April 17: Files infected=1 C:\WINDOWS\SYSTEM32\DLL32.DLL (Backdoor.Bot.Q) --> Quarantined and deleted successfully.
April 21: Registry keys infected=1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) --> Quarantined and deleted successfully.
I didn't realize there were bugs for several days; I just happened to look at the logs. (My wife tends to close the scan results if nothing jumps out at her.) MBAM did not know what to do with the bugs so the log read "No action taken." I quarantined and removed immediately. I then googled the bugs, and not much out there. I could not find any specific steps for malware removal. A couple sources said that all of my personal information should be considered breached, so I changed all passwords, credit card, etc. It also said that the best course of action would be to back up my data files on an external hard drive, and then re-install windows.
I do have an external hard drive, but I have never re-installed Windows before. The most I have done is a system restore. I do have all the original installation disks, but I don’t know in what order to do things, how to make sure the system is clean once it’s time to reinstall windows, etc.
As for symptoms, I don’t know where to start. First of all, when I try to boot into Safe Made (F8), I get a black-and-white screen saying “Keyboard failure” and my keyboard nor mouse works at all. I then have to manually shut down by hitting power button. But then the 2nd time I try to boot into Safe Mode, it works. This pattern occurs every time I try. Also, as soon as Windows boots, I get an error message stating that WCES is unable to activate (due to an error code). Lots of error msgs. Also, Office 2003 Suite does not seem to be recognized.
The affected computer is my desktop (Dell Dimension 4550) running Windows XP Home SP3. I also have a laptop (Dell Precision M6300 with wireless high speed internet connection) which is working fine that I could use to transfer any software, etc. over to the affected computer (if it is unsafe to download anything using the desktop computer).
I did not post a HiJackThis log because I don’t know if that is the correct avenue to take. In other words, I don’t know if it’s necessary to perform extensive malware removal/diagnosis on a system for which the OS is going to be re-installed anyway. Please let me know if I am incorrect about this, and I will be happy to post a HJT (or any other type of) log.
Thanks in advance!
PS As for security, I use AVG 8.5 Free, Malwarebytes’ Anti-Malware, and SuperAntiSpyware. I also have SpywareBlaster and Windows XP Firewall.
Edited by Orange Blossom, 30 May 2009 - 08:25 PM.
Removed font changes for ease of reading. ~ OB