Life after a virus....

antijoke · 7 Jul 2011 at 09:52

So last night I installed Wordpress, ended up with a virus/trojan that hijacked my browser, with redirects, killed Microsoft Security Essentials, and Windows Action Center.

I formatted last night, and at the moment I have a fresh install, back to factory settings laptop now.

Right, when MSE was working (and Malwarebytes) found the Hiloti.gen.d trojan, and the Alureon trojan/virus, and after reading up these things sound quite nasty, what do I need to do now I have a fresh install, to make sure everything is clear and I have no infections left in the master boot record etc?

Should I run windows update tonight, followed by installing MSE, then the malicious software removal tool/malwarebytes/superantispyware before I go about putting all my files back?

Basically I am after advice/reassurance on what to do now (I hopefully have a clean laptop) to ensure everything is back to normal.

citizenx13 · 7 Jul 2011 at 10:21

If you have formatted all HDD's you are safe as all possible data is gone, if you had external HDD's or USB sticks in at the time get a antivirus on (I assume this is done) and scan them.

but after format you should be fine

antijoke · 7 Jul 2011 at 10:24

I have formatted the drives.

I did attach a USB drive to backup all my stuff onto before the format (after I had ran Malwarebytes/Avast and deleted infected files), and yes my next action before putting this data back would be to scan this first with an AV program and then either malwarebytes or superantispyware to ensure everything is ok before putting data back.

Thanks for the piece of mind.

citizenx13 · 7 Jul 2011 at 10:32

My pleasure mate

eXor · 7 Jul 2011 at 10:54

anticonscience said:
So last night I installed Wordpress, ended up with a virus/trojan

Where did the malware come from?

The WordPress install file itself was infected or the infection came later from elsewhere?

How did the malware manage to cause so much damage? UAC off? Running as admin?

antijoke · 7 Jul 2011 at 11:03

I imagine it came through some sort of backdoor for SQL or something associated with Word Press.

I downloaded Word Press through MS Web matrix, clicked through the WP web site install instructions.

Basically, after installing WP (locally) the box came up asking to run something, I assumed this was WP related and just clicked ok, it was totally my fault as I was (totally out of character) just not paying attention to what was happening, and thought nothing of just clicking yes for some reason.

UAC is not off (as I had the dark screen with the yellow box saying something is trying to run, and I stupidly allowed it), but my account is an admin account, there were adverts running all over the shop, and I had about 5 more notification popups saying setup2146124673.exe was trying to run, I declined them all as it was obvious something was very wrong.

Just goes to show one momentary lapse in concentration is all that is needed.