About a week ago, I appear to have been infected with some sort of malware. After further research, I believe that it may be some variant of the Vundo trojan horse. When I first noticed something was amiss, I found a suspicious process, prunnet.exe, running in task manager (along with two instances of rundll32.exe - not sure if this is/was a problem). I have also experienced: numerous Zone Alarm warnings from programs trying to access the Internet and trusted zone, several pop up windows that appear and then instantly disappear, rerouting of URLs in Firefox, the appearance of a desktop shortcut to some web site (did not use it), among other symptoms.
Actions Taken So Far:
- When started experiencing above symptoms, ran a whole system scan in AVG Free 8.0 > identified 17 infected objects, but the system rebooted before the scan completed. According to AVG scan log: 13 objects moved to Virus Vault, 1 deleted and 3 require reboot to finish the action.
- Reviewed Add/Remove Programs > one entry suspect to me: "Advertisement Service"
-Enabled viewing of system/hidden files
-Ran Microsoft Windows Malicious Software Removal Tool (MWMSRT) for Dec 2008 (most recent found on Microsoft site) > found 5 infected items
-Per instructions from MWMSRT, ran another whole system scan with AVG 8.0 > found 1 infected item
-Ran ATF-Cleaner (including Firefox cleaning)
-Installed MB Anti-Malware, ran a full scan and removed all results (there were many)
-Ran ESET Online Scanner with "Scan unwanted applications" selected > found 1 infected item
-Changed name of HiJackThis executable file, and ran HiJackThis scan
-Created Uninstall List with HiJackThis
The laptop now seems to be running better. The desktop Internet shortcut is gone. The "Advertisement Service" item in Add/Remove Programs is gone. I don't get redirected away from my home page when opening Firefox. I have not had any more of the pop up windows since I ran the initial AVG virus scan (perhaps quarantined the portion of this infection causing it).
Unfortunately, the ESET online scan did find one item, and I fear that this thing is not totally eradicated yet.
I would greatly appreciate help determining if I am free of this infection yet, and if not, what I need to do to finish the job. I will post my MBA-M, ESET Online Scanner and HiJackThis logs and the Uninstall List in separate replies to this initial post.