No replies to this topic

[aquahiker]

Hi - I got the security tool virus earlier and found this forum which was great.

I reviewed other recent postings and ran the exeHelper and then ComboFix which seemed to have done the trick to my great relief since I'm leaving in 2 days to go overseas to a part of the world where internet connection isn't commonly available.

I do have a few questions though and was wondering if somebody like chamber or matt can answer...

this was my exeHelper log:

=====

exeHelper by Raktor
Build 20091021
Run at 01:12:45 on 10/23/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\calc.dll
Deleting file C:\Documents and Settings\Geo\ntuser.dll
Error deleting C:\Documents and Settings\Geo\ntuser.dll
Deleting file C:\Documents and Settings\Geo\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\Geo\Start Menu\Programs\Startup\scandisk.lnk
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

=====

Questions:

1 - Has this done any damage? Do I need to reset all my passwords? I had to register to post on this forum and log into my Yahoo mail account to click on the activation link.

2 - How did this happen in the first place and is there any way to prevent this from happening again on my machine in the future?

Much thanks.

Geo