Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sinowal-IK/Delf-MBA infection and some other stuff


  • Please log in to reply

#1
Patrick1891

Patrick1891

    New Member

  • Member
  • Pip
  • 2 posts
Background info: This computer belongs to my mom, I thought the infection had been stopped from spreading to it by avast!. I was prompted Win32:Rootkit-gen [Rtk] and INF:[email protected] [Wrm] when putting a USB drive into the computer but was told the infected files had been put into quarantine and system was safe etc. The USB drive was new and had only been inserted into one of my own computers before. That was on 2012-06-26 and I duly reformatted my computers (there was other evidence of them being infected as well though nothing showed on scans). I've scanned quite a few times with avast!, some other AV:s and MBAM and no finds until now, when avast! detects Sinowal-IK, Delf-MBA as well as several Java exploits (Java:CVE-2012-0507-D, Java:CVE-2012-0507-AX, Java:CVE-2012-0507-F, also Java:Downloader-BQ). All were moved to quarantine.

Computer is rarely used so I find it improbable it was infected some other time the preceeding month with a trojan seperately from my own trojan infection (it is somewhat sensitive and I don't wish to reveal too much detail but I can, through various means, be certain of such an infection despite AV:s not showing anything).

The avast! boot-up scan after moving these items to quarantine showed nothing, yet when opening Chrome the real-time protection was prompted (see attachment, unfortunately not in English but I'm sure the pertinent information can be understood).

MBAM scan found two infections that were removed (see attachment log).

OTL scans also attached.



My questions are threefold:

1) This is not my own system but my moms, it lacked a firewall so I downloaded Zonealarm. Are there any other steps I should take to ensure protection? How can I know computer is safe despite nothing detected anymore? Nothing was found for a month, despite several scans, how do I know everything was found now? Computer is still behaving somewhat erratic at times, for example freezing for quite some time just typing in this box (happend twice now, somewhat uncharacteristic for a new computer like this one but could be nothing I guess).
2) Can the other computers be considered safe after a reformat? (In other words, is a rootkit of this type removed by a full reformat?)

Very grateful for any advice.

Attached Thumbnails

  • virusalert.PNG

Attached Files


Edited by Patrick1891, 23 July 2012 - 06:27 PM.

  • 0

Advertisements


#2
Patrick1891

Patrick1891

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry I guess tl;dr, perhaps someone could tell me if a rootkit infection of this type is removed by a full reformat? I've been trying to read up on it and I take it that it might not be removed by restoring to factory setting since it could have infected the recovery partition?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP