H4wk13:

Welcome! You did just fine with the post. You could also post this in General, but that doesn't matter at all.

A simple search led to this (and many more) result:

http://answers.microsoft.com/en-us/protect/forum/protect_scanning/another-one-slips-through-the-cracks-trojanhiloti/6d9a9bd0-9a63-41f3-8093-1259cc2f0364

More led to this explanation (referenced):

"Trojan.Hiloti is the latest malware you should look out for. Being a form of a Trojan downloader, Trojan.Hiloti will enter into a computer system covertly, to perform the function it was designed to do: to download and install additional and various malware, badware, adware, etc, so as to ensure that the Trojan, as well as the hacker in control of this whole operation, are equip with the full control of the infiltrated machine.

Trojan.Hiloti allows for a hacker from a remote location to change the infiltrated systems’ settings, delete important files, steal passwords and watch the user’s computer activity.

Infiltration methods used frequently by Trojan.Hiloti are as follows:

• Email: via email attachments, Trojan.Hiloti will enter into a system, disguised as a small file, for example: a jpeg or might be downloaded via a website or FTP.
• Websites: Many Trojan infections will exploit browser security vulnerabilities
• Open-Ports: Programs which allow for file-sharing functions, e.g. AIM, MSN messenger, are at risk of being used to install these nefarious infections, as it may ensure the hacker has remote control over the computer in question.

Trojan.Hiloti is designed to open up large security exploits through which hundreds of malicious adware and spyware will be able to infiltrate a system. In addition, Trojan.Hiloti opens a backdoor that allows the remote attacker to get full control over the infected computer.

This in turn leads to the hacker having full access to the user’s financial or banking information stored on the computer. Obviously this puts the user’s personal information in severe jeopardy and represents a serious security risk.

The term Trojan refers to the fact this particular malware, Trojan.Hiloti is installed under deceptive pretences, infiltrating the user’s PC without their approval or knowledge.

Trojan.Hiloti is particularly damaging to a computer system, once it has fully embedded itself within the PC’s system, therefore it is given a high priority security risk status by many computer analysts." - PCThreat.com

You might want to have a security suite on your computer. I'd recommend Kaspersky.

If you can't afford it, AVG or Avast! plus Zone Alarm free firewall might be an 'ok' alternative (only 'ok' because really? You get what you pay for), and add Mamutu 3.0 (free also) to whichever you choose (and firewall Zonealarm).

Don't open emails from people/places you don't know, and be suspicious of any attachments. Be careful where you browse and add a link "sniffer" extension to your browser.... like WOT or Threatfire.

As for the "Should I change my passwords?" question, I'd say "Yes." Why? Because you have no idea how long this malware has existed on your system (if it exists on your system). I say "If", because even software as good as the one which "found" it can be mistaken. False positives happen. However, continuing in the spirit of "playing it safe", it certainly couldn't hurt to change them. Incidentally, if you find an account you can't get into that should be taken as definitive proof you did have the malware infection. You should then contact the account managers and outline what happened. They should freeze the account. Reestablish yourself and use a new, "strong" password.

Hope this helps.

Thank you very much for your time. I did what you said, I changed my passwords.

I was thinking of buying Kaspersky, I was using the trial version long time ago, and when it ended I started using Microsoft Security Essentials. I have no firewall installed, only the Windows Firewall is active, so I think I'm going to use ZoneAlarm, unless I buy Kaspersky.

My question is: Is Microsoft Security Essentials trustworthy???

EDIT: No, I'm using the free version.

As far as it goes, "yes". It is only rated as a middling effort.

@ElanaAhova:

Thank you. As for Pale Moon, generally speaking, Firefox extensions will work with it as it is a version of Firefox tailored for Windows OS's.

Just use "Web of Trust" here: https://addons.mozilla.org/en-US/firefox/extensions/privacy-security/

Or Comodo Free Firewall (has standard firewall + Host Intrusion Prevention System*). Though its firewall is not quire as simple to use**.

* Which is what Mamutu 3.0 is, though they call it a Behovior Blocker.

** But Comodo Free Firewall comes with 60 free 24/7 chat with computer techs who will help with any computer problem you may have, who can help set it up.

It is good at known viruses, which is where anti-virus software is strongest anyways. It is still a good idea to use other things with it for things it has not have a singature for.

Google it and see.

Only issue I have with it is the fact that it turns on automatic updates for Windows when installed and there is no issue to turn of auto updates for the program itself. I like to manually update my programs as turning on auto updates wastes resources.

It turns on Windows auto updates if the auto update is completely turned off. Yours is not. Be that as it may there are better AV programs out there. MSE is slow in detecting intrusions.

Not necessarily, H4wk13.

To me, you haven't proven you haven't been infected. You might or might not have the Trojan.Hiloti.

I would not conclude that because it might be a false positive it definitely is one, just because you'd like for that to be true.

Were I you, I would add a comment to that Forum and ask them if this has been fixed or not, the comment from the IT manager not withstanding.

That's because although that computer was not connected to the internet, usb sticks, disks, etc. from other (possibly infected) computers may have been used with it to load programs, data etc.... so it might have become infected.

Found this: http://www.pcworld.com/article/101910/first_jpeg_virus_identified.html

and this (old, but possible):  http://www.sophos.com/en-us/press-office/press-releases/2002/06/va_perrun.aspx

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AHTML%2FIframeRef.V&ThreatID=-2147319545

Bu this is better:

http://answers.microsoft.com/en-us/protect/forum/protect_scanning/exploithtmliframerefv/c8510ed1-c9d6-466b-a2d5-041f425b3c29?msgId=aa83dd51-c2fb-4d65-9e88-7472cbbd2e2e&page=1

I'd pick up Kaspersky if I were you. You also need to be concerned about where and how you picked this up.

Make sure your Adobe Flash, Acrobat and Java are all updated as well as your browsers.

This might help with removal:

http://help.lockergnome.com/windows/Exploit-HTML-IframeRef-gen-rid--ftopict553176.html

This is very good: http://free.antivirus.com/hijackthis/

"Using HijackThis

To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan. HijackThis will display a list of areas on your computer that might have been changed by spyware. Do not change any settings if you are unsure of what to do. There are many popular support forums on the web that provide free technical assistance by using HijackThis log files to diagnose an infected computer.

Not an expert? Just save the HijackThis report and let a friend with more troubleshooting experience take a look. A large community of users participates in online forums, where experts help interpret HijackThis scan results to clean up infected computers."

 

 

 

Your browser history should have that information.

There are legal versions of kaspersky for developers .... for which you can get activation key for free. Almost all functionality of kaspersky internet security are turned on. Its even easier to get the key if you know german since website is german but there is always google translate.

I'm not saying to get it but for short period or if you use PC very sporadically it is good option.

On my main desktop I have full purchased KIS 2011 but since i got licence for only 1 PC I use KIS for developers on my second PC which is in use only when desktop hardware breaks down.  

EDIT: I am Kaspersky customer since 2006 and I don't think I would change it if the other one was for free. Had AVG and norton before.