Threats Detected. Do I Have a Virus?

While following directions on U Tube Video on using “Pareto_DR_Setup_RW”, a data recovery program, I got an alert of a Severe Threat from my Computer and chose to “allow” it. Bad mistake, I believe.

I was using Security Essentials, Windows 7 Firewall, and Webroot AV at that time.

I am not sure if I have the “Exploit:JS/ShellCode.N” or "Trojan:Win32/Daiboo.A" malware, or not now.

MS Security Essentials stated I allowed “Exploit:JS/Shell Code.N” on 12/27/11 at 10 am.

However, I do remember when I allowed this “Severe Threat.” That was when I downloaded Pareto_DR. However, that was at a later time. That time was on 12/30/11 at 1:45pm.

I was on Wi-Fi hot spot at a Starbucks. I had been watching a You Tube Video on how to recover data using Pareto Doctor software. While downloading I was asked to enter my email address. I did. Supposedly to get registered. Later, I got offers to buy Pareto Doctor on E-mail and I did not.

Later, I find a save to my downloads of that program entitled, “Pareto_DR_Setup_RW.”

I installed Pareto_DR. and commanded it to scan my Hard Drive to do data recovery for a corrupted .docx file. While doing so, the program displayed a beetle icon that turned on and off. Later, program died, I think, and did not completely scan disk. I stopped it at least twice, after running it more than once. Each time the program displayed the beetle icon and stopped during scan. I commanded it to recover a particular .TMP file it found to my D:\ Drive. I opened that TMP file and it was binary data, I believe. Not text.

Later, MS Essentials reported that exact file on my D:\ Drive as the one containing “Exploit:JS/Shell.N”. I tried to get MS Essentials to delete file. "Exploit:..." displayed with a preceding “X,” but only on “All History”. If I changed Security Essentials to “Quarantine Items” or “Allowed Items,” I had no entries displayed. If I clicked on “X” and “Exploit…” line, Essentials did not give me the option to remove it.

Sometime later, I went to D:\ Drive and deleted that TMP file. Later, I read not to manually try to remove “Exploit:JS/...

However, that was much later. Those instructions were too late.

Also, I got an item my computer that stated I should not use two Anti-Virus Programs at the same time. So now, I am only using one program.

Later, I had got reports of another threat from Security Essentials.

That report was for "Trojan:Win32/Daiboo.A" around 1-3-2012. Maybe I had a Root Kit?

Essentials continued to report over and over that “Trojan:.. was identified. That is Security Essentials reported it, but this time I did not allow it. It was sometimes displayed as removed, but it reported multiple times and was usually reported as quarantined.

However, If I changed to “Quarantine Items” or “Allowed Items” “Trojan:…” was never listed. It was only listed on “All History”.

I saw unusual behavior afterwards.

I saw the icons on desktop jiggling at random times. When I duplicated a Drive that had Word Data on it with some Mac documents, Word had opened a “Resource Fork” file on it automatically. Also, it said that if I destroyed a copy file of the Drive that I would be destroying “System Files” and I thought I only had data files on it.

So, I did an “HP Recovery”, which reinstalls the Windows 7 OS. I restored files from a Backup, also.

Sometimes I see unusual things, even still.

As an intrusion check, I recently typed “Bank Account Nr: 678” on a MS Word 2010 document and it seemed as though the computer automatically selected that quote and cut it out. I don’t think I hit keys by accident, but that is possible.

I have scanned my drives with Security Essentials, Webroot AV, and Microsoft Safety Scanner, all with no infected files found.

Do I have a virus or not? Should I do anything more? Any comments or suggestions?

Continue reading...