Restore from Hard Drive??

I got hacked by some malware that got on on my computer when I looked at a video on a news site Saturday AM. I loaded a Video Codec -- now I know I shouldn't have. McAfee Antivirus didn't detect it.

I discovered the infection almost immediately and installed and ran Spyware Doctor.

I found and removed several tainted files and Zlob downloader. I appeared to be able to clean these out, but Zlob downloader kept coming back immediately (and being found by the various Spyware detectors).

I found your site and read the "read me" file. I ran the basic procedures (not the procedures for the Zlob Trojan) and also uninstalled IE 7. ( I normally run Netscape.)

After several hours (~4), it appeared that the basic procedures had worked. No more spyware reports despite several runs thru the various spyware scanners.

I cautiously began returning to work, to include reinstalling IE 7. Shortly after I did that I got a repeat of the original Zlob infection, plus load music thru the speakers. Internet access appeared to be spiking due heavy transmissions out and in, so I immediately locked down the firewall.

After some consideration, determined that I just needed to reload the system. I called Gateway Support and they talked me thru a reload of the system from a protected sector on the hard drive. It takes the system back to the original "shipped with" software.

The question is -- Is that good enough or do I need to go back to the original disks?

So far, no additional spyware reports despite repeated scans.

Thanks for your help.

Earnest

PS: The infected files were ekgvsnw.dll; bxlrvps.dll; bxlrvps.dll_old; alofkmn.dll ) I also found fkxvkns.exe just before reloading the software, but didn't shred it.

 

Thanks for the reply.

A couple of other questions:

1. There was some sensitive information on the hard drive. I have assumed that information was compromised and have taken protective action -- changing passwords, accounts, etc. What is the chance that the information was compromised? How paranoid should I be?

2. I ran the standard set of tools from the Read Me plus the Smitfraudfix check (not the fix). Combofix log, MGlogs.zip and Rapport (from Smitfraudfix) are attached. I noticed that rapport says that the 'hosts' file is corrupted. I looked at the file with spybot and cannot see anything wrong -- but I would know if anything is either missing or added, just that the file seems readable. Do I need to do anything about this?

Thanks in advance for your help.

 

Unfortunately, I reinfected myself with a USB drive (now crushed).

Reloaded the hard drive from it's protected partition (as before) and reinstalled the antivirus and antispyware programs. I've run McAfee, Spyware Doctor, Spybot-SD, and SuperAntiSpyware multiple times without finding any malware.

Do I need to rerun Combofix and MGtools to make sure I'm clean now?

How do I check & clean a USB drive without allowing it to reinfect my machine?

Thanks for your help.

 

Thanks very much for all of your help. I really appreciate your assistance.