I was browsing the internet in Firefox (windows XP) and clicked on a link to another site but all of a sudden 10-12 new windows came up. I found through the cookies that I had adtrgt or something like that...
I called the help desk at my work (since its my work laptop) but only the "extended" help is on during the weekends. They recommended AdAware and a co-worker recommended SpyBot. I downloaded SpyBot and ran it on the computer after a restart. It found a lot more stuff than I thought... and it also found two Virtumonde trojans.
This is strange because I have had a virtumonde trojan on my home computer in the past and it was very noticeable. On my work computer I have noticed nothing. Also on my home computer I ran an .exe file which triggered the virus. I have no recollection of doing this on my work computer from any unreliable source.
Anyway, I followed the cleanup suggested... I looked through the items they found and nothing (other than the Virtumonde) looked strange or unexpected.
After the fix completed, SpyBot was asking me to "Allow Changes" or "Deny Changes" when deleting or adding some files from/to the system. I do not know what the files were for, but for deleting (first pop-up) I clicked allow, and for the next couple that were adding files, I clicked deny. I had no idea what these meant and they kept popping up so I just shut down the computer with an End Program to SpyBot.
I restarted the computer and immediately when it got to the desktop I got a couple errors saying the dll was missing from a few of the folders where I deleted stuff. Then some black C prompt windows popped up. I just closed them but the Allow/Deny box came up again and I couldn't get rid of it. I tried to use IE6 and it worked fine (I uninstalled Firefox for the time being - plan to reinstall after this is all over).
I am just wondering... should I do a system restore to whatever time is available before 4am this morning when I saw the pop-ups? I did do the back-up that SpyBot asked me to do before running the scan. I am just afraid to touch it at this point. I plan to ask my DLS service for help on Tuesday when I return to work but wondering if I completely damaged my system and they need to reinstall the operating system or if this can be fixed without any of that? Is there anything I can do in the meantime?
Also, if there are any ideas on that weird Virtumonde appearing in the scan but no symptoms of the virus that would be helpful too..
thanks!