[Essexboy]

When you click the launcher do you get an error or does it just fail to launch ?

[Advertisements]

It's supposed to launch when you plug it in. If I pull up "my computer" it finds the flash drive and will let me open individual files. But clicking on "launchU3", which should open a menu and let me choose a program, instead opens an empty folder on my C drive.

[jeff62]

It's supposed to launch when you plug it in. If I pull up "my computer" it finds the flash drive and will let me open individual files. But clicking on "launchU3", which should open a menu and let me choose a program, instead opens an empty folder on my C drive.

[Essexboy]

Ah OK I know what that is - as a part of combofixes routines it disables autoruns on the system as a security measure

To re-enable auto runs download and run the MS fixit from here about halfway down the page

[jeff62]

Didn't make any difference.
Maybe this is a sign I shouldn't be using the U3 version of firefox anyway. I don't think they support it anymore, which means I can't get updates for it.

[Essexboy]

Might be an option, as I have never used that, I can not give any real insight into it

[jeff62]

One last question and I'll let you go. Can you tell me the nefarious purposes of the trojans and rootkit that we removed? I'm wondering if I may have lost some data or had something stolen and I don't know it yet, or if some keylogger may have been working for awhile, etc. I have tried not to do anything involving passwords since this started. Is it OK now, and should I be concerned about anything?

[Essexboy]

The main infector from what I could see was a trojan downloader :\windows\Tasks\At1.job the aim of these is to download more malware to your system

I saw no sign of a keylogger on your system. However, it is always better to be safe than sorry. This is the standard warning I give if I see evidence of a keylogger or data stealer. But, it may be sensible advice to foolow if you are in any doubt

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

[jeff62]

I haven't logged on to any financial sites with this computer since the week before I got this problem, and I don't store my passwords, so I'm thinking I should be OK anyway even if there had been a keylogger. But I wanted to check on this since I had no idea just how many things I was infected with or what their purpose was.

[Essexboy]

As you were prudent you should be OK - Keep safe now

[jeff62]

I shall be vigilant. But also bookmark this site in case vigilance is not enough. Thanks again. I don't know what size donation is customary, but you'll be receiving something posthaste.

[Essexboy]

Thank you for the donation it is greatfuly received, and I shall put it to good use on my system

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.