i just caught a virus trying to install itself. for the record, i was installing the latest update of youtubeDownloader 2.9.6. i have a registry monitor called WinPatrol running at all times and it pops up anytime a program is trying to do some funny stuff. it alerted me of a program called Sendori trying to attach itself to random places. i clicked "No" for 6 or 7 times, which seemed to halt the virus from entirely manifesting. all references were to "Sendori". a little googling says the virus hijacks your dns server settings.
my ip4/6 interface settings are still the same, they didn't change including dns. i ran hijackThis and found 4 references to the Sendori directory (not hidden; simply program files directory).
we all know some uninstalls actually kick off a deeper configuration of the virus, but after some checkups i decided it would be ok to uninstall normally from control panel.
after the uninstall, the program's entries in the hijackThis log did disappear. i checked the registry for Run and RunOnce and there are no entries for the program (neither obvious or non-obvious) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunOnce
my question is, after the uninstall it prompted me i needed to restart my computer to complete. i clicked X (neither yes or no) and now i'm curious if there's anywhere else i should check. the program's obvious directory is gone, there are no startup entries in the registry and winpatrol and hijackThis aren't showing anything. i'm still nervous to reboot... does anyone have any additional suggestions of places i can guarantee a reboot won't fire this thing off again?
close call, nonetheless. many thanks in advance
Edited by hamluis, 18 December 2012 - 10:16 AM.
Moved from Win 7 to Am I Infected - Hamluis.