Posted 10 February 2009 - 04:22 PM
Just registered and the forum recommended I make an introductory post, so here it is!
I'm a moderate-to-advanced level computer guy (more or less "the IT department" where I work) who has finally encountered a series of viruses and rootkits that I simply don't know how to deal with. Some careless browsing by a coworker slipped something in under the radar... something new, I think. Virus scanners didn't pick it up until days later, and even then not reliably. From what I've been able to reconstruct, it might have been a fake/infected PDF that started the whole thing.
Now, I don't know which computers to trust and which not to. I see no evidence of the infection spreading, but given that virus scanners couldn't even find it for days, who knows how many computers are now rooted! I'm especially worried about our shared file server. The network cables have been pulled from the two computers that have been in direct contact with the virus, so I'm hoping (praying) its actually isolated. The second computer was used to run a virus scan on the hard drive that I pulled out of the first one.
I think I'll do some browsing here to see what I can find on this forum, then post a HijackThis log just to make sure that the computer I'm on now (in my office) is even really clean. GMER didn't warn of any rootkits, and an AVG scan looks clean so I think I'm ok, but at this point I'm entering full-on paranoia!
It was pretty messed up watching AVG start listing files becoming infected one by one (everything under \system32\drivers), but be unable to stop it or fix anything... was like a car crash in slow motion.