Hello, I’m new here! and also not brilliant with computers. Recently I clicked on something i shouldnt in facebook so i started getting worried and ran a virus scan using avast. It found something called pdfupd.exe in appdata/local/temp file. I have moved it to chest as suggested.

Now, ive searched the internet high and low for this problem but its all very technical and i really have no idea what to do. Should i just leave it in the chest??? or do i need to remove it??? and if so i need some lehmans terms on how to do.

My second question is… what on earth is this ? and what does it do and what damage might it have done??? do i need to change passwords for things??? I obviously use facebook, ebay (to buy things through paypal) and i will occasionally go onto my internet banking site… should i be worried???

Many thanks and sorry for being such a newbie!!

by the way it was a win32: malware gen or something

---

Welcome to the forums, jessicaelkin

This could be a very bad malware and is known to be in the following catagories :

Banking Info Stealer
System Back Door
Cloaked Malware
Malware Downloade

http://www.prevx.com/filenames/1104395637561829493-X1/PDFUPD.EXE.html

http://www.f-secure.com/v-descs/exploit_js_pdfka_ti.shtml

Since it is in the Chest, it can do no harm from there and can be left in the Chest for as long as you want. If you delete it from the Chest, it will be permanently removed from your computer.

At the very least, you should now change every password associated/used on your computer. This includes banking, computer user accounts, ebay, etc.

I suggest that you also run malwarebytes antimalware free version from the link below. Download it, install it, update it, and then run a quick scan.

http://www.malwarebytes.org/mbam.php

---

Thanks very much. Very helpful. Am currently scanning with malwarebytes and will update soon. I will definitaly change all my passwords but i’m not keen to do it on this computer anymore… !! since turning my computer back. avast found another in file appdata/roaming called sdra64.exe! !!! oh dear but at least I’m finding them… and trying to get rid of!

ok it found 2 infected objects and gave me this logfile if thats helpful… what do these mean?

Malwarebytes’ Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

02/03/2010 15:25:14
mbam-log-2010-03-02 (15-25-14).txt

Scan type: Quick Scan
Objects scanned: 99542
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ok it found 2 infected objects and gave me this logfile if thats helpful... what do these mean?

Trojan.Agent http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Trojan.Agent Backdoor.Bot http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Backdoor.Bot

I really am very grateful for help recieved but still have no idea what i am doing.!! :-\

as long as the threats are gone if they are in quarantine with both avast and malwarebytes and i keep doing scans etc. … basically will i be ok?

---

You are welcome … yes, you should be ok and could do scans maybe once a week.

Always make sure updates are done before making scans.

---