Posted 04 February 2009 - 10:46 PM
A few minutes ago Firefox informed me that a new update was available for one of my add-ons, either Download Helper or Download Statusbar (can't remember which and can't find any history/info on installation/etc. of add-ons anywhere), so I installed it as the popup seemed legit and I wasn't on any shady sites. Immediately the page changed to www.lulwot.com (I'm sure of the spelling), which had a very loud video with flashing bright colors playing, and Outlook Express opened window after window attempting to send email after email through Hotmail (I don't know if it succeeded or not). The process was called msnim in Task Manager, but they popped up so fast and kept coming that I couldn't stop them or Firefox, so I hit the power button on my computer.
I rebooted it in Safe Mode w/o internet access and have been running scans - Spybot S&D, Rogue Remover, and CWShredder have all come out clean, and I'm currently running AVG Antivirus. I did notice I have a O18 protocol 'msnim' (C:\PROGRA~1\MSNMES~1\msgrap~1.dll) according to HijackThis (along with a 'livecall' protocol with the same file and path), but that's been there for a long time before this incident.
Does anyone have any information about this attack, what kind of malware it is, if my computer is infected or if this was a one-time thing, and what I should do about it? I'd really appreciate your help.