spy-eye trojan

i haven’t had to use this forum for quite a while having spent some time with mostly Linux. Now I have Windows 7 on a toshiba laptop and today Avast (latest version, with all updates) reported a trojan called spy-eye which seems to be a bit grim. Avast suggested a boot-time scan which I did. When offering the options to put it in the chest etc it did not seem to have accepted my option choice, although this virus does now seem to be gone, I even ran a second boot scan.

The only suspicious site I’ve used and decided not to visit again is prostopleer dot com which is a music site purportedly.

I’ve run a full scan too, which might be overkill but I have seldom had cause for any anxiety about viruses for a long time.

I use Ccleaner a couple of times a week so I imagine that sees to cleaning up my temp files and also I did a scan with Super Anti-Spyware the other day. This was because I’d got an email saying that someone had logged into a long-ago abandoned Facebook account - I don’t use that site. Maybe there is a connection. I checked my credit card account and all seems fine, and I changed my passwords.

Has Avast blocked and then removed this trojan and I’ve merely misunderstood the boot scan procedure? Do things sound fine now? The initial report of this trojan was a pop-up referring to windows/assembly and then something about NativeImage, but I didn’t find a file of that name there when I looked, even with system files un-hidden.

The only other thing to mention is that I bought a couple of cheap Mobile Broadband sim cards with credit on eBay which are so mystifyingly well-priced that I have considered that something might be amiss, that the sellers have some way of working back from the sim numbers to sensitive information. I have bought these from four different sellers, and one of them even sent a letter with the sim saying that some people are having their credit stolen if the sim number is not registered as well as activated by the network during use. It seems odd ot refer to this when the networks themselves say nothing about it. After all, in shops these sims are in sealed packages, whereas the eBay sellers merely post them with a booklet in no packaging.

Is there no need to format my hard drive and reinstall Windows 7? It’s not too much bother but if there is absolutely no need I won’t.

Thanks for any advice or comments.

SpyEye Bot versus Zeus Bot http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot

check for malware with

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found

you may post the scan log here if anything is found

Good write-up on the installer can be found here: http://webcache.googleusercontent.com/search?q=cache:d9pumG95powJ:comprolive.com/remove/trojan/spyeye/bootstartx-exe+Spyeye+bot+cleansing&cd=9&hl=nl&ct=clnk&gl=nl&source=www.google.nl

polonus

@ alun_sundry
Ensure that you have the latest virus definitions and updates as I believe the problem you had related to a false positive which has now been corrected (many topics in the forums about it, search on spyeye or native and see).

The file, is most likely one that is created on the fly and disappears afterwards so you won’t find it. So it will be recreated when required nothing else to do.

Is that what it was ?
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [L] Win32:Spyeye-BG [Trj] (0)

Yes, I saw the other thread too, great that was all sorted out as I was quite worried, not that I’ve got any money to steal…