Sunday, February 3, 2008

Virus Alert

I'm no expert in viruses, spyware and malware,
this is simply a personal story of survival where these rude little irritants are concerned.

There's no doubt that computer viruses and spyware are a crippling time-waster for those of us who work on our computers, and also on the web. What sort of person creates this stuff? Honestly? Immature pre- teenage geniuses? Mr. Norton? Come on now. You know who you are. (AND - Just so you know, you totally blew me away this week - with your smart little 'rogue anti-spyware hijacker' programs.)

So here's what I had going on (and have a little of, still) Trojan Vundo and Trojan Zlob + an ugly little hijacker called "Storage Protector". (please notice - I did not put a link to their nasty little website and I do NOT recommend going to it or downloading any of their software!).

It all started with my computer running a little slow. Then, all of a sudden - I start getting crazy messages and system errors. And these look totally LEGIT, people!

Next thing you know, you've got two "Microsoft Windows" icons on your desktop: one for "Help and Support" and one other (I can't remember - and I don't want to bring it back just to post it here!).

Luckily, I didn't click on any of them - but viewed their properties (right click, view properties.) and saw that they DID NOT go to Microsoft, or to a system file on my machine, but rather a website called "Storage Protector". UGLY!

Here's how smart these uglies are: you can run anti-spyware programs (Adaware by Lavasoft, SpyHunter3 by Enigma - both good options) and these little malicious programs 'sense' or are triggered that they're being hunted.... So, they change their filenames often (to go under the radar of these programs and of known filenames that one might try and delete to manually remove the infection).

In addition, they embed themselves in Windows logon files, so they automatically renew themselves on startup/boot. So many times, the only way to get rid of them is to format or restore the entire hard drive, because trying to remove these files from the logon files can damage the logon process, making it impossible to boot up again. UGLY!

What did I do? I freaked out first. All my client files are on my machine, and my entire life in photos. I use the internet and FTP all the time.

For hope and inspiration, I then spoke to an Apple friend, who told me that the MacBook Pro I got for Christmas just wouldn't put up with these nasty little programs (the Operating System, OSX, does not support these programs, they are ahead of these hijackers! Hallelujah!) and that it was safe to transfer my client's files. I did so at once. Then, I moved on to the business of cleaning my Windows Laptop of these hateful little boogers.

Tips to remove and protect and learn:

First and foremost: Change browsers. If you're on Internet Explorer: change now to Mozilla Firefox. It's more secure, and less likely to allow browser hijacking and these back door viruses like Vundo and Zlob into your computer to open it up to other infections.

Then, look and learn: If you suspect malware or spyware, or virus infections on your computer, run an anti-spyware program and an anti-virus program. There's lots of good FREE Ones out there.

Spyware/Malware: SpyHunter3, Adaware
Both have good support, forums, and helpful people. You might have to also download and test some other programs or tools to remove the bugs (as requested or directed by security volunteers on the forum).

Typically, the people on these forums are volunteers - so you MUST have patience and manners when posting on these forums, and read the pre-posting instructions. You might figure out and clean your infection on your own just by the free info. They are helping others for a whole buncha nothin'! And if you can, please donate to their causes - because they are working hard to keep people safe. I actually purchased the paid versions of a couple of spyware programs and run them every day now. They didn't remove what I had - but support was good - and informative.

Virus Protection: Avast AntiVirus
So far so good - this little gem has cleaned up a bunch.

Overall support and GREAT info: Atribune
Atri - the developer and site owner - he's an INCREDIPEOPLE kind of guy. Seems that he came up with a little thing called VUNDOFIX, which I ran - it (in my case) actually got rid of the ZLOB, and the Storage Protector. (or a combination of Avast + VundoFix) so now I have 4 files left, that claim 'Vundo' that I'm having a hard time getting off my machine... BUT - I have, since finding Atribune, removed 10 files of Zlob + Vundo and the Storage Protector. So I am totally happy - being that progress has been made.

So there's my journey - and my links to great tools and websites that I think will help others. I've posted in the Atribune forums for some help on removing these last 4 files - so hopefully I'll get those off too. I'll keep you posted!

Cheers - and Good luck!!

No comments: