Posted 10 December 2009 - 01:49 PM
One of my workstations got hit by the Psecurity trojan yesterday.
I followed the instructions here to remove it (THANK YOU EVER SO MUCH FOR THE SIMPLE INSTRUCTIONS!!!!!) and think I got it off. I've run quick and full scans on Malwarebytes several times , as well as AVG and Windows Defender. The first MWB run picked up 25 trojans, all associated with Psecurity, which I isolated and deleted.
We have no idea how we got the virus.
But one thing is nagging at me. I emailed the bleepingcomputer URL from my own workstation (which is clean) to the infected computer. Because Psecurity blocked MWB and AVG and also redirected IE on that workstation, I ended up having to put Rkill and MW on a harddrive and cleaned the infected computer that way.
Today, though, my own bleepingcomputer email I sent myself shows on Outlook as a file with unread email, and the unread email is a Viagra email with an attachment.
I've run several other test emails from my office, home and phone email addresses this afternoon, and nothing else is showing up that way.
Am I worrying unecessarily? It's just making me uneasy that I've missed something.
BTW, this particular workstation has an email address (we have one Outlook express email box set up per workstation) that has just been hammered by Viagra emails. This is the workstation that an elderly family member uses, bless her heart. She deletes those that clear the filter without reading them, and then empties her email box immediately because they embarrass her so bad to know they're sitting there. I think she equates it to finding Playboys under the bed, lol!
Am just worried. PSecurity seems to be a particularly nasty pest.