Hi;
I recently was attacked by a Trojan.NewDotNet that that got past my old pc security system. I was using the internet and my Avast 4.8 Home protection was suddenly halted and it gave a red warning. I automatically stopped all internet activity via Comodo Firewall Pro and disconnected from the internet. I restarted and the Avast Home was ok. I made a scan and it did not find any viruses. I also have Malwarebytes’ Antimalware as on-demand scanner but it also did not find any neither did Superantispyware.
I connected to the internet and updated my virus definitions, Spyware/adware definitions and it was there that while updating Comodo Firewall Pro, Superantispyware Professional gave me a warning that I have been infiltrated by a Trojan.NewDotNet via the “cmdagent” of the Comodo Firewall Pro. I again stopped all internet activity, disconnected and began scanning via Superantispyware. I was surprised to find out that 1000+ files were infected.
I followed the SASpyware guide and quarantined/deleted the files via a restart. That I think was not the right thing to do because almost all of my programs were disabled including the Comodo Firewall,Avast Home, Mbam and Superantispyware!!! All my system restore points were all not working. I have security software back-up in one of my folders and I also found out that all my .exe file back-up including MBAM, SASpy, Comodo Firewall, Ashampoo Magical Security etc were all gone!!!
I was a good thing I have Macrium Reflect Free in my system and I restored my PC via the Bart PE environment. But even I have restored my system MBAM cant still be launched and re-installed. I was getting “ MSVBM60.dll was not found. Reinstalling the application might help…” so I had to quit the MBAM installation for now. I want to refrain from using SASpy for a moment because instead of helping it nearly sent to reinstalling Windows again. I loaded Threatfire ver 4.0 for the moment in real time.
My Avast 4.8 Home On-Protection Control is at set always to “High” with no exceptions. I’m not impressed that Avast did not intercept this one because it usually does. Comodo which was also giving me problems on updating the firewall version through it’s Error 109 was also not responsive. I sent them a ticket about the “cmdagent problem” before this problem when I upgraded to the Internet Security Pro and up to this time there was no reply…so…so service.
Also I get these corrupted files when I ran Avast Scheduled Boot Scan after Macrium Reflect image restore:
OLE FILE CORRUPTED
File C:\System Volume Information_restore{2D9B5EE8-C3FC-4476-B23C-1536BF66309F}\RP80\A0145355.msi\Binary.NewBinary9 Error 42145 {OLE archive is corrupted.}
File C:\ATI\SUPPORT\7-12_vista32_dd_ccc_wdm_enu_55816\Driver\Packages\Apps\CCC\Branding\Branding.msi\Binary.NewBinary9 Error 42145 {OLE archive is corrupted.}
CAB FILES CORRUPTED
File C:\Documents and Settings\voltron\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000107.rcb\00000011.fil\mshtml.dll Error 42127 {CAB archive is corrupted.}
I’m really not a techie and this is a call for help ??? Guys I’d really appreciate some helpful advice here on what measures to take to avoid another repeat in the future.
I’m using:
[li][list]
[li]Avast 4.8 Home antivirus (real time)
Comodo Firewall Prop version 3.0.25 (real time)
Superantispyware Professional ver 4.15 (disabled-used to be real time spyware/malware protection)
Malwarebytes’ Antimalware ver 1.30 (on-demand)
PC Tools Threatfire ver4.0 Free (temporary real time spyware/malware protection)
Macrium Reflect Free (back-up)
[/li]
[/list][/li]
Microsoft Windows XP Professional SP2
Processor1 x AMD Athlon™ XP 2000+
RADEON 7000 SERIES Adapter
Adapter DAC TypInternal DAC(350MHz) Grafix Memory64 MB
RADEON 7000 AGP (0x5159) Resolution1024 x 768 Color4294967296
Regards,
voltron
8)