I just got infected

[Beanbag]

Well, I'm no longer a virgin. One of my systems got malwared last night, the old Personal Antivirus. I suspect it made it onto my system because I had javascript enabled on my browser, and I was admittedly wandering around some of the more unsavory parts of the web.

I tried a few "obvious" solutions, like trying to shut down processes in task manager, booting in safe mode, restoring to an earlier known-good point. The little bastard did a good job of locking me out of just about every approach.

I fired up a laptop and went looking for a remedy that was understandable to an average person. Found a bunch of instructions for manually deleting a bunch of files and processes that spanned three or four pages. You'd think somebody would have a batch-mode file that would run out and do it all automatically.

I looked at the amount of time it would take to clean everything manually (couldn't even load up any of the fixes I'd downloaded on the laptop), and decided the best thing was to take the system down to bare metal and reload everything, even the OS (Win XP). Fortunately, I had an excellent and recent backup of all my "personal" files, so it wouldn't be all that painful. The longest part was doing a full reformat of the hard drive, just to be sure there was nothing left that might cause a problem later. My solution for that was to start the format, then go to bed. Got up this morning, finished the system install, then loaded all the software I normally use.

I'm still trying to figure out how it made it onto my system, past Microsoft Security Essentials. Full scans while infected showed no problems.

Anyhow, now I've got a nice, clean machine with all the normal old accumulation of crap removed.

Beanbag

 

[Yalius]

I've had very good luck using a removal tool called Combofix for removing the more insistent malwares.

 

[rjh01]

That is the trouble with anti-virus software. None of them are perfect, yet installing two could create even more problems.

 

[Roadtoad]

Some of the worst is the ransomware, which has hit me twice in the past 12 months. I'd personally like to crush the digits of the little maggots who create it, but first, you have to find them.

Sorry to hear it, Bean. I'm going to try a new OS, myself. As soon as I figure out what I'm doing.

 

[Ron_Tomkins]

Ah, yes. I remember back then when I had a PC and had to deal with all those issues.

 

[Skeptic Ginger]

I haven't tried to remove the malware that got my PC a month or so ago. But I'm enjoying my new MAC in the meantime.

"F8", for those who need to know how to start up in safe mode in order to recover files on an infected computer. Just hit "F8" while you are booting up. At least you can recover your files. Once I feel I have all the files I need, I'll risk trying some of the suggested fixes. Thank you, everyone for your suggested fixes. I trust one or more of them will work.

Oh, and I had anti-virus software and a firewall. Didn't stop the infection. But they worked for years. I guess the malware a-holes are just winning the game for the moment.

 

[Beanbag]

Some of the worst is the ransomware, which has hit me twice in the past 12 months. I'd personally like to crush the digits of the little maggots who create it, but first, you have to find them.

Sorry to hear it, Bean. I'm going to try a new OS, myself. As soon as I figure out what I'm doing.

That's pretty much what Personal Antivirus is -- it tells you everything in your system is infected, and won't let you do a damned thing except buy their "fix." I just figured the easiest way to squash the little bastard was to nuke the machine and start over. Fortunately, I'd just swapped out my old machine for a new one, and had the old one re-tasked as my AV playback machine, so it was simple to go get a lot of the stuff I'd have lost otherwise in a full reinstall.

Never had this level of infection or take-over before. I've been clickjacked, had sites drop porn links all over my desktop, and had them try to sneak stuff onto my machine before, but never had to reload the OS as my only choice.

Beanbag

 

[Beanbag]

You would think that if there are people who can write malware that can install itself so transparently on your system, there should be people who can write a specific removal tool that could remove it just as easily.

Beanbag

 

[Beanbag]

Ah, yes. I remember back then when I had a PC and had to deal with all those issues.

Yeah. In every group of pricks, there's always one that's a little more prickly than the rest.

Beanbag

 

[Blue Mountain]

Beanbag, were you running an antivirus/anti-malware program when you got infected?

(As for me, I run the best anti-virus I could find—Linux )

 

[Ohforf]

If you stumble upon a fake Antivirus, please report it to http://badwarebusters.org/community/submit
Other Users will get a warning if they try to enter these evil/hacked websites,
as long as they use decent Software (Firefox, among others, will do).
I have seen quite a few fake virus warnings, and i know these look very real, it's easy to get fooled.
Let's make the Internet a little bit safer.

 

[Blue Mountain]

Also, once again I'd like to point out the MVPS HOSTS file: http://www.mvps.org/winhelp2002/hosts.htm

 

[Beanbag]

Beanbag, were you running an antivirus/anti-malware program when you got infected?

(As for me, I run the best anti-virus I could find—Linux )

Microsoft Security Essentials, the free package Microsoft supplies.

Yeah, Linux is great IF you have a tech on call for handling all those "Linux" issues that seem to crop up, plus having to deal with hardware and driver issues that were resolved about five years ago in the Windows world. It's roughly the computer equivalent of having to pull and re-gap the spark plugs and adjust the timing on your car every time you fill the gas tank or change the inflation pressure in your tires. I've never been able to get any flavor of Linux configured for doing any serious work. The software has to be prodded along with a pointy stick to replicate functions easily performed by Windows software, or in a lot of cases the functionality just isn't there to begin with. Linux is a nostalgia trip -- it's where Windows and Macs were about ten-twelve years ago.

Beanbag

 

[Beanbag]

Also, once again I'd like to point out the MVPS HOSTS file: http://www.mvps.org/winhelp2002/hosts.htm

Feel free to point it out, by all means, but just what the hell does it do? I read the page, and all I got was a bad case of technical gibberish headache. I don't do tech geekspeak, which is something most geeks can't fathom. I'm sure it makes sense to them, because they live and breathe the stuff, but most people don't. What's clear to them sails right over my head. Imagine how you'd feel if I told you that you need to adjust the droplock and slide on your mechanical watch, and then just walked away, thinking it was perfectly clear.

Beanbag

 

[Blue Mountain]

Microsoft Security Essentials, the free package Microsoft supplies.

Yeah, Linux is great IF you have a tech on call for handling all those "Linux" issues that seem to crop up, plus having to deal with hardware and driver issues that were resolved about five years ago in the Windows world. It's roughly the computer equivalent of having to pull and re-gap the spark plugs and adjust the timing on your car every time you fill the gas tank or change the inflation pressure in your tires. I've never been able to get any flavor of Linux configured for doing any serious work. The software has to be prodded along with a pointy stick to replicate functions easily performed by Windows software, or in a lot of cases the functionality just isn't there to begin with. Linux is a nostalgia trip -- it's where Windows and Macs were about ten-twelve years ago.

Just curious ... when was the last time you tried Linux? That sounds like Linux five years ago. The modern ones (Ubuntu and its main derivative Linux Mint) are extremely straightforward. For anything web based, Linux should be able to work as well as Windows.

Also, are you able to resolve every issue you come across in Windows without asking for help or searching the internet? I know I can't, and I've been working with Windows since 3.1.

Having said that, there are places where Windows simply shines. Nothing beats Photoshop for working with pictures, and it's pretty darned good at connecting to wireless access points (both of these are weak areas in Linux, although the new ones are pretty good at connecting to wireless access points, too. Three years ago it was a different story.)

 

[Blue Mountain]

Feel free to point it out, by all means, but just what the hell does it do? I read the page, and all I got was a bad case of technical gibberish headache.

You're right. I just re-read that page, and right off the bat it talks about "mapping IP addresses to host names" and "DNS" and "caching." They do a very poor job of explaining why the hosts file is useful.

It will take me about an hour to write a decent explanation, and sadly it's late into the evening here and I'm tired. If no one else has posted good information by tomorrow morning, I'll write something and post it here.

 

[Ohforf]

Feel free to point it out, by all means, but just what the hell does it do? I read the page, and all I got was a bad case of technical gibberish headache. I don't do tech geekspeak, which is something most geeks can't fathom. I'm sure it makes sense to them, because they live and breathe the stuff, but most people don't. What's clear to them sails right over my head. Imagine how you'd feel if I told you that you need to adjust the droplock and slide on your mechanical watch, and then just walked away, thinking it was perfectly clear.

Beanbag

This is simplified, not explaining much...
the "hosts" File can be used to block URLs
By default, the only entry in the "hosts" File is "127.0.0.1 localhost".
Don't worry about this one, just don't delete it.

You can add unwanted URLs to block ads and other garbage.
example :
127.0.0.1 aol.com
will redirect "aol.com" to "127.0.0.1" - this IP adress is your own PC, so nothing will be read from the internet.

http://www.mvps.org/winhelp2002/hosts.htm offers a huge hosts File with a simple installer.

I prefer "Adblock plus" with a "easylist" subscription, this works only inside Firefox,
but its really easy to use and updates itself.
The "hosts" File is system-wide, so it blocks stuff in Internet Explorer and all other Programs.

 

[Beanbag]

Just curious ... when was the last time you tried Linux? That sounds like Linux five years ago. The modern ones (Ubuntu and its main derivative Linux Mint) are extremely straightforward. For anything web based, Linux should be able to work as well as Windows.

Also, are you able to resolve every issue you come across in Windows without asking for help or searching the internet? I know I can't, and I've been working with Windows since 3.1.

Having said that, there are places where Windows simply shines. Nothing beats Photoshop for working with pictures, and it's pretty darned good at connecting to wireless access points (both of these are weak areas in Linux, although the new ones are pretty good at connecting to wireless access points, too. Three years ago it was a different story.)

Don't ask me about Ubuntu version numbers; the last version I fiddled with was Hardy Heron. Never could get it to work well with a dual-monitor setup. When it did, you lost a lot of functionality in the on-board graphics effects on the card.

I'm "good enough" in Windows to be able to feel my way to a solution to MOST problems. I tend to have specialized machines, configured both in hardware and software for doing a specific task. For instance, I have a machine specifically arranged to do video editing. I don't use it for games (though as an i5, it should really scream for certain games) or browsing or just about anything else. I build the majority of my machines from scratch, using an OEM disk for loading the OS so I don't get all that useless crap that comes with a prebuilt system.

The problems I've been having recently are on a dual-core machine I previously used as an editing machine, running Win XP Home. I previously used AVG Free antivirus, but the latest upgraded version became a pain to work around, so I switched to MSSE on all my systems after doing a month-long evaluation on one of my machines.

I can't say I wouldn't have gotten the malware infection if I'd stayed with AVG. I suspect it most likely would have happened anyway because I left javascript enabled in Firefox (the latest version) and wandered into a bad neighborhood on the 'net. Usually, if I'm going slumming, I browse from a limited account, with all security features cranked up to Hi and all scripting shut down.

I look at Ubuntu Linux about every other version to see how it's doing. HH looked good enough for me to do a serious full install, dedicating a hi-end hardware platform for the evaluation. If all you want to do is use a word processor, surf, and play audio and video files, it was great. No decent video editing software suites ( Cinelerra is just barely useable, locks up frequently). It was like going back to Premeire on Mac Quadra 950's, and Open Office pretty much sucks for trying to set up custom keyboard macros. I'm NOT interested in learning yet another macro language, thank you. Word 2000 at least can record your keyboard and mouse actions to generate a macro. I played with HH for about two months, then scrubbed the drive and went back to XP.

Beanbag

 

[Ohforf]

Do you know the "noscript" Firefox Addon ?
It's really hardcore, blocking javascript everywhere, except on sites where you allow it.
Another fine tool in our ever growing security-toolbox.

 

[Andrew Wiggin]

Best way to think of the host file is as a little black book of phone numbers. Every time you request a website your browser looks at the host file first to see if there's an address listed for it. Damn near everything that connects to the internet checks the hosts file first. Usually the needed address isn't there, but it's a 'just in case' thing, and I suppose you could code in things you wanted to be able to access even if the DNS was down. If the address isn't in the hosts file, the browser connects to DNS to try and find the address. Sort of the way you'd call directory assistance if the number you needed wasn't in your little black book. Once it has the address, it connects.

Putting a false entry in the hosts file prevents your browser from connecting to that site. It has the wrong address, and keeps trying over and over. Usually the address folks use as a null is the local host, so it keeps trying to find, for example, AOL somewhere in your local files, and it never gets around to asking DNS.

Lots of viruses modify the hosts file to prevent you from connecting to well known anti-virus and troubleshooting resources, so this is a good place to check now and then. Normally it just has the local host address. If it has lots of things like Microsoft, Norton, AVG, places you might go for help listed with false addresses, you've been hacked. Deleting those entries should restore normal function.

I've updated my hosts file to prevent lots of virus sites from being connected. I got the list of sites from ones blocked by 'spybot search and destroy'. I don't know if it helps much. There wasn't a thing on the list that I'd voluntarily type into an address bar, but I suppose it would prevent malicious redirects.

A