I got infected with Win32:Fakeinit-H[TRJ] and I am not sure if there is an active backdoor/keylogger. How do I know whether there is an active backdoor/keylogger?
When I first scanned my laptop, I deleted whatever that is detected (sorry, I didn't know I was supposed to move it to the chest).
Right after being infected, I got this message 'this windows is not original' but now the message is gone.
I was told that I would get pop ups and stuff like that, but I didn't get any of those.
After discovering Win32:Fakeinit-H[TRJ] I realised there are Bredolab and ZBot-MNS.
I have uninstalled P2P such as Ares and Bittorent.
Thanks in advance for those who can help me out of this mess.
Here is the report from Avast:
1/1/2010 10:22:41 AM SYSTEM 1580 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Windows\SoftwareDistribution\Download\794e187ec6eaa79a3c9915e164e61f37\BIT7457.tmp (C:\Windows\SoftwareDistribution\Download\794e187ec6eaa79a3c9915e164e61f37\BIT7457.tmp) returning error, 00000026.
2/1/2010 6:46:48 PM SYSTEM 1644 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
2/1/2010 6:46:49 PM SYSTEM 1644 An error has occured while attempting to update. Please check the logs.
5/1/2010 9:54:40 AM SYSTEM 1660 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Windows\SoftwareDistribution\Download\3e300a01c97e9a02cdecdcab81762ba8\BITD4BE.tmp (C:\Windows\SoftwareDistribution\Download\3e300a01c97e9a02cdecdcab81762ba8\BITD4BE.tmp) returning error, 00000026.
5/1/2010 4:17:04 PM SYSTEM 1660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\sarah\AppData\Local\Ares\My Shared Folder\___ARESTRA___the sims 3 +crack.exe\MsgUpdate.dll" file.
5/1/2010 4:17:24 PM SYSTEM 1660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\sarah\AppData\Local\Ares\My Shared Folder\___ARESTRA___the sims 3 +crack.exe\IgfxSys.dll" file.
5/1/2010 4:18:23 PM SYSTEM 1660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\sarah\AppData\Local\Ares\My Shared Folder\___ARESTRA___the sims 3 +crack.exe\phuninst.dll" file.
11/1/2010 4:05:59 PM SYSTEM 1640 Sign of "HTML:Iframe-inf" has been found in "
http://profiles.lovingyou.com/library/stories.php" file.
11/1/2010 4:06:06 PM SYSTEM 1640 Sign of "HTML:Iframe-inf" has been found in "C:\Users\sarah\AppData\Local\Mozilla\Firefox\Profiles\t99aolvu.default\Cache\AB0E6D9Bd01" file.
14/1/2010 12:38:17 AM SYSTEM 1572 Sign of "Win32:FakeAlert-GD [Trj]" has been found in "C:\Users\sarah\AppData\Local\Temp\~TM84C7.tmp" file.
14/1/2010 12:38:31 AM SYSTEM 1572 Sign of "Win32:Zbot-MNS [Trj]" has been found in "D:\Internet\Temporary Internet Files\Content.IE5\6RXRWKBM\dfghfghgfj[1].dll" file.
14/1/2010 12:38:38 AM SYSTEM 1572 Sign of "Win32:Zbot-MNS [Trj]" has been found in "C:\Windows\System32\helper32.dll" file.
14/1/2010 8:52:59 AM SYSTEM 1592 Sign of "Win32:Fakeinit-H [Trj]" has been found in "C:\Windows\System32\smss32.exe" file.
14/1/2010 8:58:52 AM sarah 2912 Sign of "Win32:Fakeinit-H [Trj]" has been found in "c:\windows\system32\smss32.exe" file.
14/1/2010 8:59:08 AM sarah 2912 Sign of "Win32:Fakeinit-H [Trj]" has been found in "c:\windows\system32\winlogon32.exe" file.
14/1/2010 8:50:57 PM SYSTEM 1620 Sign of "Win32:Bredolab-BM [Trj]" has been found in "C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rarype32.exe" file.
14/1/2010 9:23:53 PM SYSTEM 1620 Sign of "Win32:Bredolab-BM [Trj]" has been found in "Incoming email 'UPS Tracking Number 5430399.' From: "UPS Manager Shauna Browning" <tracking.support@ups.com>, To: <sarah@writingconsultation.com>\UPS_invoice_NR8745.zip#1249735697\UPS_invoice_NR8745.exe" file.
14/1/2010 9:29:26 PM sarah 4656 Sign of "Win32:Bredolab-BM [Trj]" has been found in "c:\users\sarah\appdata\roaming\microsoft\windows\start menu\programs\startup\rarype32.exe" file.
I have also done DDS. Please fine the attachment for Avast report. Thanks.