I am told that my computer at home is reporting through Windows Defender that it’s infected with Cybot.b, and also the computer is giving error messages that it “can’t load or run” card.exe (which I see is also some kind of malware) and that it will not load any internet pages.
This is on a non-administrator account on Windows 7.
I told the people at home to shut the computer down and I’ll figure out what to do when I get home. And emphasized that whatever they do they must not enter any passwords into any fields on that machine.
My question for this thread is twofold:
-
Is it for sure the case that someone using that computer must have clicked “yes” to a download-and-install prompt in order for this to happen?
-
Do these things infect every account on a Windows 7 machine, or just the one they’re downloaded and installed into? I assume the former, but I’m just checking…
Not Windows 7, Windows Vista. Sorry.
No replies???
We had a nasty rootkit on our home computer. It did not appear to have affected any other accounts on the computer; the AVG warnings were all coming from files in my daughter’s account, which does NOT have admin privileges. No warnings from my son’s account or from the admin account.
She claims she did not give permission for anything to install. and I am pretty sure that some programs can attempt to install malware even without triggering those prompts.
In our case, we wouldn’t have known about the rootkit - except it was trying to invite other Bad Things to come to play. AVG caught those programs. AVG would clean them up, and the next day the scan would show additional instances. I likened it to a burglar who sneaked down the chimney and hid in the closet, while phoning his friends to come in the back door and root through our stuff. Fortunately, AVG prevented the buddies from getting much further than the doorstep.
Can’t say enough good things about the folks at Malwarebytes’ forums; someone there worked with me over the past week to a) clean up the mess, and b) gave guidance in hardening the system (we had antivirus and Windows firewall but obviously something slipped past those).