Hi! Around 24 hours ago I accidentally clicked on a shady link while trying to navigate a webpage (I was using middleclick to scroll which also opens up links in a new tab) and I was taken to an unfamiliar webpage that was advertising a sort of IRL gold selling service. I attempted to not panic and tried to take note of the webpage’s name (which I soon after forgot). I quickly ran CCleaner and used it to clear just about everything, then updated TDSSkiller and MalwareBytes while making sure Avast! was up to date.
After that, I unplugged both my router and modem, then ran full scans with the above programs. None of the 3 found anything, which was rather distressing. While running a scan with Avast!, I kept the file shield open so I could see what was going on. About 20% in to the scan, the shield activity went from 0 to a solid 1 for a good 40% of the scan. During that time, Avast! was not scanning the same files that the file shield was. The file shield was scanning just about every single .dll and .exe in my Autodesk folder (and by that extension Maya) 1 at a time, and towards the end of the file shield’s constant scanning (which was at about 60% of the normal Avast! scan) the web shield showed some activity as well even though I was offline. That activity is what lead me to believe I had a virus (which in turn was injecting itself into those files) though I’m not sure if this was the work of said virus or something else that isn’t as threatening.
I let the virus scan finish and went to do a system restore. I decided to restore to a backup that was made a good 8 hours earlier that day. The backup ended up being successful, which was nice.
After that, I downloaded ComboFix while keeping an eye on Avast!'s file shield. The file shield was no longer scanning those .dll’s that I had mentioned prior (or any for that matter), but I was still very concerned. I built my computer with a secondary hard drive so I could have space for numerous large video files, and the system restore only affected the C drive. Since I installed Maya to my D drive, I’m not sure if the virus (if any) was cleaned out of my system completely.
I went back offline after disabling Avast!'s real time shields so it wouldn’t affect ComboFix, and rebooted in safe mode. When safe mode was loading, it seemed to load much fewer files than I remembered in the past (however this could have just been because this was my first time starting up in safe mode on my new computer). That concerned me because a few months back I helped my father with his computer – he had managed to infect his pc with the infamous FBI virus. It was completely stopping me from booting the laptop up in safe mode, and for whatever reason when I tried to boot up safe mode on, it would stop loading on the same file that my computer did. However, my computer was able to load up safe mode ok after that; I’m not sure if this is relevant or not, but I figured I should mention it anyways. I did do a google search on the .dll that it stopped on but it didn’t harbor any helpful results.
Anyways, I ran ComboFix successfully and it apparently removed a file along with some orphans. Here is the log: http://puu.sh/hj2J2/9a195ed60f.txt – I would appreciate if someone could take a look at that and tell me what exactly the infection/problem was (thank you!) (note: I’m not sure if ComboFix also scanned my D drive, or how I would specifically get it to do so. should I be concerned about this?)
After running ComboFix, I also ran TDSSkiller which again found nothing. After that I had to reboot normally to update MalwareBytes, which insisted on failing its scans in safe mode because the database was out of date, regardless of the fact that I had updated it just an hour or so earlier.
So yeah, I rebooted in safe mode and ran a successful MalwareBytes scan. I did a custom scan and selected both my C and D drives this time around – nothing was found, even with rootkits checked. Here is the log: http://puu.sh/hjobw/3aab3d5c06.txt
I had posted a similar help thread on the tomshardware forum, but I only received a minimal amount of help. I was also asked to check if I had any Windows services not running: I’m not sure if I’m misunderstanding what they were asking, but here is a pic of my current services: http://puu.sh/hjo6Z/88e5af1768.png – there are a few stopped services, but if I remember correctly those are disabled by default.
While it seems like everything is currently ok, I’m still nervous that my system wasn’t completely cleaned.
Also, at the time of the supposed infection, I had a -lot- of things plugged into my PC. I’m mostly concerned about my standing microphone and midi keyboard controller, though. I also had my phone charger USB plugged in, but it wasn’t attached to my phone. Could any of that have gotten infected?
Am I in the clear? Also, should I be concerned that ComboFix found and deleted a file/orphans?