Posted 17 October 2011 - 11:13 AM
Okay, so today I got a file from a friend and didn't scan it first because I stupidly assumed it would be fine. It was a file for Nuance Dragon and it came with a lovely trojan-clicker.win32.agent.ryc. I have KasperSky and scanned the folder and ran a critical and full computer scan when a notification came up about the trojan, but it wouldn't let me quarantine the file or take any action against it. The file wouldn't let me delete it, it said I had to have permission from the admin, which I am. I tried Shift+Delete, and the file would look like it was deleted, but when I refreshed the folder it was in, it reappeared. I looked on the internet for a solution, I checked my processes and looked up the '.exe' things that were running, and downloaded and ran HijackThis, Spybot - Search & Destroy, Exterminate It, and MalwareBytes. Now, I think I got rid of it, the file isn't showing up where I originally put it. The full computer KasperSky scan I had been running since the the notification made progress from the 1% complete it had been stuck at for a couple of hours. The Nuance Dragon file was a '.rar' file so I uninstalled WinRar, which was not something I found anywhere online, but that seems to have allowed me to get rid of it. I recently had to uninstall winrar to get a program to install. One question I have is, is there a chance it could still be on my computer or have done something that could potentially harm my computer in some way or anything? Or is it really gone? I also found some things that I looked up that seemed like they could potentially or possibly be harmful, I found rundll.exe.mui in System32\en-US and these next three were all modified today; PerfStringBackup.ini, Perfc009.dat and Perfh009.dat, all in System32.
Is my system in jeopardy as far as you can tell with the info given? And if you need more info, I will gladly give it seeing as I would like not to fear for my beloved laptop and my files for school. I already had issues over the summer where I had to back my files up on a separate computer so I could set it back to factory settings twice because of a virus and stuff (I didn't have KasperSky at the time, but got it because of that incident).
I read something that said it may go to sites to increase ad views or something and that it may change internet settings and my HijackThis log showed those kinds of activities, along with several suspicious activities and am concerned that I did not fully remove the trojan-clicker.