Monday, October 6, 2008

Little Red Dots, White X's & Pop Ups.

This probably should go in my struggles in the ether blog. But, while it is computer related, it is not work related, so I'm putting it here.

I was on my way to bed, when I noticed I had a comment on a post I had written. I was going to access it to read it, but instead my computer decided to log itself off and shut down . Hmmm. So, I brought it back up, and noticed a red dot with a white X on my task bar at the bottom of the screen. Then a pop-up error message appeared, telling me it had found viruses on my computer, and unfortunately I can't remember exactly what the message was. It looked exactly like the windows xp security system, except I don't run windows xp security. It had the icon, the shield, the look, everything. I use (gulp) a symatec product that shall remain nameless, but you all have a good idea of what it is.

Windows updates download regularly. I have it fixed so that I can look at them then decide what to do, they don't update automatically. For some stupid reason, because it was late and I was tired and it had the look of a windows product, and because it lied and said it was a windows product, I clicked it. It did a quick scan (or at least pretended to), told me I had lots of problems, then sent me to a website and asked for $50.00 to register the product. That was when I said ratz, I been had. I obviously did not give them any credit card info.

I went online (still wanted to see that comment) but kept getting blocked, with a message saying I was "computing unprotected" and need to register this product. This was when I noticed that my symatec product wasn't running, and I couldnt get it to run. That was when I looked and noticed that this thing had pretty much hi-jacked the windows security page, made it look exactly like an MS Windows product, and was giving me very dire warnings about my computing situation. Well my computing situation was in a world of trouble, but this program that had some how gotten on my computer was the cause of it.

I did what every real man would do in such a situation, I went and whined to Patti Anne.

Patti Anne and I both have computer & systems type backgrounds, I as a programmer/analyst slash systems engineer & she was a business analyst, involved in installing systems. Most of the time she seems to be better at solving these nasty computer issues than I am.

So anyway we (and when I say we, I mean she) went to work. We're lucky to have more than one computer so I was able to do things on the other while she worked on the problem. I looked up the error command in Google (wish I could remember it), and found it all over the place. It was malware of course, and all the instructions for fixing it involved disabling system recovery, downloading some software, rebooting in safe mode, scanning, manually deleting & I'm thinking crimony, I dont want to do this crap. Actually I was thinking worse than that, but I'll leave it there.

What we actually did, was this. We ran ad-aware SE, full system scan. Took forever, but in the end it found a lot of files. We quarantined & removed those files. Then we did a system recovery from some check point earlier in the day. We knew that my sysmatec software had done a live update at 9:06 PM, and was still active at that point, so we recovered to some point before it apparently stop working. At that point, the red dot and white X were gone. I don't know if the system recovery made it go away, or if ad-aware caught something, or if it was the combination. Now we were also able to get the symatec product running, and we did a quick scan. That caught a nasty little trojan (how nasty I'm not sure) called Perfcoo. If you look in one place (in the symatec software) it says it's among the nastiest of nasties, and terrible to get rid of & you'll probably need help and if you look another place (in the symatec software) it says it's no big deal. Well, symatec caught it, quarantined it, & rebooted, and stuff seemed to work. My desktop is a little odd, the wall paper doesnt quite come down to the task bar for some reason, I'll figure that out later.

This morning, after a less than restfull night, I got up and ran a full system scan. Over an hour and an unbelievable number of files later, it found a tracking cookie, I deleted it and that was that. Nothing terrible. I also downloaded, installed and ran a product called Windows Defender. It came back clean too. I dont like to download stuff, but Patti Anne assures me its ok.

I also ran Ad-aware smart scan this evening, and it came back clean.

I've been online most of the day - a typical ebay day for me - and not had a problem. I dont know if the disease is gone, but I'm not seeing any symptoms. Response seems fine, and I'm having no problems online. My firewall/virus protection etc software has been running all day. It says it's protecting me, which makes me feel good.

We didn't follow the rules to get rid of it. Of course the rules were written by may different people at many different times, dating from 2006, and heck, could be the software has got to the point it can deal with it now. I dont know, but you'd think so. But it appears to be gone. It's like driving a car - there might be something wrong, but it still goes when you give it the gas.

This all took about 3 hrs to accomplish, and made for a bit of a late day, yesterday. Thank you Patti Anne, for being at least a partial geek. Seriously - she has ability & knowledge to deal with these things.


Anonymous said...

You're welcome! Patti Anne Geek Squad to the rescue. Oh, and don't forget - we downloaded Windows Defender and ran that, too. It's free and might catch some more nasties.

Susan Helene Gottfried said...

This is one of the reasons I keep the Tour Manager around. I know where you're coming from.

A Valdese Blogger said...

Yep. Thing is I dont have a clue where it came from, or why my firewall was not running. Weird stuff.