A couple days after installing Orb I wanted to add my music library to my media database. While uploading these files I noticed my current antivirus software Trend Micro Titanium Internet Security 2011 (TMTIS 2011) was warning me that that a program on my computer was displaying trojan like behavior (I had my internet traffic security settings in TMTIS 2011 on "high"). I *vaguely* recall the reason was because Orb was trying to "open network connections". I did a google search and found that other people had this same trouble with Orb and other antivirus software and that you could just give Orb privelages in order to allow it to operate. I tried to allow Orb to operate in my TMTIS 2011 but found this did not stop the warnings so I, foolishly I admit, turned TMTIS 2011 off, left the house for the day and enjoyed some music at my work. I figured I would find some other antivirus software that would work alongside Orb later when I got home.
When I got back home I went accessed my online bank, bank of america, and after logging in received a very obvious and troubling pop up (described exactly here, http://www.computing.net/answers/security/bank-of-america-authorization-required-virus/32495.html). I then remembered that TMTIS 2011 had been deactivated so turned it back on. TMTIS 2011 immediately found 2 "viruses" which were described as "trojan.zbot.gen" and something like 92 "web threats". I ran TMTIS 2011 again and it the amount of "viruses" stayed at 2 but the amount of "web threats" changed to 107. I have some knowledge about virus protection and removal so I immediately downloaded Malwarebytes from the internet and disconnected my computer from the internet in a hope to minimize the damage. Before disconecting from the internet TMTIS 2011 warned that it had successfully stopped a program from tranferring my email address over the internet.
I apologize but the accuracy of my description is low because I am not at my computer right now and I didn't screen capture anything or write down the exact warnings. Stuff in quotes is what I remember to the best of my knowledge.
As of now Malwarebytes found the 2 virus (I assume the trojan.zbot.gen) and said that it removed them. I ran Malwarebytes again and then left the house for the day and am sending this from my work. I don't know if Malwarebytes has/will find them again.
First of all I would like to know what the best course of action is to be sure that the trojan is completely removed from my computer.
Next, is there anyway to know if the personal information on my computer has been compromised (TMTIS 2011 was off for about 8-12 hours)? The only thing saved in Internet Explorer are my usernames on facebook and gmail (which tend to be email addresses). No web application I use saves passwords. I use my credit card to buy stuff online, could my bank info by compromised?
Finally, is this Orb program legit? Is it possible it is the reason I got a trojan or was Orb? Or did I get a trojan just because I was stupid and deactivated my antivirus? I don't think of using Orb as being the same thing as file sharing but I would like some advice on whether this program can be trusted (there website swears up and down that they are legit but when it comes down to it they made the website).
I will update my post after I get home and see what Malwarebytes has found and what TMTIS 2011 finds. But I probably won't connect my home computer to the internet until I'm sure I have removed everything. I really appreciate the help from those of you in this collective, you guys helped me about a year or so ago with a virus and I'm sorry to be knocking on your door again.
Edited by hamluis, 25 February 2011 - 01:35 PM.
Moved from XP to Am I Infected.