Still infected or not?

[bekker]

Hi all,

What happened:
- I got hit by the ping.exe 100% CPU virus a couple of days ago (before I discovered this forum) on my Windows 7 64 Ultimate machine

- I downloaded the latest AVG rescue CD, booted and did a full system scan. It discovered five infected files (some trojans) one of which was consrv.dll. these files were then "healed" by AVG.

- I rebooted into windows, this triggered the windows startup repair tool. This tool then set the system back to an earlier restore point. After about 1.5 hours of repairs my windows 7 system started normally again.

- I downloaded MBAM and let it do a full system scan. It did not find any malware

- I then rebooted windows in safe mode and ran MBAM again. Again no malware found.

- I ran iptraf on my linux firewall to sniff out suspicious IP traffic from the windows box. It found that right after booting, even before user login, the windows system would contact IP addresses which all pointed to hostnames under compute-1.amazonaws.com or compute-2.amazonaws.com. This is I believe the Amazon Cloud service. I do have a Cloud sync application (always sync) running on my system.

The "good" news is that I find no evidence of browser hijacks, advert popups or other suspicious activities apart from those Amazon IP addresses.

Right now I have Immunet 3.0 and MBAM (trial period) running.

I am now quite paranoid about the windows 7 system so I am trying to find out if it is still infected.  I have attached the OTL and aswMBR logs as requested (see also next post). MBAM did not find anything so I did not attach any MBAM logs.

I hope somebody can help me regain some peace of mind :-).

Regards

Chera Bekker

[bekker]

And the other two log files.

[essexboy]

Hi it looks to have gone.. You were lucky that you had the old variant, without the protecting service.  Otherwise use of the AVG rescue disc may have caused an unbootable system

Are you experiencing any problems at all ?

[bekker]

Hi Essexboy,

Thanks for your reply. I don't see any signs of malware right now. No browser hijacks, popups, antivirus applications blocked, system tools that refuse to run. Only those suspicious connections that I logged at my firewall.

I guess I've been really lucky. When the trial period of Malwarebytes ends I'll install Avast. I hope it plays nice with Immunenet.

Thanks again.

Chera

[essexboy]

My pleasure - Avast plays well with malwarebytes... But never tried immunet.. I need to look that up

[essexboy]

Does not appear to be too good - It has the cloud updates, but then so does Avast.  And as it is an AV it will not play with Avast

  Pros
Community-centric free antivirus encourages and enables pushing free antivirus protection to your friends and contacts. Small download, quick install, fast scan. Decent blocking of malware installation. Promises super-fast response to zero-day threats. 24/7 toll-free phone support.

Cons
In testing, poor malware detection and poor removal of malware it did detect. Scored zero points in rootkit removal test. Some malware samples installed on clean test system even though "blocked" by Immunet.

Bottom Line
If all your friends and contacts have antivirus protection you'll be safer. Immunet encourages and enables sharing free antivirus protection with your community. Alas, based on my testing its cloud-based protection does a poor job cleaning up malware and a so-so job protecting a clean system from infestation.

[bekker]

Hi Essexman,

Thanks for the info! Then I think it is bye bye to Immunet and hello to Avast.

regards

Chera