Expert: Carolyn Meinel - 8/24/2011

Question
I had three pieces of malware on my computer:

Backdoor.IRC.Sdbot 15765
Winlogon.exe
MMRTkrnl.exe

I do not know how long they were on the machine, but for at least a couple of weeks. I have successfully removed the malware, after MUCH effort. Some strange things have been happening, however, and I have a question: Is it possible that another person used these to access my computer to:

1. Access adult sites?
2. Access my personal information on the computer?

If so, how, basically, does that work?

Thanks!

Answer
Unfortunately, that backdoor program enables the bad guys to remotely control your computer. They might have added all sorts of malware to your computer while that backdoor was open. They also might have stolen your personal information, passwords, etc. I doubt, however, that they used it to access adult sites, unless they were accessing ones that you have to pay to use, and were using your credit card or Paypal information.

Symantec has an excellent write-up on that backdoor program at http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99

Both winlogon.exe and MMRTkml.exe are names of genuine Windows programs. I'm assuming that what you want me to understand is that these programs became infected but you were able to clean out the infections?

Unfortunately, the bottom line is that your best bet is to "nuke" your computer so you can be certain you got rid of everything the bad guys might have installed while that back door was open. This means saving all your data, reformatting your hard drive and reinstalling everything from the original media your applications came from. The install your Internet security suite from a CD before you ever connect your computer back to the Internet so it doesn't get infected first. Then get all the updates to the security suite first, then all your WIndows updates next, and only after that reinstall your applications. I do not recommend installing computer security programs from Internet downloads because your computer will be at risk while downloading them.

This is what a computer repair shop would do.

I also do not recommend free antivirus programs because you get what you pay for. Most of the people who ask for my help were using free antivirus programs when their computers got infected. Personally, I use Symantec Corporate Edition. Their home user security suite is good, too. I alsoi use the paid version of Zone Alarm. So far this has worked well for me.