About a week ago, I got infected with Antivir Solutions Pro through a vulnerable Java Deployment Toolkit (old version). I removed it without any problems and updated the old java toolkit.
Flash forward to yesterday, got a warning by Mozilla (in firefox) that a website was malicious, ignored it out of curiosity, got a warning from NOD32 that a malicious attempt was blocked.
After deobfuscating a part of it, I found that someone did it fully, available in post by Habanero here. Not really very helpful, it basically changes which domain is displayed in an iframe based on the date. I have run the page with the code, was not warned by NOD32 - I am not sure if the iframe exploit was successful.
So basically I am not sure which time the password was stolen (probably taken from Filezilla). I scanned yesterday and today using NOD32 (which I have had running, and was running at the time of the Antivir Solutions Pro infection but did not stop it), scanned using malware bytes. Some stuff was removed the first time but I am pretty sure the content was false positives as I have had it on this computer for a long time.
I changed all the passwords but I've not seen log-in attempts since (either successful or unsuccessful, again, via /var/log/messages).
Wondering how I can further check whether I am infected by anything. Running a 64-bit version of Windows 7.
Edited by tsk05, 13 August 2010 - 05:21 AM.