To whom it may concern ,
I am posting here in order to seek help for a possible infection . Here's what happened :
- I had Malwarebyte's Anti-Malware, Ad-aware free edition and McAfee Antivirus Plus installed on my PC. I was running a full scan with ad-aware and McAfee, when ad-aware suddenly closed and McAfee encountered an error ( sorry I don't have a print screen nor the exact words but it said it encountered an error while scanning , and it stopped scanning ). I tried several times to rerun a full scan for each of ad-aware and McAfee, but ad-aware kept disappearing sometime after the scan began, and McAfee kept encountering an error. I uninstalled ad-aware and didn't install it back, and I uninstalled McAfee and re-installed it back, ran a full scan and found nothing. I also ran a full Malwarebyte's Anti-Malware and found nothing.
- I have virtual box installed, along with a ISO image of backtrack 4 which I used to run a virtual machine. I used nmap yesterday in order to scan all ports of my PC ( I used the following command : nmap internal-ip ) and it showed few open ports, and among them was TCP 1035 with a service called 'multidropper'. A quick search on Google shows that this is most probably a trojan, however nothing showed on the full scans of McAfee and Malwarebyte's Anti-Malware. I rescanned all ports today with nmap and port 1035 TCP is no longer open, however there are few unknown open ports and few that looks suspicious ( i.e. TCP 1027 for the IIS service, knowing that I have never ever had IIS server, I use Apache 2 instead ).
- I installed SUPERAntiSpyware Free Edition and ran a full scan and found this : Trojan.Vundo-Variant/F located in C:\WINDOWS\CRYSTAL\U2LESBSE.DLL however I am afraid that this might be a false positive; I don't want to remove it via SAS unless I am sure this is really the multidropper Trojan ( or an other Trojan ) because this is a DLL file located in the windows folder and I know that removing such a file might be dangerous.
I am running Windows 7 Ultimate 64 bits edition.
Thank you in advance ,
Have a nice day ,
Best Regards ,
Edited by Leeeeeeelo, 16 April 2011 - 07:07 AM.