911 ~ Virus and Exploit Infect. rated SEVERE by OneCare, Help System is crashing RRS feed

  • Question

  • I Printed out the Onecare reports yesterday and it seems I was originally hit by the bug over 10 days ago.

    (Thanks OneCare!! For Spreading Your Love In A Virus!!) 


    10/27/2008 11:42AM

    Threat name: Exploit:JS/Mult.AB

    File Name: C:\Users\Kelly\AppData\Local\Microsoft\Windows\Internet Files\Low\Content.IE5\107P8QTZ\xcvb[1].pdf

    Threat Severity: Severe

    Threat Catagory: Exploit




    After 4 attempts it was finally REMOVED (ANTIVIRUS_ONACCESS)


    I was never alerted about the infection by OneCare. Nor did it log the detection until I manually ran a log file two days later when I was working and when I visited a website I am on alot it alerted that it was infected and shut down. Thought it was the first attack until I printed a log manually and realized that the Exploit had been detected twice before.


    I was then hit by this:


    11/08/2008 4:12PM

    Threat name: TrojanDownloader:Win32/Swif.M

    File Name: C:\Users\Kelly\AppData\Local\Microsoft\Windows

                          \Internet Files\Low\Content.IE5\JVMRCRDV\1[1].swf->(SWC)

    Threat Severity: Severe

    Threat Catagory: Trojan Downloader

    Contained Object: (SWC)



    After two attempts it was removed.

    But then at 4:26PM it attacked again and after three attempts to clean removed it.


    I went to the web site to look the threats up and they are listed as LOW risk. But my report says SEVERE in bold. OneCare was up to date. I tried to see where they came from and it seems I was on a site where the images in the ads may have contained a few of the embedded exploit codes or java style code that caused the initial attacks. It was hidden in image codes or something like that.


    Upon further investigation I found that I had been hit 12 times in the little over a week time period. By the same viruses. The sound and alerts and administrative permissions are disabled on my onecare.


    Ran the suggested fixes only to have the firewall quit working. Then it unsubscibed me right before it quit working completely. So I ran the repair tool from the site and I got the blue screen of death. After recovering my system, I had no network that was usable. It took me almost 24 hours to get my laptop back online. It is preventing me from doing just about anything. I have gotten the OneCare back up and running ...but its not schedule scanning, logging, and has to be manually updated. Tried running the Online Scanner for OneCare and wont load. Cant load anything from and antivirus, software developement type sites. Trend, F prot, Kapersky, or MCaffy I wasnt able to use either.


    I have discovered that my user account permissions have been changed to shared. Not only that, but I no longer have administrator rights. There are two additional user accounts that I never created. One containing the same name string as me only with admin on the end, and another account created as OWNER/CREATOR which has full control rights to my system. Also the share policies are initiated for both of these accounts and has "Remote Access Control" permissions. They are both active and surfing through and deleting parts of my system.


    Attached is a HiJack This log.

    Please someone help me fix this!! Brand new Dell Custom Insp 1525.

    Monday, November 17, 2008 2:12 PM