by Trogan » August 30th, 2006, 10:21 pm
Hi again deathside,
I understand this is a work computer, however there is some BAD NEWS.
The computer has been infected by the IRCBot Worm, which is a Backdoor Trojan. This simply means that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing other rootkits. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be sensible to backup your information, reformat, and reinstall. This is the ONLY way to be certain that the computer is safe!
Please follow these instructions NOW!
1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.
2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can definitely help you clean your computer to the best of my abilities.
Please let me know what you would like to do.