Virus help please please please!

[nigelloring]

I was playing this dude on Prima 50/100 NLHE and took about 10k off him. He asked for my AIM so I gave it to him. He asked if I wanted to read an interesting article about Prima, so I said OK.

He then transferred me a file, which I opened and ran. It was called something like PrimaPokerswearticle.exe. Anyway, nothing happened, but it still showed running in my Task Manager.

I am as I write this running my AVG Soho edition virus checker, as well as Microsoft Windows Defender (Beta 2).

I know I have been a complete moran in opening the file, but what should I do now to protect myself against him stealing all my passwords, installing a keylogger, looking at my hole cards in future, etc?

Please help. I don't even feel I can log onto a poker site by entering my password safely.

I am willing to pay through the nose for good anti-spyware software or anti-virus software. Please help!

[CORed]

If this is something he wrote himself and sent to you, and hasn't mass-distributed, anti-virus or anti-spyware software probably won't help. The safest thing to do at this point would be to reformat and start over. At a minimum, kill the program from Task Manager, then run msconfig and delete it from your startup, if it's there. Also, if you can kill it, search for the executable file on your hard drive and delete it. You may need to start in safe mode to get rid of it. The trouble is, you don't know how sophisticated this progame is. the executable you see could be a decoy and the real malware being hidden by a rootkit, or running under another name, so the best thing to do is is wipe your PC clean and reinstall. BTW, don't ever run a .exe from an untrusted source. I think you already know this, but you forgot. I think you are right to be concerned that this is a keylogger, back door or program to send your hole cards to the other player.

[Phil153]

CORed is right. If he wrote it himself, virus or spyware protection won't help you. Most viruses and spyware are things designed to tack onto legitimate programs and then infect your system. A program specifically written to give him access to your computer won't be detected by anti virus or anti spyware software. To them it looks no different to your yahoo messenger or party poker or firefox.

If he installed a rootkit, the backdoor can be completely undetectable and he can bypass your firewall and anything else he likes. You should reformat, especially since you play high stakes poker. And don't open internet exe files, ever, unless you download from a trusted source like pokertracker.com or download.com or something.

[MadTiger]

He didn't care about dropping the dough to you if he could phish (no pun intended) passwords to all your loot in your accounts.

[wonderwes]

If you have system restore set on your machine, go back two days and have XP restore your machine from that point. The virus probably will not run on boot up. If you still see it and you can not get rid of it, then format the whole box.

Oh yeah, change passwords to all your poker account and financial accounts like neteller.

[nigelloring]

OK, I reinstalled Windows XP on my computer, and also reformatted the hard drive.

Funny thing is, when I was reinstalling AIM, and had just signed in, a message popped up saying "You have chosen to install this software from MicroGaming. Do you accept the terms and conditions?"

Now I know Microgaming makes the software behind the Prima Poker skins. Is this guy still able to get at my computer through my AIM? This was literally 2 seconds after I had logged into AIM.

Should I just reformat again, and never use AIM?

[ToeHold]

You could switch to using a different client:

http://www.ceruleanstudios.com/

Trillian works well and does not install anything on the sly...

[Str8Fish]

I think microgaming is for AIM's stupid games.

[nigelloring]

[ QUOTE ]
I think microgaming is for AIM's stupid games.

[/ QUOTE ]

Could anyone confirm this please?

I would be immensely relieved if this were the case.