Hi all,
What happened:
- I got hit by the ping.exe 100% CPU virus a couple of days ago (before I discovered this forum) on my Windows 7 64 Ultimate machine
- I downloaded the latest AVG rescue CD, booted and did a full system scan. It discovered five infected files (some trojans) one of which was consrv.dll. these files were then "healed" by AVG.
- I rebooted into windows, this triggered the windows startup repair tool. This tool then set the system back to an earlier restore point. After about 1.5 hours of repairs my windows 7 system started normally again.
- I downloaded MBAM and let it do a full system scan. It did not find any malware
- I then rebooted windows in safe mode and ran MBAM again. Again no malware found.
- I ran iptraf on my linux firewall to sniff out suspicious IP traffic from the windows box. It found that right after booting, even before user login, the windows system would contact IP addresses which all pointed to hostnames under compute-1.amazonaws.com or compute-2.amazonaws.com. This is I believe the Amazon Cloud service. I do have a Cloud sync application (always sync) running on my system.
The "good" news is that I find no evidence of browser hijacks, advert popups or other suspicious activities apart from those Amazon IP addresses.
Right now I have Immunet 3.0 and MBAM (trial period) running.
I am now quite paranoid about the windows 7 system so I am trying to find out if it is still infected. I have attached the OTL and aswMBR logs as requested (see also next post). MBAM did not find anything so I did not attach any MBAM logs.
I hope somebody can help me regain some peace of mind :-).
Regards
Chera Bekker