Saturday, December 27, 2008

Bonnie Goes Blogistic: Malware


Infected by pop-up plague, good cure tough to find

Trojan used to be such an innocent word – you know, like it was supposed to be protection.

Those were the good old days, before the digital revolution gave it a whole new meaning.

And we’re not talking about online porn stuff, either.

Not long ago I received email warnings relayed by family and friends that using Microsoft Internet Explorer might compromise my computer. I took it so seriously that I stopped using IE and turned to Mozilla Firefox as my browser.

Guess what? It, too, was vulnerable to attack as my computer was invaded by a Trojan from visiting a Web site that was Googled with Foxfire.

No, it wasn’t a porn site. I was merely looking for some UBB code I wanted to use on a forum. As soon as I clicked on this site (whose owners likely don’t even know it is infected, and I don’t remember the URL), Internet Explorer opened with no command from me and I received a machinegun-rapid barrage of advertisements.

I remember one ad being for online sports betting, but hardly paid attention to the content. I just wanted the pop-ups gone, but they came so fast I couldn’t close the windows quickly enough.

The lesson of Vanuatu

While this was happening, I remembered from years ago how our daughter’s computer at college, in a dial-up connection, got snared by a Web site where rapid clicking to close windows brought in an undesirable link to some distant place we’d never heard of – Vanuatu – and a huge unauthorized charge to the phone bill. A friend had been using the computer, surfing evidently in all the wrong places.

Because of that, I knew I shouldn’t continue clicking to close the array of windows. So I hit Control-Alt-Delete, bringing up the Task Manager where I could End Task for unwanted applications.

That worked for the moment, but not in time to avoid longer-term problems. I was infected with a Trojan.

What bothers me is that I’ve been good. I haven’t visited questionable Web sites. In fact, the one I clicked on that planted this Trojan had a green sign from my supposed protector, McAfee, which indicated that it was safe. And I keep up with all the latest updates.

I used to subscribe to McAfee. But in buying high-speed cable, it came free with the service from Comcast.

(I know – they say if it’s free, you get what you pay for.)

I have McAfee protection. I counted on it, and it let me down.

I’m not a computer geek. All I want to do is use my equipment for creativity, communication and information. That’s it.

But now I had to face geeky challenges to try to fix my problem since I couldn’t count on McAfee. Nor could I count on Microsoft – which is real good about messaging you about having to shut down, and asking if you want the problem reported. Kind of an inside joke, no doubt, for all the answers anyone gets back from Seattle or Mumbai or wherever.

Vulnerable and angry

But I was determined to fight back against this “home invasion.”

Yes, that’s what it was. It was a digital home invasion and I felt violated. I WAS violated. I couldn’t trust actions I performed on my computer for fear that I was vulnerable. I WAS vulnerable.

So the first thing I tried to do was to go back a few days to an earlier restore point. Dead end! Apparently the Trojan took care of that and all restore points were wiped out except for the day I was infected, and I wasn’t going to use that as a restore point.

The next thing I did was a full McAfee scan. Guess what? Nothing was found.

Then I rebooted my computer to safe mode and scanned again. McAfee still didn’t find anything.

During the next couple of days, McAfee was able to quarantine a malware file named Generic. And it was able to remove another, named Vundo. However, it was unable to do anything with GenericArtemis and this was a problem.

I got constant pop-ups from McAfee that I should reboot and scan. Every time I did, nothing was found and then I got the same message again. It reminded me of the old song about Boston Charlie riding the MTA. It was an unending, frustrating loop.

Unable to delete Internet Explorer (probably because it is so ingrained in the Microsoft package), I took some extreme measures – unplugging my connection to the outside world, and setting the program to its highest security level. Then I deleted Firefox.

Connecting to the Internet again, I started using Safari, an Apple product which seems not to be vulnerable.

But I still had a Trojan. I knew this because I kept getting a blank white screen. With the new IE settings, the Trojan couldn’t access the advertising sites but could still open IE –hence the blank window, which I then had to close using Control-Alt-Delete.

Next I tried to download another possible malware remedy called Ad-Aware, recommended by a son-in-law who said it had worked for him in the past. He also looked at a record of the infected files, and said, “This is bad,” explaining that the files had “hooks” which attached themselves to many other files.

Microsoft disallowed a download of Ad-Aware until the security setting was back to “medium,” and then I was able to scan with Ad-Aware, which found and removed a nasty thing named Virtumonde.

But I was not anywhere near out of the woods. There was still a problem, as some electronic critter kept opening Internet Explorer and the white screen reappeared again and again.
Neither McAfee nor Ad-Aware solved the problem.

Link to the solution?

Next, I tried downloading a program called Malwarebytes, which was recommended by a participant in a forum of McAfee users – and I seemed to have hit the jackpot! (So McAfee was good for something – one of its users had an answer).

Malwarebytes found about 40 infected files and removed some. The others were quarantined and then removed when I restarted my computer.

It’s now been six hours since I’ve done this, and so far (knock on plastic), no more ads.

I’m left angry that the good guys haven’t been smart enough to overcome the bad guys – at least, in this case, Microsoft (assuming they are good guys) and McAfee (where maybe they are smart, but just not fast enough to keep up).

I’m angry that stealth programs can invade my computer, in spite of all the right things I do. I’m angry at Microsoft and McAfee for not protecting me.

But I’m thankful to Safari for providing a free browser that doesn’t seem to be so vulnerable, and to Malwarebytes for having a smart program that helped me solve my problem.

I’m so grateful that, if a few days pass without a recurrence, I might even buy the full version.

Today's fortune cookie message

Your happiness is intertwined with your outlook on life.

(... but probably not with Microsoft's Outlook Express)

Daily number: 900

Editor's note

The Bonnie who occasionally goes 'blogistic' here in The Real Muck is Bonnie J. Schupp, the life partner, inspiration and art director for the blogger-in-chief. David has been lazy and not written very much in the past week. But he'll be back soon, and thanks you for visiting.

Note to dictionary editors

Blogistic: Venting feelings or exorcizing demons or any sort through a blog posting.

2 comments:

wayne said...

Bless you! I found your blog via Avedon. I was having the same problems with my computer - blank screen, malware, etc. I ran malwarebytes and it cleared up promptly. Thanks!!!

ellroon said...

My daughter wants to know what kind of scented candle you like so she can light it in your honor.

I have just reformatted my computer because of the Vundo and Virtumonde viruses and she had just gotten a new motherboard and freshing reloaded XP and found to her horror her computer already was infected.

We used Malwarebytes and it cleaned her computer right up!

Thanks for raging against the idiots who love to create these things. They need to be blindfolded and bound in a room full of angry mothers with red hot kitchen utensils...