Help - Think I captured a trojan (geurge.exe)

Archive
1

Hoping someone much smarter than I can help me.

 

System stats, before I begin:

Windows Vista

Norton Antivirus (unsure whether it's 2008 or 2009)

Firefox 3.0.x, Ad-Block running

 

I was browsing over the weekend and noticed that I was getting pop-up notifications from Norton regarding attacks being made on my machine.  As soon as I registered that it was an attack, I shut the box down and went into Safe Mode (no networking) and ran a full Norton sweep. Norton didn't detect anything other than tracking cookies, which I removed.

 

Prior to shutdown I captured some of the details of the attack. There were three items captured in the logs; while Norton claimed to have prevented an infection, some of the elements seemed... off.

(1) A program named oaemsrnxew.exe was allowed to install the following file in the following location:

c:\ users \ <my userID> \ appdata \ local \ virtualstore \ windows \ system32 \ net.net

 

(2) A program named eocaswrmxn.exe was allowed to modify explorer.exe

 

(3) A program named nroxsemawc.exe was allowed to add or modify the following files and registry entries:

<file> c:\ users \ <my userID> \ appdata \ local \ temp \ geurge.exe

<registry1> \ REGISTRY \ MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

<registry2> \ REGISTRY \ MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ ewrgetuj

 

In safe mode, I also did the following:

(a) Opened the registry to run a search for the "ewrgetuj" string.  I was not able to find it using the registry's search function.

(b) Deleted the net.net file.

 

I have not turned the machine on since then, nor have I had a chance to boot up in safe mode to delete the geurge.exe file.  To be honest, once I realized what had occurred, I tried to stay as calm as possible without opening the machine up for further, future attacks. (Safe mode, scan, deep breaths... :smileywink:)

 

Can someone please give me some advice as to what I should do at this point?  The machine is an OEM special, built for me, and i don't have the Vista disks to reinstall the OS.  I do have a laptop running Vista and can potentially get a "clean" version of explorer.exe but I have no idea how to swap it out, or even if that's the right thing to do.

 

Any advice and help is greatly appreciated.  Thank you in advance for your time and help.

 

-Garund