4 - HKLM\..\RunServices: [xtmpouwdme] C:\WINDOWS\system32\xtmpouwdme.exe
O4 - HKLM\..\RunServices: [rwkgjnuzroz] C:\WINDOWS\system32\rwkgjnuzroz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\xurduxkb.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XM...h/XMLCache.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111274866408
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152727605292
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://prints.picturecenter.kodak.co...oadControl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: efcywvw - efcywvw.dll (file missing)
O20 - Winlogon Notify: oppqq - C:\WINDOWS\system32\oppqq.dll (file missing)
O20 - Winlogon Notify: urqop - C:\WINDOWS\system32\urqop.dll (file missing)
O20 - Winlogon Notify: yayvsqr - yayvsqr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Print Spooler Service (oaxis7kugxzd) - Unknown owner - C:\WINDOWS\system32\rwkgjnuzroz.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCCare Premium - Unknown owner - C:\Program Files\PCCare\Client\srvc.exe (file missing)
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Windows Maintenance Monitor (wmoisvc) - Unknown owner - C:\WINDOWS\winrss.exe (file missing)
--
End of file - 9224 bytes
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 25, 2007 8:08:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 25/09/2007
Kaspersky Anti-Virus database records: 423082
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 54380
Number of viruses found: 7
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:51:41
Infected Object Name / Virus Name / Last Action
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469202.CPY Infected: Trojan-Downloader.Win32.VB.db skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469203.CPY Infected: Trojan-Downloader.Win32.VB.ec skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469204.CPY Infected: Trojan-Downloader.Win32.VB.ec skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469205.CPY Infected: Trojan-Dropper.Win32.Small.nm skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469206.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469207.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB/A0469208.CPY Infected: Trojan.Win32.StartPage.pe skipped
C:\_RESTORE\ARCHIVE\FS3112.CAB CAB: infected - 7 skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469209.CPY Infected: Trojan-Downloader.Win32.VB.db skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469210.CPY Infected: Trojan-Downloader.Win32.VB.df skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB/A0469211.CPY Infected: Trojan-Downloader.Win32.VB.ez skipped
C:\_RESTORE\ARCHIVE\FS3113.CAB CAB: infected - 3 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd2381.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\vstelbh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\rvhpa.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\qkaynqvpqm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\nuvatlvfnspq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\SYSTEM32\rwkgjnuzroz.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\TEMP\ZLT07993.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT079a0.TMP Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\FAMILYROOM.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{60015F56-8116-4E59-8FC7-D603D0F591EA}.bin Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NLZHMJX5\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents And Settings\Bryan\NTUSER.DAT.LOG Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\History\History.IE5\MSHist012007092520070926\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\Bryan\Cookies\index.dat Object is locked skipped
C:\Documents And Settings\Bryan\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\change.log Object is locked skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025930.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025931.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025932.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025933.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{94883545-816E-49F9-A47E-C04E281C9FE4}\RP135\A0025935.exe Infected: Trojan.Win32.Obfuscated.gy skipped
Scan process completed.
0
Comments
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
- If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable,Pin numbers, credit card numbers, account numbers, etc. should all be changed immediately and it would be wise to contact those same financial institutions to inform them of your situation.
- This infection can attract others, keep it offline except when we are troubleshooting.
- Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
- Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
- If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
- From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
- Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
- Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to Re-format and Re-install, a useful link is here: http://www.dslreports.com/faq/10063Please let me know what you decide.