Expert: James Filmer - 8/24/2011

Question
Hello!

I had three pieces of malware on my computer:

Backdoor.IRC.Sdbot 15765
Winlogon.exe
MMRTkrnl.exe

I do not know how long they were on the computer. I have removed the malware successfully, but I have a question: Could another computer have accessed my computer to perform illegal activity while the viruses were on the machime, such as access adult sites, or steal or transmit my personal information? I noticed that the hard drive was working a few times without legitimate reason.

Thanks!

Answer
The Winlogon Trojan and Backdoor.IRC.Sdbot 15765 both allow attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. However, it's impossible to tell if anyone accessed your computer remotely. Removed, your connection with attackers is broken.

MMRTkrnl.exe collects info about visited sites, can send it to the Trojan's author by HTTP and adds pops ups and downloads and installs an adware program.

What do you mean "the hard drive was working a few times without legitimate reason."?
To make sure you're using reputable, effective programs (instead of rogue applications) what firewall, anti-virus and anti-spyware applications are you using?