Hi everyone
This history is constructed from memory/AVG 8.0 logs. It should be fairly accurate.
About a week ago (2008-09-01), while online, AVG resident shield notified me of a virus. From the AVG resident shield log, I think it was "dropper.bravix.a" located in {my profile}/Temp/qnopkjc.exe. I ran the AVG scan and it found "downloader.fraudload.n" located in {my profile}/Temp/nclincba.exe.
The next morning (2008-09-02) I ran another AVG scan and it found 4 instances of "downloader.generic7.akat" located in scvhost (one of them listed with a 5304) and a registry key with reference to the infected file.
I think (it's been a week so the order might be a little off) I noticed after the 2nd AVG scan (morning of 2008-09-02) windows firewall was off. I’m not sure if any malware can turn this off and I can't think of any reason I would have turned off the firewall but...
I turned windows firewall on and (a few days later) installed Zone Alarm (which also turns off windows firewall)
Also, I was starting to get a little spooked, so I installed Avast (with AVG also running-I understand this is bad and just removed it). Avast installation reboots the computer and performs a scan before windows loads. This scan found 2 infections (one in a restore point) but I can't find a log file to list them.
Later that night (2008-09-02), AVG resident found another copy of "downloader.generic7.akat" in a system restore point.
Since then, no issues have been found, but I've been afraid to use the computer so it does not have a lot of usage.
I followed the instructions in the preliminary removal thread.
Panda root kit found nothing.
MBAM found one listing from PeoplePC (pre-loaded on the computer when purchased-I think this is a false positive).
I've attached the requested log files (MBAM log from after PeoplePC issue was removed). Any help is very much appreciated.
Update (2008-09-09 8:57pm US EST)
I don't know if this should be an edit or new post (or if this even matters...)
I updated AVG and ran a scan (nothing found). Then I updated Adaware and ran a scan. Not sure if AVG resident would cause any issues with the Adaware scan so I turned the wireless switch on my laptop off, and turned of AVG resident scan off while adaware was running (Adaware found some tracking cookies and MRUs).
After turning the AVG resident shield back on, I turned the wireless switch on the laptop on and repaired the connection. A few minutes later, ZoneAlarm notified me I was pinged from 98.243.11.73 which ARIN WHOIS lists as Comcast Cable (someone else's ISP?).
How can I be pinged if my Linksys WRT54G router has "Block Anonymous Internet Requests" enabled?
Do I need to be concerned?
This history is constructed from memory/AVG 8.0 logs. It should be fairly accurate.
About a week ago (2008-09-01), while online, AVG resident shield notified me of a virus. From the AVG resident shield log, I think it was "dropper.bravix.a" located in {my profile}/Temp/qnopkjc.exe. I ran the AVG scan and it found "downloader.fraudload.n" located in {my profile}/Temp/nclincba.exe.
The next morning (2008-09-02) I ran another AVG scan and it found 4 instances of "downloader.generic7.akat" located in scvhost (one of them listed with a 5304) and a registry key with reference to the infected file.
I think (it's been a week so the order might be a little off) I noticed after the 2nd AVG scan (morning of 2008-09-02) windows firewall was off. I’m not sure if any malware can turn this off and I can't think of any reason I would have turned off the firewall but...
I turned windows firewall on and (a few days later) installed Zone Alarm (which also turns off windows firewall)
Also, I was starting to get a little spooked, so I installed Avast (with AVG also running-I understand this is bad and just removed it). Avast installation reboots the computer and performs a scan before windows loads. This scan found 2 infections (one in a restore point) but I can't find a log file to list them.
Later that night (2008-09-02), AVG resident found another copy of "downloader.generic7.akat" in a system restore point.
Since then, no issues have been found, but I've been afraid to use the computer so it does not have a lot of usage.
I followed the instructions in the preliminary removal thread.
Panda root kit found nothing.
MBAM found one listing from PeoplePC (pre-loaded on the computer when purchased-I think this is a false positive).
I've attached the requested log files (MBAM log from after PeoplePC issue was removed). Any help is very much appreciated.
Update (2008-09-09 8:57pm US EST)
I don't know if this should be an edit or new post (or if this even matters...)
I updated AVG and ran a scan (nothing found). Then I updated Adaware and ran a scan. Not sure if AVG resident would cause any issues with the Adaware scan so I turned the wireless switch on my laptop off, and turned of AVG resident scan off while adaware was running (Adaware found some tracking cookies and MRUs).
After turning the AVG resident shield back on, I turned the wireless switch on the laptop on and repaired the connection. A few minutes later, ZoneAlarm notified me I was pinged from 98.243.11.73 which ARIN WHOIS lists as Comcast Cable (someone else's ISP?).
How can I be pinged if my Linksys WRT54G router has "Block Anonymous Internet Requests" enabled?
Do I need to be concerned?