Two days ago I got hit with a combination of a bunch of viruses/trojans/spyware all at once. I had AVG off for a few days (very dumb I know) and SpyBot wasnt really able to stop anything except some BHO entries.
During that night and the next day I ran AVG, SpyBot, Avast, HJT and MABM, to try and clear whatever it was out. I was unsuccessful as I was never able to install SAS or reinstall Java since I was getting an error that "the administrator has set installation rights preventing this installation."
Here are the two logs from MABM and HJT I was able to email myself before the computer stopped letting me log in.
The symptoms I had when the virus hit were multiple popups, fake antivirus warnings, a fake antivirus warning in the task bar, firefox crashing, Windows eventually freezing while in normal mode. I noticed multiple random dlls being placed in system32, processes such as two instances of tinyproxy.exe running, searchin1.exe, a bunch of rundll.exe. I think I was infected through an Adobe Acrobat exploit as I remember when the popups were hitting I opened the task manager and saw Acrobat with very high CPU usage.
Some of the viruses I saw AVG/Spybot recognize were Virtumonde, Smitfraud, InternetSpeedMonitor, VirusTrigger, Zlob (saw in MBAM I think), and possibly a virus W32 Agent or something similar.
Since I cant log in at all now I am getting ready to take the HDDs out and install windows on a new one (I was able to backup some stuff to an external HDD earlier). I've been planning to do this since before I had the virus but now its forcing me.
Are there any precautions I should take when putting the new HDD in and installing windows? Is it possible for the virus to hide in the memory or another non-HDD part of the computer and then infect the new HDD? What about the external HDD I used? It was plugged in when the virus hit but I see no files on it that make me think it is infected.
Thanks for any help you can provide.
During that night and the next day I ran AVG, SpyBot, Avast, HJT and MABM, to try and clear whatever it was out. I was unsuccessful as I was never able to install SAS or reinstall Java since I was getting an error that "the administrator has set installation rights preventing this installation."
Here are the two logs from MABM and HJT I was able to email myself before the computer stopped letting me log in.
The symptoms I had when the virus hit were multiple popups, fake antivirus warnings, a fake antivirus warning in the task bar, firefox crashing, Windows eventually freezing while in normal mode. I noticed multiple random dlls being placed in system32, processes such as two instances of tinyproxy.exe running, searchin1.exe, a bunch of rundll.exe. I think I was infected through an Adobe Acrobat exploit as I remember when the popups were hitting I opened the task manager and saw Acrobat with very high CPU usage.
Some of the viruses I saw AVG/Spybot recognize were Virtumonde, Smitfraud, InternetSpeedMonitor, VirusTrigger, Zlob (saw in MBAM I think), and possibly a virus W32 Agent or something similar.
Since I cant log in at all now I am getting ready to take the HDDs out and install windows on a new one (I was able to backup some stuff to an external HDD earlier). I've been planning to do this since before I had the virus but now its forcing me.
Are there any precautions I should take when putting the new HDD in and installing windows? Is it possible for the virus to hide in the memory or another non-HDD part of the computer and then infect the new HDD? What about the external HDD I used? It was plugged in when the virus hit but I see no files on it that make me think it is infected.
Thanks for any help you can provide.