Posted 29 July 2008 - 03:51 AM
I don't know if this will set some record for fastest infection but we just bought a laptop on Sunday, my mom managed to get Win AntiVirus 2008 on the computer. So in about 29 hours we got an infection. The computer is running Vista so i'm not very familar with the OS yet. I had also installed all current Windows updates current as of 7pm that day. It has McAfee security center installed. After the infection I turned up the firewall from trusted to tight. Also we started to use wireless internet for this laptop. We set up the router yesterday but weren't sure how to put a password to access the connection. After asking a neighbor about how to do it on Monday when we went to access the router via our admin name and password we couldn't get into it. So i'm not sure if anyone got into out network and messed things up. I reset the router and then placed a access password on the network.
As for Win AntiVirus everytime we open an internet page it pops up, it is always running in the bottom right, and at computer startup it runs a scan and returns results saying we have infections and to pay to install WinAntiVirus 2008. It also pops up another warning saying we have a keylogger installed (i'm pretty sure this is another fake popup as are the results it returns in the scan.)
I ran kapersky online scan and it found 2 threats and 4 infected files. I saved (or tried to) the scan log to desktop and the computer's document folder as a text document and html. I'm not sure if this is because of the WinAntiVirus 2008 program, another bad program installed, or my inexperience with windows Vista. I checked and show all system files and hidden files is selected. I am running as administrator and have read write access. I also am not able to find the scan logs I created using the search option in Vista.
I installed and ran dss. The program runs through the backing up registry hives step. As soon as it gets to removing temporary internet files dss.exe crashes. I downloaded dss again to make sure it was a good copy. It still crashes in the same place. I don't know if it's because of Vista or something in the temporary internet files that keeps crashing it. So as of right now I have no scan logs to post as per the preperation guide before posting a hijackthis log section.