So, yeah...This other day, I'm just strolling along, and BAM! Here comes this virus and hits me over the head. It was called Trojan.Goldun.
I run spysweeper full-time, and have my little linksys router firewalling me as well, and that was enough to tell that I was in trouble. I ran all the normals through spysweeper, it found quite a few, goldun included, allegedly removed them all, and there you have it, end of story.
THEN - Spysweeper kept popping up its www shield saying it was blocking access to url " " with no listing as to what url it was blocking, which is odd. Normally I almost never even see a message from SS, but when I do, it at least tells me WHAT its blocking, not this time. So I ran another sweep, just to double-check, and it comes up with troj.backdoor.goldun once again. Now recognizing that I need additional help beyond that of SS, I check google for methods of killing Goldun.
Enter X-Cleaner. <Insert ominous sounding theme music here>
X-Cleaner runs at startup, catches a few trojans that SS did not, such as Zlob, and never says a word about goldun, even though after that, SS no longer detects goldun either! So now I'm thinking that X-Cleaner did the job, but just to be sure, I scan with both SS and X, then reboot in safe mode after turning off system restore, and scan once again with both, and then restart windows to allow SS to scan memory, and then yet again load into windows normally and scan with both again. No evidence at ALL. Everything seems to be fine!
Now to the root of my concern. Ever since this incident, I notice that there is a lot of Internet/computer activity going on on my router lights. I have a server and 2 gaming rigs set up, and the possibly infected rig is constantly flashing on the router as if I'm in the middle of a game of World of Warcraft, even when sitting idle, while the other 2 machines are just doing their normal random hits. I log my url activity through my router, and it shows 20-30 different outgoing ip address hits every couple seconds, most of them smtp, and ALL from my infected rig.
I'm pretty sure there is still something going on, and Goldun has me worried because I do some of my banking online and I know that is one of its target goals. I'm not sure what else to do, this could all be my imagination, I'm sure...but I would really love it if anyone could give me any good methods to be more confident that I am no longer infected or clean any remaining infections.
Now then, I am your clay o wise masters of bleeping computer.com! Mold me into a virus eating machine! Teach me the ways of light so I may fight back against the evils or vir...you get the idea. ;)