How much damage can a malicious website do to a user with limited priviledges?

Hi there,
I visited the following site:
http://newdata.box.sk/bx/c/
10 minutes later I tried to close FireFox.
FF told me that if I closed it now, one download would be interrupted.
I thought 'WTF? I'm not downloading anything'
Then I looked at the McAffe site advisor which was showing red and telling me that this site had tried to slide 44 infected files onto their test machine.
McAffe were also telling me that the site had changed all kinds of files on my machine, for example it had added "c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat"
and, "c:\temp\unzip\ExploitGenerator-srb1.exe" etc.
Great!
The question is this - can this site have done any damage?
I tried using the windows search to find some of the files McAffe had said this site had added to my computer. Nothing! Windows didn't find anything.
The same thing for the registry keys McAffe had said the site had added. They didn't exist either (under Jim).
I was surfing as a limited user and had javascript disabled.
As far as I am aware, every single one of my programs and Browser extensions is up to date.
I've done a virus scan and spyware sweep, which both came up clean.
What do you think?
I'd be very grateful for any help.

 

Hi chaslang,

Thanks for the reply.
Before I started to follow your suggestions I updated Spybot Search and Destroy and ran another scan. Now it is finding an instance of the Trojan "Virtumonde" in my Firefox and Opera default bookmarks!
Thinking this was a result of the problem described in my last post I decided to use one of the backups of my C: partition I had made with Acronis TrueImage.
However, when I had restored my Windows to an earlier state (and updated Spybot), the trojan was still there!
I then took the first image I had made of my C partition (ca. 1 week after installing the computer). Spybot still finds Virtumonde!!
I tried downloading the Virtumonde fix from Major Geeks but it didn't find the Virtumonde trojan on my machine.
I am well confused now as I am a very security conscious user and don't know how this happened (or if it is even serious).
I guess I will just format the hard disk and reinstall everything again unless you have any suggestions?
Thanks once again for your time

 

Hi Jim,

We can only see whether you have files from Virtumonde if you run the scans suggested by Chaslang in the link in post #2. Speculation won't help here.

abri

 

Cheers dude,
Attached you find the Spybot log. As you can see, Virtumonde is the first entry.
Thanks a lot

 

Hi Jim in Germany!

It appears that Spybot didn't fix anything it found. Please follow the instructions in the READ & RUN ME FIRST and attach the requested logs. Be sure that your computer is set to normal system start in msconfig. There are instructions for this in the READ ME.

abri

 

Hi abri,

Thanks for the reply.
To be on the safe side I think I will reformat my C: partition.
I'm inclined to think that the Spybot entry is a false positive, but I want to be quite certain as I have lots of precious photos etc on my pc which I would be devastated to lose.
Thanks for your time and effort.
Jim

 

Hi Jom,
Thanks for telling us. Hope that resolves everything and be sure to back up your photos.
abri