Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to find out for sure if I'm infected or not...


  • Please log in to reply
No replies to this topic

#1 Julestar

Julestar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 15 April 2011 - 08:32 PM

Recently my computer was being used and the person using it got a popup message intimating a possible infection and the requirement for a scan. They had clicked one button, but stopped and called me over before they did anything else. I believe I killed the download in progress, but just have not felt entirely confident since that time. The popup referred to Best Antivirus 2011 and although it did show in the Firefox download area it was greyed out.

I have a Windows 7 Enterprise. Operating system. I currently run NOD32 antivirus and antispyware. I sent an email to ESET regarding my suspicions. ESET sent me a document that said I probably downloaded a new variant of the Virtumonde aka Vundo Trojan and gave me website links to read about the virus. They also sent me a list of several other things I should do.



I have gone through the process of starting the computer in safe mode with networking have run an ESET online scan. Have downloaded ESET's RogueAV cleaner and Malwarebytes, downloaded SuperAntiSpyware and CCleaner and used these to scan in normal Windows and reran a custom scan with NOD32 and reran Malwarebytes. I stopped just short of running ComboFix because I lack the experience to use this.

My computer does not run slow, I can use the internet and both Firefox and Internet Explorer, do not have popups and NOD32 continues to update and scan. Maybe I'm just paranoid, but I'd like to know beyond a shadow of a doubt that my system isn't infected. Today a suspicious communication was stopped with Adobe called payload123, which only heightens my suspicions. My K9 filter is also popping up with security blocks.

When I do scan with NOD32 though, it brings up the following during a scan

C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]

Is someone able to help me in determining that my system has not been comprimised in any way. And if it is comprimised how do I fix it?

Edited by Julestar, 16 April 2011 - 12:27 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users