Hello --
This is my first post as a member, and unfortunately, it has to do with my infected home PC. Right off the bat, I'd like to thank you folks for posting this very useful information and helping us *****s out. Having a virus on your computer is no fun at all.
The story: a few days ago (Wed, the 18th), I downloaded and opened an unknown executable, which I thought was another benign program. My Symantec Norton Antivirus immediately detected and quarantined numerous infected files (perhaps ~20), with names like "Downloader", "Trojan", "TrojanHorse", and "Virtomonde". After running various scans with Norton, SS&D, etc. and searching on the web a little, I encounted a useful program called VundoFix. I ran it, it seemed to work, but then after I rebooted my computer and started Explorer again, everything was back (Norton detected a couple more "Downloader" and "Virtomonde" files, which it failed to quarantine). Is this "Downloader" reinstalling the virus on my computer when I reboot? Very devious.
The only symptoms I noticed on my computer were:
1. Pop-ups
2. the presence of "My Way Search Assistant" in my Add/Remove programs list
3. the presence of "Outerinfo" in my Start menu.
4. the presence of a few unknown (and probably malicious) "add-ons" in my "Manage Add-ons" window of Explorer. Even if I tried to disable them, they would be enabled again later.
I dug deeper on the web, read more, and decided that I really did want to clean this rather than do a complete re-install of Windows. I encounted this forum, and printed out the instructions at https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
This morning, I followed the instructions step-by-step, with my computer disconnected from the internet (so I skipped Step 3: online scan). Several of the programs (including all three of the Virtumonde "tools") detected, eliminated, and/or quarantined infected files. Norton, SS&D, and Adaware didn't find anything. The Rootkit scan didn't find anything either. However, I still don't know if my computer is clean. I have yet to reconnect to the internet, and wanted to pass this HJT log by you guys before I do so. I also uninstalled all my old versions of Java.
As requested, I've attached the final HJT log, the AVG log, and the Combofix log. I have others, if you need them (including the most recent VundoFix log).
I'm fairly good with my PC, and would be comfortable editing my registry if that becomes necessary. I am embarrassed that I opened an exe that had no right to be opened, and am a little worried that personal info on my PC was transfered to some schmuck.
Any help/advice you could offer would be very much appreciated.
-- haz
This is my first post as a member, and unfortunately, it has to do with my infected home PC. Right off the bat, I'd like to thank you folks for posting this very useful information and helping us *****s out. Having a virus on your computer is no fun at all.
The story: a few days ago (Wed, the 18th), I downloaded and opened an unknown executable, which I thought was another benign program. My Symantec Norton Antivirus immediately detected and quarantined numerous infected files (perhaps ~20), with names like "Downloader", "Trojan", "TrojanHorse", and "Virtomonde". After running various scans with Norton, SS&D, etc. and searching on the web a little, I encounted a useful program called VundoFix. I ran it, it seemed to work, but then after I rebooted my computer and started Explorer again, everything was back (Norton detected a couple more "Downloader" and "Virtomonde" files, which it failed to quarantine). Is this "Downloader" reinstalling the virus on my computer when I reboot? Very devious.
The only symptoms I noticed on my computer were:
1. Pop-ups
2. the presence of "My Way Search Assistant" in my Add/Remove programs list
3. the presence of "Outerinfo" in my Start menu.
4. the presence of a few unknown (and probably malicious) "add-ons" in my "Manage Add-ons" window of Explorer. Even if I tried to disable them, they would be enabled again later.
I dug deeper on the web, read more, and decided that I really did want to clean this rather than do a complete re-install of Windows. I encounted this forum, and printed out the instructions at https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
This morning, I followed the instructions step-by-step, with my computer disconnected from the internet (so I skipped Step 3: online scan). Several of the programs (including all three of the Virtumonde "tools") detected, eliminated, and/or quarantined infected files. Norton, SS&D, and Adaware didn't find anything. The Rootkit scan didn't find anything either. However, I still don't know if my computer is clean. I have yet to reconnect to the internet, and wanted to pass this HJT log by you guys before I do so. I also uninstalled all my old versions of Java.
As requested, I've attached the final HJT log, the AVG log, and the Combofix log. I have others, if you need them (including the most recent VundoFix log).
I'm fairly good with my PC, and would be comfortable editing my registry if that becomes necessary. I am embarrassed that I opened an exe that had no right to be opened, and am a little worried that personal info on my PC was transfered to some schmuck.
Any help/advice you could offer would be very much appreciated.
-- haz
