Tuesday, 1 March 2011

Computer Virus Frustrations!

I have had a very frustrating week! My computer has downloaded a fake anti virus software program which has completely locked up everything on my computer and is holding me to blackmail until I pay a fee to download the 'solution' that promises to get rid of the '39 viruses, worms and trojans' that it has 'detected' on my hard drive (I'm writing this on my husband's computer). I have no intention of doing that (it's probably just a ruse to get my credit card details anyway) so I have spent several hours looking for a solution to remove this heinous virus/worm/trojan or whatever it is from my computer.

This thing has bypassed my McAfee software (and disabled it) and blocked me from using the Internet or any of my programs or files (it is 'protecting' them from harm). In short, my computer is completely useless!

I have managed to get into 'safe mode' on my computer and activate a scan which found two viruses. Apparently McAfee dealt with them but the problem persists. McAfee's own forum suggests downloading Malwarebytes software but I have no experience of using anything like this - do you?

Despite the frustration of this, the time wasting and the inconvenience of trying to sort it out I have remained pretty calm and philosophical about it. Over the years my computer has provided me with many more advantages than disadvantages. It has allowed me to shop in places I wouldn't otherwise be able to shop, buy things at prices I couldn't get them in High Street shops even buy things I couldn't buy in High Street shops. I often order my groceries online and have them delivered (for free) - that's a great service. My computer allows me to communicate with people all over the world and express myself in the written word. It allows me instant access to a range of resources on subjects that interest me. On the whole, my computer is a good friend, so I forgive it for getting infected!

I don't know if it's my martial arts training that is enabling me to have a fairly zen calmness about all this or just the mellowing with old age! A few years ago I would have felt like throwing my computer out of the window at this stage but now it sits patiently next to me at my desk, waiting to be fixed. Of course having access to another computer is helping to ameliorate the feelings of frustration though it won't prevent the time wasting and inconvenience of fixing my computer that is yet to come.

I had made some quite extensive notes for a blog post that I wanted to write yesterday but they are trapped inside my computer at the moment so it will have to wait.

Have you experienced this type of malevolent fake AV software virus? Did you find a solution for getting rid of it?

Bookmark and Share

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.0 UK: England & Wales License.


danyul said...

The weekend saw a huge increase in the number of infections, which seemed to be sourced through infected ads on sites such as eBay (see http://www.theregister.co.uk/2011/02/28/tainted_ads_blight_uk_sites/).

Malwarebytes is a reputable piece of software and is fine to use. The comments on The Register thread has some examples of how to remove the virus.

You're correct to not pass on your credit card, it will end up being used to steal as much as possible.

Charles James said...

Hi, Sue: Yes, I am a computer security guy and although I had the best security posture a virus still got through.

So, you will not like this but these neferous viruses are almost impossible to remove. They hide and replicate once you remove their stuff.

I am sad to say the only way is to wipe the drive and start from scratch.

I have discussed this with our security experts here, previously, and found the only true way is wipe and re-install.

Caveat: you cannot back up any of your data and restore it because it may hide the virus only to return after all your work.

I am assuming this is a windows box and although I spent twenty years of my career in Windows after my fiasco I moved to the iMac and have been estatic since.

Sorry, Sue, I do hope you can find another way.

Charles J.

Journeyman said...

I had a similar issue a few months back. I managed to restore my laptop to an earlier date. Found the tutorial on line. Then I ran something like Malware. Virus didn't come back (that I know of). It might work. Good luck.

John W. Zimmer said...

Hey Sue,

I'm a geek in my real life (windows server administration) and have not had to deal with this at work but at home my wife, my son and even I got this virus... my wife was the easiest because she asked me what to do when the "fake" warning message came up and I three finger salute (ctrl, alt, del) killed the web page.

My son and I were not so lucky... I hit a query box before I realized it and caught the virus as did my son.

I fought the virus, winning I thought the second day, only to discover it existed in other profiles. My son lost all of his data but I was able to restore from a backup from about a month earlier.

You see I manually back up every month or so... with an old windows program that xp still uses called ntbackup.exe.

But that was a year or so ago. Since then I have two accounts on my computer. Administrator and me. "Me" is a limited user that cannot install software. So I run everything as "Me" and viruses cannot get a leg up... even if they get through my discerning (hopefully) eye!

I do know of a fellow blogger friend that did seemingly follow those instructions on google and actually beat the virus... I chose the manual methods and lost.

If you try stuff on google - try to verify the page you are downloading from is not another fake virus... hackers have a sense of humor. I'd love to get my hand on them though!

Good luck and I truly feel your pain! :(

Rig said...

Hi Sue

These fake virus malware programs are quite common I'm afraid and as previous posters have already suggested a wipe and re-install is a common fix to this sort of problem.

Malwarebytes is a great program and I can recommend it, although it's not perfect (no anti malware, scareware virus etc. program is) is does do a great job.

I'm not a fan of McAfee (or McCrappy as I know it) as I've known too many systems compromised while being 'protected' by it.

Depending on how technical you are, there are some great tools from Sysinternals (live.sysinternals.com) such as autoruns, process explorer and process monitor that will help you fight the virus - but bear in mind that these tools are not for the average computer user or home enthusiast.

Unfortunately I cannot give you specific advise as each infection can be unique and the removal process varies but I'm more than happy to offer to help any way I can.

In case my contact details don't come up with this comment, you can contact me via my website at www.rigsville.org.uk

Sue C said...

Thanks everyone for your advice. This is what I'm going to do:
boot up in safe mode, do a system restore to before the virus struck, download the malwarebytes software and run it, hope for the best! If that doesn't work then plan B will be to wipe the hard drive and start again (hope I don't have to though).

Apparently the virus hit the uk over the weekend through third party advertisements on uk websites. Apparently the area I live in has been particularly badly hit.

I'll let you know how i get on.

Charles James said...

Best of Luck Sue!!!!

Sue C said...

Success! I'm writing this post on MY computer which appears to be free of that dratted virus. The darned thing tried to prevent me access to the restore program even when in safe mode but I outwitted it and snook in using 'safe mode with prompt' and typing rstrui.exe. I restored the computer to last Friday's restore point and then downloaded the Malwarebytes software which ran a scan but didn’t detect anything. Anyway, I rebooted in normal mode and the virus was gone although my McAfee software was corrupted. I downloaded McAfee’s virtual technician software and that fixed some of the problems with it – I had lost real time scanning but that’s now been restored. I haven’t noticed any other problems yet so I’ll just have to see how it goes. At least I’ve learnt a lot about how my computer works and I do feel as if I’ve won a significant battle!

Charles James said...


Sue C said...

Thank you!

John W. Zimmer said...

Cool Sue! Now is a good time to buy and external hard drive and back up any important files regularly.

I mostly do monthly for the whole computer and weekly or less for my working directory. I will show you my batch file - feel free to use this or something like it if you want.

I created a batch file to use xcopy to just copy the changed files... I'll give you the syntax... you will just need to verify the drive letter that is assigned to your external hard drive when you turn it on... sometimes it changes.

Put the path (my data is at c:\data) to where your folder is and save this file with the name you select with a .bat at the end (.cmd would work too).

Oh yeah if you do this... keep the external hard drive turned off or disconnected most of the time so you don't catch any colds on it. :)

@echo off
echo Copy the new or modified data in "C:\Data" to external drive.
echo Make sure the External hard drive is turned on.
echo Please prese "CTRL C" if you if you wish to cancel.
xcopy data k:\Data\ /m /s /e /y
echo All changed data copied.

I also run my main computer as a regular user account and use the administrative account only to grant my regular account administrator permissions on ocassion... if you are using windows 7 - it probably already asks you before doing stuff but I'm still using xp.

whatever you do... make sure the next time (yes in a windows world - there will be a next time) you can recover in the worst case.

Live long and prosper!

Sue C said...

John, thanks for all this. I'm definitely going to order an external hard drive (not sure I quite understand how to use this batch file though, where am I supposed to put all that code?). However I like the idea of setting up separate user and administrator accounts - how do I do that?

SenseiMattKlein said...

Sorry you had this problem, Sue. Had many problems over the years, but two years ago switched to Mac. Zero problems since then, but still back up using time machine automatically. It is too easy. I know you can get auto backup programs with windows as well.

John W. Zimmer said...

Hi Sue,

if you have XP... you just go to control panel, user accounts and you will see the account you normally use. Look to see if there is already an administrator account. If not create a new account - give it administrator permisisons (will be the account type)... password protect it.

After you do that - change your account to a limited account. You can always change it back if you need to install software.

Matt is right - the external hard drives come with their own software - no need to get a geeky as me.

Matt is also right about Mac's and another good option is the free Ubantu OS... both of these OS's are not the 800 pound gorilla's (that hackers write viruses for currently).

Another reason to back your stuff up is any computer can suffer a hardware failure - hard drive failure are generally unrecoverable unless you have a good recent backup.

Good luck!

Sue C said...

Hi Matt, I'm often tempted by the Macs - the designs are always so nice but I'm generally put off by compatibility issues but presumably these don't happen very often these days?

Hi John, I've ordered my external hard drive and I'm going to look at setting up these seperate accounts - will i still be able to access all my files if i start up in a new user account?

Sue C said...

John....and just in case it makes a difference I use vista not XP but presumably the procedure is not much different?


Oh... vista is very safe that way... or it is supposed to be. You probably can still run as a limited user.

With vista it is supposed to ask before installing stuff.

But yes - the user interface is similar. In the business world most users do not run their computers as administrators (so IT does not have to fix as much stuff). This works will with even windows 7.


Sorry Sue - just saw the other comment about access to old files.

Vista is supposed to be smart enough to ask your permission before installing stuff but sometimes just in case it is wise to run you normal account as a limited user.

You would use your existing account as a limited user account so it would have access to all of your files.

Here is how I would do that. I would make an additional account and make it an administrator and then make your existing account a limited user account.

That way if you need extra access to do something like install software - log in as the administrator and grant your old account administrator access until you don't need it. Does that make sense?

Here is a link that should explain it.


Sue C said...

Hi John, great idea turning my existing account into a user account and setting the new account as the admin account - got it set up and running. I've also set up my external hard drive and backed up all my files. At least I won't be a sitting duck for virus attacks in the future! Thanks very much for all advice - it's really helped :-)


Related Posts with Thumbnails