3
2
Possible Duplicate:
Computer is infected by a virus or a malware, what do I do now?
I've been infected with the "System Check" scareware not once, but twice -- after a reformat. It's now clear that I must absolutely find out how I got infected.
Some information:
- I've been on the internet for 12 years now and this is the first time ever I get infected with any sort of virus.
- After my reformat I didn't open any untrusted executables. In fact, I did very little such as installing firefox, Visual Studio, and a few other programs.
- I downloaded and installed all windows updates.
- I control which TCP ports I have open for inbound connections.
- I did visit a lot of websites since the reformat.
- My E:\ hard drive, which contains all of my data and was not reformatted, wasn't mounted.
In short: the infection couldn't have come (for the second time at least) from user error or cross-contamination.
This leaves exploits in software I use. And it leaves me completely lost as everything I personally installed I re-downloaded and is thus updated to the latest version.
3 anti-viruses out of 4 that I tried (including AVG) couldn't detect "System Check" even though it wasn't removed yet and was still running. The 4th finally detected it and it also detected an infected file in: C:\Users\MyName\AppData\LocalLow\Sun\Java\Development\cache\6.0\56\6a3c9ff8-68fce308.
Java is not updated to the latest version (Version 6 Update 21; latest is Update 30). I didn't personally install it, it must have come with something else I installed (probably NetBeans), and I'll be damn sure to install the latest version myself on the next reformat.
However I'm still worried. That file may have been a false positive. Version 30 could still be vulnerable. It may have nothing to do with java and just be some place the malware decided to install itself to be kept hidden. It may be 1000 other things.
What can I do?
PS: I forgot to say, before running the scans I activated System Check (with a "pirated" key of course). Once activated it leaves you alone and it lets you run virus scans. – Anonymous – 2012-02-02T22:28:18.767
PS2: I'm more interested about information specific to how "System Check" propagates rather than generic advice on how to stay safe, which I'm most likely already aware of. But general advice is better than nothing I think. Just don't go "don't open exe mail attachments" – Anonymous – 2012-02-02T22:34:46.357
Could you say which AV product detected it? – Apache – 2012-02-02T23:04:18.273
Please decide what you really want (What can I do? or How System Check propagates?) and edit the question accordingly. (In the latter case, I wonder if this might be question for another forum.) Also the PS comments you added would better suit as edits. You can edit your question as many times as needed. – Alois Mahdal – 2012-02-02T23:08:04.337
1considering the virus was detected in the java cache, either it's caused by a local program (which you state you didn't install java, so something did, find out what that was, and you'll probably have your answer), or b), you were infected online with an infected java app. In either case, I would always update to the latest version of java, and make sure your system is setup properly. I would also recommend a 'Dr Web Cureit' scan on the system to ensure that no rootkit or other major infection exits. – zackrspv – 2012-02-02T23:58:41.077
If you can, zero fill the hard drive before you clean install again. – Moab – 2012-02-03T00:11:58.977