Posted 07 December 2011 - 04:47 PM
First, my system:
Old Dell Inspiron Laptop I6400
Microsoft Windows XP
Media Center Edition
Service Pack 3
At the time of the possible infection I was running Avira Antivir Free. I was using Internet Explorer 8.
Next, the symptoms (what I saw):
I was searching in yahoo looking for anything to help my Dad with a cell phone problem. I had clicked on multiple links to sites relating to that - cell phone sites, forums, etc.. Everything seemed ok. Then on my next click I found myself with a popup window that said "Please Wait! We check your devices" and a full normal sized browser window that appeared to be scanning my computer. Looking at my browser history, it looks like the "Please wait! We check your devices" came from 220.127.116.11 and the other window was 18.104.22.168. I see two other websites in my browser history from yesterday that I don't recognize. I don't know if a site I went to led me there, or if they are further sign of infection. 20732.c.evoplus and 21291.hit75.namiflow.
What I immediately did last night:
I tried clicking the x in the top of each window and nothing happened, so I brought up task manager and killed all applications running at the time. All internet explorers went away along with everything else. I ran the Avast Antivir Free. It cleaned up some cookies but did nothing else. However, I needed to shut down for the night and didn't let it finish.
What I did today:
My husband had said that he thought we should get better virus protection and last week had brought home Symantec Endpoint Protection from work. I uninstalled Avast Antivir Free and installed the Symantec Endpoint Protection. I did a whole computer scan. It quarantined one cookie and all of the following that it identified as trojans: gogol/Emailer.class, gogol/Familie.class, gogol/PhonBook.class, Is.class, MyName.class, Phone.class, and two compressed files (names are a mix of letters and numbers, 8 characters - 8 characters). It struck me as odd that it took 3 hours and said I have over 500,000 files on the computer. When I looked myself it looks like I have only over 100,000.
I have been using google and yahoo all day today trying to find a connection between these quarantined trojans and the behavior I saw yesterday. I've not found a connection. I've seen no strange popups and no strange redirects. The link I click on from my yahoo and google searches is what I go to.
So....given this.....does it mean I avoided infection by killing the two windows with task manager? Or am I infected and just haven't seen more signs of it yet?
If infected I know that I'll be moved to another forum for fix....if that happens it will be Sunday afternoon before I can take the first corrective action. I figured everyone is busy so it would be at least a few days before anyone got back with me. Thanks in advance for the help.