PDA

View Full Version : Thank you



Oberon
2009-09-13, 19:03
Yesterday I had what I believe to be my first malware ever on a Windows OS. If anyone else has experienced this particular one, they will know just how maddening it can be. In the middle of composing an email to a friend they struck. I pulled my Internet connection and set some scans running and went to bed... This morning Spybot got rid of it in the scan phase (there were some hoops to jump through that I did not notice last night to get the S&D scan running), and I've made a $100 donation in thanks. But I have to wonder how these unauthorized registry additions made it past the several layers of defenses I have standing?

===
9/13/2009 11:24:07 AM Allowed (based on user decision) value "SpybotDeletingB9361" (new data: "command.com /c del "C:\Program Files\rdwwmw\jxvmsysguard.exe"") added in System Startup user entry!
9/13/2009 11:24:09 AM Allowed (based on user decision) value "SpybotDeletingD9226" (new data: "cmd.exe /c del "C:\Program Files\rdwwmw\jxvmsysguard.exe"") added in System Startup user entry!
9/13/2009 11:24:09 AM Allowed (based on user decision) value "system tool" (new data: "") deleted in System Startup global entry!
9/13/2009 11:24:09 AM Allowed (based on user decision) value "SpybotDeletingA5312" (new data: "command.com /c del "C:\Program Files\rdwwmw\jxvmsysguard.exe"") added in System Startup global entry!
9/13/2009 11:24:12 AM Allowed (based on user decision) value "SpybotDeletingC1723" (new data: "cmd.exe /c del "C:\Program Files\rdwwmw\jxvmsysguard.exe"") added in System Startup global entry!
===

I am running Windows Defender, AVG, and Spybot-SD resident. And I've been very satisfied with this combination of safeguards in the past. But it took a manual run of the S&D 1.6.2 "search for problems" to locate and remove these malware.

The log is also incomplete. I've closed S&D and so no longer have the exact details, but there was one (1) executable placed in a Program Files subfolder and about five (5) registry changes were made. Why are these different from the resident log?