-run TDS Killer
-update McAfee AV
-run full scan McAFee AV
The first 3 steps went normally without any issues being found. On opening Action Center, I'm greeted with:
Remove the TrojanDownloader:Win32/Adload.DA virus from your computer
Windows has detected TrojanDownloader:Win32/Adload.DA, a known computer virus, on your computer.
To remove the virus from your computer, follow these instructions:
Go to the following website:
Microsoft Safety Scanner
Click Download Now, and then follow the instructions on the screen.
The thing that bothers me is that doing a Google search on that alleged trojan gives a lot of hits on very similarly worded websites with dire warnings about this trojan but they all have links to AV software I've never heard of. Searching for information about this supposed Trojan on McAfee's (and Norton's, and Kaspersky's, and Avast's and AVG's)web site turn up nothing.
I did download the Microsoft Safety Scanner, and running in quick mode turned up nothing. It's currently about 1 hour into a full scan and so far again 0 files infected.
Today the computer did have a crash from which Windows recovered without having to reboot the computer, but that's not entirely abnormal (it _is_ a Microsoft OS after all). I haven't gotten any popup ads, nor have there been any unusual browser activity or reports from the McAfee firewall about unusual outgoing requests.
There are so many rogue programs out there that it bothers me that none of the reputable AV sites have any information about this supposed infection, nor does a search on your forum mention this particular malware. However it did appear to be a legitimate Windows Action Center message. I was also puzzled how Action Center would pick this up when the freshly updated AV software didn't, although on further reflection, it may have been part of a "Windows solution" that came from the automatic crash report that got sent back to Microsoft.
So, Am I Infected?
Currently I'm Running Windows 7 Ultimate with SP1 and all Microsoft updates installed and McAfee Security Center 11.0.0678, Virus Scan 15.0.302. TDSKiller is 184.108.40.206.
Here's an update:
Early this AM I rechecked the computer, and Microsoft safety scanner reported no infected files. However, I did get a firewall warning that Adobe Flash Updater was attempting an outgoing connection. I hadn't received any updates of Adobe Flash, so I did not authorize it. In retrospect I did recently apply the Firefox 13.0 and 13.0.1 updates and soon after that got a firewall warning about Realplayer update making an outgoing connection. As there had been some incompatibility issues between part of Realplayer, Flash, and Firefox, I didn't think that was unusual at the time (an update to resolve the incompatibilities) but retrospectively I'm wondering if that (and this AM's warming) was spyware sending out information. A also ran GMER this morning and got some worrisome findings.
Thanks in advance
Edited by Bill 0, 23 June 2012 - 08:52 PM.