After working with a friend on a school project, I learned that my USB drive was harboring resycle/autorun/boot.com files. I followed directions he gave me (deleting the hidden files and scanning the registry on my USB drive and laptop) - but I didn't find any more hidden files.
Later that night, IE popups began appearing on my computer (Vista) when I wasn't using IE. I ran SpyBot, which detected but could not remove Smitfraud, Smitfraud-C, Virtumonde, Virtumonde.prx. Shortly after, SpyBot dialog boxes began appearing asking me to Allow/Deny system changes (things were being added). I ran SpyBot again and apparently removed Smitfraud-Core something, so I allowed the next two system changes (removal of some run32dll files). Sometime after a reboot, my desktop wallpaper was replaced with a blue screen.
I ran Smitfraudfix in Safe Mode to no avail. Google searches lead me to believe this is something I cannot solve on my own. I would appreciate any guidance you could provide.
I'm currently backing up my files and I've prepared the DDS .txt files as per the instructions in the Malware section.
Thanks for your help,
EDIT: Is it safe to continue using my computer for e-mail and file uploading or to move files from one computer to another? This project requires collaboration but I don't want to infect other people's computers.
EDIT2: As of this morning, SpyBot found and "removed" Smitfraud C Core Service. It did not find any instances of Virtumonde. However, I'm wary because a non-system version of csrss.exe was running in my processes (I ended it). I would appreciate any guidance on this issue.
Edited by ajlpenguin, 10 January 2009 - 02:57 PM.