Viruses Spyware and Malware Oh My

Thursday night I hit some site – it was actually a Photoshop tutorial site – that was loaded with junk that installed itself on my computer.

Within 5 minutes I was getting popups, couldn’t search Google, ads were changed on sites. What a mess. Not to mention what happened to my hosts file.

I had just read an article about Flash exploits – and had just downloaded a flash blocker addon for mozilla.

This doesn’t happen to me. I’m extremely careful. My antivirus is always running. I don’t use ie. (In this case I happened to use Netscape 7.2 – but I’ve never had a problem with that) I get email in plain text only. I have a good firewall, not to mention the Windows firewall as well, and I keep up with updates. My ports are closed.

The last time I had a virus was in 1991 – my first pc and I got that within a couple of weeks of getting the computer. I’ve been really lucky. The other half is constantly cleaning his computer. It was so bad at one point I removed his computer from the network until he learned how to behave.

I guess when it rains it pours and it was my turn to get soaked.

I have a small issue with my computer. Don’t know for sure exactly what it is, but I can’t run a virus program all the way thru without the computer shutting down. I can pause it, I can run it on folders, the protection services work great, but to just let it run a full scan ain’t gonna happen. I can’t reformat.

What I have to do is remove my harddrive, put it in the other computer, and reformat there, or run my virus program. This is a huge pain, and is another reason why I’m careful, I really don’t want to remove the harddrive on a daily basis. Spybot won’t run, but Adaware will. It’s a picky little thing. This is with a brand new cpu and fans.

So I started Thursday night around 10pm scanning. It’s now Sunday. I’ve scanned my computer with no less than 15 scanners to get rid of this stuff. I manually went thru my registry, deleting stuff I didn’t recognize (and missed more than that, apparently.) HiJack This really wasn’t showing me any weirdness in what was running.

Detected Malware, Spyware and Viruses:

My antivirus detected about 50 – I lost count at 23 trojans.
Kaspersky online scanner caught 17. (My antivirus only removed a few of these.)
Spybot caught 20
Adaware caught 4
Windows defender caught 3.

Things were getting better, ads went away, I could use Google again.

But I was still getting popups – they weren’t slamming me but enough to be annoying. I decided to take the URL from one of the popups and put it in Google with popups.

So I ran:

Malwarebytes’ Anti-Malware – caught 18
SUPERAntiSpyware – caught and cleaned what the others couldn’t.
RogueRemover FREE – don’t remember if this one found anything.

A couple of the viruses/spyware I can remember:

Smitfraud.C
Virtumonde
PurityScan
Adware.Softomate
Adware.ToolBar
Trojan.Downloader
Malware.Trace

Ended up with a couple of root kits too. I looked in the logfile of the program that caught those, but it doesn’t seem to have created one.

Alot of these were found in my System Volume Information folder, in the restore files. I’ve just recently installed XP – full install, not an upgrade – and had yet to setup a restore point. But if I had, I would have been toast anyway.

And I discovered a feature? bug? Who knows with Microsoft, but you can’t get into the System Volume Information by default. The admin can’t, but the viruses sure the heck can. No, you have to go in and change the settings in order to view this folder. If you can’t see it, neither can the antivirus program. I’ve also learned that you can delete the files in this folder as well. That’s for another post.

Who ever heard of such a thing?? I mean come on! I spent Friday and a good part of Saturday trying to figure out why the heck I couldn’t find certain files and felt pretty dumb when I found the answer. I’m still trying to grasp the reasoning behind this.

Saturday night I got one alert about adware in the system volume information/folder/../_restore/

Sunday I discovered I could delete those files and I did, and haven’t received any more alerts from the virus program or any other program I’ve run. I cleaned the registry, double checked the firewall settings and I’m monitoring the firewall log files. I installed Spywareblaster which locked down all of my browsers – I can no longer use flash on any browser, has cookie protection and a blocked sites list. It protects IE, Seamonkey, Mozilla and Netscape.

The computer is running well, with no issues. I’m going to give it a few days – I really, really don’t want to reformat (I’m holding out for a new harddrive), but I will if I must.

And I’ve just learned one more thing.

This line:

Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k has been showing up in my HijackThis log. Driving me crazy, because I couldn’t find an answer as to what it is.

It has to do with Windows Defender. It’s an error reporting dump reporting tool. Not quite sure if I need it or not so I’ll leave it for now.

I feel like I’ve been thru a war.