[ACA529]

I haven't used my desktop computer for quite some time so I decided to turn it on today and all of a sudden I got a whole bunch of pop ups.

I did a scan with Malwarebytes to see what was there and it picked up Trojan.Vundo.

I then did a scan with ComboFix and it seemed to take care of it. Malwarebytes no longer picks anything up.

I haven't browsed any malicious websites or anything so I'm wondering how I got it in the first place?

Thanks.


EDIT: I didn't wait 'till the scan completed, and it did pick up more of it:

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

2008-12-21 20:07:14
mbam-log-2008-12-21 (20-07-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210928
Time elapsed: 1 hour(s), 0 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[lunarlander]

Do your Windows Update now. Since you havent turned on your PC for a while.

Normal websites can get hacked, and could be set to push malware onto visiting PCs. Especially to PCs that haven't been patched.

[ACA529]

Quote:

Originally Posted by lunarlander

Do your Windows Update now. Since you havent turned on your PC for a while.

Normal websites can get hacked, and could be set to push malware onto visiting PCs. Especially to PCs that haven't been patched.

The only update I saw was the important one for Internet Explorer. I updated it.

I don't use IE anyways so I can't see why that would be the cause.

Thanks for your reply.

[mrss]

From what I've heard, vundo used vulnerabilities in Java, so if you were using a non-patched version in your browser, it could get in just by browsing to an infected website.

[ACA529]

Quote:

Originally Posted by mrss

From what I've heard, vundo used vulnerabilities in Java, so if you were using a non-patched version in your browser, it could get in just by browsing to an infected website.

I actually noticed the Java logo in the taskbar load when I was on a site and then this strange email window popped up. I closed it and then all of a sudden I got all the pop ups.

I was using Firefox.

EDIT: The pop ups were using both IE and Firefox.