I know it's Christmastime, but I couldn't help it. One of my computers caught a particularly nasty virus. It was the one that looks like an antivirus program. It ended up attaching itself to critical Windows 7 processes, so it could not be removed and it tore up the firewall in the process.
I may have picked it up investigating naked women riding scooters, or it could have been the kids downloading time-wasting games. Regardless, I got it and couldn't get rid of it.
I went out to some on-line forums looking for a solution, and all I ended up doing was wallowing in the cries of the angry and frustrated. Here's a few of my favorite comments...
"I'd like to get my hands on the son of a bitch that did this. I've removed it three times and it keeps coming back."
"Murder is forefront in my mind."And I agree with them.
Fortunately, I was prepared. I recommend everyone own a 500 GB to 1 TB external USB drive (They go for around $100) to back up anything you care about. I do. That way, worst case scenario happens and you still have your family pictures and important documents. I own four of them because I have a lot of music and video
A Cheap Insurance Policy
I could not clean my computer, but I did not despair. Why? Because I made a complete system image when I first got my computer. Here is how I do it, and I recommend everyone do something similar. A little advanced planning can get you back up and running when disaster strikes.
In addition to an external drive, you will also need another hard drive, and a blank DVD. Here's what I do when I get a new computer:
1. Decrapify the computer. Remove all the trial versions, crapware and other useless stuff.
2. Install good stuff. Spybot, Windows Defender or AVG Free Edition, and all your other software
3. Do a Spybot scan, virus scan Disk scan, Defrag
4. Use Control Panel/Backup and Restore to Create a Rescue Disk
5. Use Control Panel/Backup and Restore to Create a System Image and put it on your external USB Drive
6. Take the hard drive out of your computer, label it, and set it aside. Install the brand new hard drive
7. Boot your computer using the rescue disk you made, and when prompted select 'restore system image'
8. Point the restore process to the USB drive where your system image resides
9. Windows will create a clone on the new hard drive and then boot up to Windows 7.
Once the process completes and Windows starts, you are done. You now have the exact computer you had before, but on a new drive. You also now have an emergency hard drive ready to go if disaster strikes.
If you don't want to spring for the second drive, you can still follow these steps to make a system image, and if heaven forbid something goes wrong with your computer, you can boot up using the the rescue disk and restore your system. Be sure to save off any files and settings first! This process completely wipes your disk, eradicating any spyware, viruses or other useless stuff junking up your computer.
Doing this faithfully for each of my computers has saved me more than once.
Happy computing!
34 comments:
Hope you had a Merry Christmas, AV Trojans aside.
I presume it was Win7 Antivirus 2012 or a variant (Vista, 95, etc). Got it on both my laptop and my wife's, both times preceded by an Acrobat update (which I presume was a spoof).
Fixed it with Malawarebyte free software with the computer started in safe mode w/o network connectivity.
Neither Norton nor McAfee could even see it, let alone remove it. My understanding is it is not a virus but a trojan that hijacks internet explorer, tells you that you have a virus and wants you to go to their website (the only one it will let you go to) to 'buy' their updated software (and giving them your credit card number in the process).
On my wife's computer it broke the McAfee firewall, which resulted in us having to reinstall McAfee. On my computer it broke the ".exe" file extension which required me to go in and manually fix it the registry.
Isn't modern life wonderful?
Hope you have a Happy New Year.
Cheers!
Yeah, this was some variant. My understanding (and it is murky) is that the malware places an executable somewhere on your computer, and that is what launches and does the damage. Repairing the registry is fixing the symptom, not the problem.
Both AVG and Windows Defender found the malicious JS and trojan horses, but could not remove them, even in safe mode, I think because they attached themselves to a critical process, because AVG and Windows Defender can't remove them from a process that is running.
Spybot also found the bad registry keys and fixed those, but I could not detect and eradicate the malware itself.
I will keep your Malwarebytes advice in my hip pocket...
*** CAUTION TO ALL ***
When something like this strikes and you are surfing for a solution, all kinds of web sites will pop up offering ways to fix it. Unless you know them, don't trust them.
You can get free tools like Malwarebytes at
http://download.cnet.com
It is a legitimate site. I never download from anywhere but there.
Wouldn't it make more sense -- and be a lot easier -- just to convert to Mac and be done with it?
~ A Satisfied MacUser aka FreeThinke
I wondered how long it would take for a smug Mac-oid to show up and look down upon we mere mortals still using inferior Microsoft-based products... ;)
Been there - done that. Even my computer guru had problems getting it fixed. When I got my new computer, Malwarebytes was not put back on by some over site. BIG mistake!
I fiddled for a bit and then turned off my computer and waited for guru to get here. Eight hours later my husband got it in his computer. While the fake message looked exactly the same the trojan acted differently which I guess is pretty common.
I now have the paid version of Malwarebytes which stops the trojan from getting in to begin with. We also use Carbonite and have pretty happy with them.
I need to get Carbonite.
Your post depressed me because I'm so woefully untechie and fear a bad virus so much!
Glad you worked yours out!
I guess I'll stay away from the naked girs on scooters site now :-)
Yes, Z. The wages of peeping at Naked Girls on Bikes on the net is the Death of your PC.
Seems like condign punishment for married guy puterholics, doesn't it?
};-)>
~ FT
You are the second person I know to catch this new version of that old virus on Windows 7.
Fist of all, rather than having to restore your system in the future make sure you have download all these (and they are all free, or offer a 100% free version)...
CCleaner - and use it to wipe EVERYTHING but Free Space after EVERY session. When it seems you're running oddly, or you have added or removed programs, use the registry cleaner and use the back-up feature to make a record of your cleaning of the registry as you can always undo it if it causes a problem.
Malwarebytes, as FinnTann wisely and correctly mentioned.
At least one more anti-virus, like Avast or AVG, constantly running in the background - I prefer Avast.
Ad-Aware - if it will run with your other programs.
Square Privacy Center, another program to run after every session, as this will remove any traces CCleaner misses.
HijackThis, to be run in Safe Mode when you have a problem. It will detect registry corruptions and will help you correct them.
I also strongly urge you to use Google as your home page, Google Chrome as your preferred search engine, and do not run Yahoo or such at start.
With these programs you should run smoothly and safely almost indefinitely.
Also, Pay a visit to Kim Komando's website. She has great advise and free downloads for everything the private user needs.
Ciao, JMJ
Games are notorious for being able to bypass any and all anti-virus protection.
If you must play games on your computer, use an old machine that has been rezorched and runs a Linux OS.
Jersey: Good advice. The computer in question did not run Google Chrome, and I may have been remiss in not keeping the protections up to date since it is not a primary computer. I use a laptop and we have common/music, etc on a networked NAS.
AOW: Also excellent advice. Unix and its derivatives are much more bulletproof.
Don't feel bad, Silver. I caught this virus on my Gov't computer a couple of weeks ago... what a pain in the arse.
Had to kill off some executables and then open heart surgery on Windows registry.
Reinstalled McAfee. My computer isn't 100%, still a few bugs when these bastards went though my electronic china shop. Having a backup image is a great idea.
Yes: it's OK to entertain thoughts of hackers burning in Hell. Think of all the millions of man-hours and money these criminals have stolen from people.
1. Find out if Sophos antivirus is available for Windows.
2. Make sure you are purging your Flash cookies and LSO's (marking "Don't Allow" in the Flash preferences is constantly overridden). Try the "Better Privacy" add-on if you use Foxfire.
3. Foxfire users should look into Noscript.
4. I run with cookies disallowed. I have cookies and permissions on for regular sites like banking and commerce and sites requiring sign on but everything else is no-no.
5. Turn on your browser option to warn of malicious sites.
Prevention is a reasonably effective cure.
Wow! I am impressed with everyone's knowledge of computers.
I use McAfeee from Suddenlink. But now may consider Avast?
Silver, I hope you don't mind, but I may be copying your post for future reference as well as some of this comments.
I will be the first to admit I am not computer savvy. And could use all the the help I can get.
I've been a stalwart believer in ESET Nod32 Antivirus for a number of years. I went the freeware route for a long time, but I wanted/needed something a bit closer to absolute protection, and after comparing stacks of antivirus software tests, I decided to spend the money on ESET. Updated immediately when new definitions are released (usually at least a couple of times each day), low resource usage, and stops the bad guys dead. It was probably the best money I've ever spent on something related to my computer (well, second to the money I spent on Skyrim, anyway...).
The best piece of security freeware I use is SpywareBlaster. You have to update the free version manually, but with the basic weekly maintenance that everybody should be doing anyway, it has kept spyware and friends out for years.
Also, the kids do not, under any circumstances, use my computer...
Great advice.
I also have image backup software and two external USB 2.0 drives, a 500gb and a 1tb. (They're too cheap)
I keep one connected for a one click backup when I turn in every night and alternate them weekly. So, even if lightning strikes (or a virus) and frys everything connected to the system, I still have a complete system image, up to date on software patches etc, that is no more than a week old. I can live with that.
PS - I don't run any protection/scanning software other than ESET anti-virus. (AVG is a great Free anti-virus btw) and have no problems.
If people are happy running spybot and all that, fine, but my setup is extremely low maintenance.
Win7-firewall on, ESET, 2 image backup drives and the only thing I run is to click on the backup icon when I head off the computer for the day. Done.
The backup software I use is Acronis, but there are other good ones for around 50 bucks as this one cost. I have the Acronis 2010 Home version, and the continual backup feature doesn't work, but I don't care, as if I had to go back a day or a week, it's no sweat.
PPS - to clarify, one of my backup drives is not connected to the power outlet or the computer, alternated.
PPMS- The image backup software maintains multiple versions of the back so after a week for example, there will be 7 complete system images. If I discover I've had a problem for a coupe days, I can go back 3 days, whatever number you want to put put it, up to two weeks.
One little piece of advice from an admittedly rank amateur -- nay even a spiritual Luddite -- is this:
NEVER OPEN ANY UNSOLICITED EMAILS.
But I still say, avoid the pain, and "GET A MAC."
~ FreeThinke
PS: I admire your knowledge, skill, ingenuity and perseverance, but I've long had a more-than-a sneaking suspicion that true tech heads are virtually addicted to solving the problems connected with "Process" -- to the point where "Process" is more interesting to them than "Product."
Who was it who wrote -- seemingly aeons ago -- "The Medium is the Massage?"
Oh yes. Marshall McLuhan. Smart guy he.
Cyberspace may
Be as great as they say,
But it wouldn't be missed,
If it didn't exist.
~ FT
Games are bad? Ruhroh...I've just been enjoying playing Lexulous Scrabble with a friend via the net! Should I stop?! Tell me NO!! :-)
I just went through the loss of my desk top this past month. Countless hours lost and work undone. Let alone the cost of a new desk top. Fortunately I had installed Carbonite four weeks prior to crash.
Sorry that happened to you, Silverfiddle. I lost a 1 year old laptop from that damn Trojan.
Thanks for writing this post, though, between your advice and everyone else's, there's a lot of helpful information that should keep our computers safe!
Hope you had a great Christmas! Have a safe and happy New Year!
I have two 1GB USB drives. I make two backups. If you want it back it up. If you really want it and it's important back up the backup.
Also you don't have to backup the programs, just the data. Difference is data is the information, programs can be reinstalled.
Sorry to hear about the computer. We've all been there. Yes the worst are the ones that act like antivirus programs. "Click here to install full version."
Click this buddy.
And in the future avoid those naked scooter riding women sites.
Stick to the safe sites like "Photoshopped images of Olivia Wilde naked."
That's what I do.
Macs had a good reputation for being virus free, but that is starting to change. Weasels are starting to work on this untapped field now. CNET, Kim Komando and some other sites are starting to report them showing up.
Backup files and run several antivirus and malware programs. My wife is a teacher and even when she has gone to innocuous educational websites, stuff has been detected and blocked. It's not just on the "naked women riding scooters" or games websites. These hackers look for ANYTHING they can attach their program to.
Yes, Alligator, there an be no doubt the innately depraved nature of Fallen Man respects no entity and knows no bounds.
HOWEVER, I've been a Mac Person for over twenty years, on the net for 12, and have yet to deal with a virus.
And yes, I know, "There's always a first time."
Macs have many other virtues. being tech-moron-friendly is one of their greatest.
HAPPY NEW YEAR! -- until Obummer gets re-elected -- which at the rate things are going is slated to occur just as surely as God made little green apples.
~ FreeThinke
ALSO:
I don't know if this is true or not, but I have heard -- repeatedly -- that we shouldn't open any "attachments" -- EVEN if they come from people we know and like.
That's why I generally copy and paste rather than link when I send emails, unless it's a link to a YouTube video.
~ FT
I doubt that this applies to you, Silver, but a lot of headaches can be avoided by simply being judicious about what goes onto your computer. If you don't need it, don't it install it. Don't be cavalier about loading new stuff.
That said, I swear by Malwarebytes and CCleaner. (I've been a faithful user since back when it was named "Crap Cleaner," which was apparently just too politically incorrect for the delicate world to tolerate.)
And like OD said, backup your stuff, but don't be too trustful of those backups. CDs & DVDs can actually become unusable even if you haven't mistreated it - the media just degrades with age.
Programs can easily be reinstalled but your data - your work - is what cannot be easily replaced. It's also well worth making screen caps (SnagIt is worth its weight in gold!) of your config screens to easily re-setup your email client connections.
I highly recommend Malwarebytes from malwarebytes.org and CCleaner from Piriform.
Both are free to download and use. Malwarebytes has permanently removed all sorts of malicious programs and adtrackers that have plagued my system, and CCleaner is awesome because it can do everything from remove bad registry files to deleting your harddrive to the point even the NSA can't retrieve what you wiped, and everything in between.
Naturally, as with all anti-virus scanners, run these programs in Windows safe mode (without networking) for maximum scrubbing. A lot of these malicious programs hide from anti-virus programs in the boot sector of the hard drive. Running your AV in safe mode supersedes this and cleans your boot sector too.
heh.. just read the thread... Rob said it all first...
For "elite" internet browsing, try out Opera. It's like Google Chrome, but better.
The most no-nonsense internet browsing experience I've had by far, and you can set your favorite sites as "speed dial" screens and refresh all of them simultaneously... it's nice to know you have Facebook messages, email, and new items to read at your favorite blogs updated in real time all on one simple point and click screen.
And, it's faaaaast! I download more data faster with Opera over WiFi to a DSL connection running at 1.8 to 2 Mbps speeds than I did with any other browser hardlined via ethernet cable directly into a 8+ Mbps cable modem.
I don't know how or why, but I ain't complaining. :)
Beamish Said: "to deleting your harddrive to the point even the NSA can't retrieve what you wiped, and everything in between."
Last year I had a C drive hard drive failure. Like I said before, I make regular backups. Using two USB hard drives. Alternating drives in case one gets hit.
I digress, since I most likely had personal and financial data on this drive, no way was I going to send it in for warranty work. Instead as my handle suggests I use the NRA disc wiping method. A 357 or 44 mag, 45ACP or 223 afternoon session renders the drive immune to data restoration. (be sure and police your range before you leave)
Well, yeah. Can't do anything software-related with dead hardware.
I've put 7.62x39mm into a dead monitor before... was amazed that the screen glass is over an inch thick (when it's not shattered, that is)
LOL
Post a Comment
Note: Only a member of this blog may post a comment.