The latest symptom, and the most scary, is that if I attempt to run Thunderbird email client about 10-12 Java sessions start and connect to ?? and start downloading a ton of stuff. I immediately terminated TBird & those sessions using process manager so I don't have details regarding that at this time. I can get a screen cap and post it, though.
I have Win Sys Internals installed. Nothing appears out of the ordinary in Autoruns or PortMon (at least until TBird started. Yikes!)
After reading a few of the tutorials here, I looked for a rootkit scanner that supports Win7 and only found one, Sophos, but, since it is unfamiliar to me, I did not dl or use it.
At this point the infected machine, Linus, is disconnected from the network and I'm using a backup computer to communicate to write this.
Where do I go from here? Any thoughts will be much appreciated.
Thank you for reading.
PS - a little more info may help. It's Win 7 64 bit. I have a full system backup from Tuesday (unfortunately, after the infection, but before the real nasty stuff started) and another from about 6 weeks ago that will be clean. I put windows & it's necessaries on the C: drive and 90+% of the apps, utils, etc on the D: drive. Data, pics, etc is on E: through I: with only 2-3 exes on E:. Nothing but data on the rest.
Edited by NichePlayer, 13 August 2010 - 04:00 PM.