Thursday, January 14, 2010

Trojan, Worm or Virus?

I had Norton anti-virus, firewall etc until last Tuesday. I also had a couple of back-ups - malwarebytes and windows defender, because nothing seems to catch everything. And I kept the computer up-to-date with all the windows security updates. But to no avail.

Sunday night I got fooled - as I was preparing to shut everything down and go to bed, I got a message from Windows Defender - it caught a trojan, and wanted to know if I wanted to fix it. But of course, I said, and I clicked a button to fix it, and immediately a service agreement form popped up. That's was odd - because Windows Defender and I were good buddies. I shut everything down and went to bed, figuring I'd run malwarebytes Monday.

Monday morning, everything was screwed up royally. I noticed problems immediately. There were icons on my desktop that I did not put there and had no business being there. There was a big red X next to the clock display. The windows security shield was displayed, odd since I never used windows security, and the windows defender icon was displayed, the Norton icon was nowhere to be seen.

The windows security and windows defender were not real. They took me to some foreign program wanting money.

In a few seconds something that looked like Windows defender popped up and told me I had this terrible virus on my computer. But I noticed now, which I didnt when I was tired the previous night, that it said "Windows Defense", not "Windows Defender". Defender = good, Defense = bad. The graphics were exactly the same, but it was a different program. I'm pretty sure the virus they warned me about was not on my computer.

S0, I attempted to run malwarebytes - it would not run. When I looked at the processes, mbam.exe was displayed, but the software was not running. I attempted to start up Norton, and it would not start. I attempted to download other software that removes malicious software, but everything seemed to be blocked. I could not download anything.

I don't know if it would have done any good to do a system restore, but it didn't matter, because that seemed to be blocked too. I also tried doing this with different browsers, but it made no difference.

So whoever was responsible for this is sophisticated enough to get past all my computer's defenses, disable them all, and keep me from doing anything about it. But they weren't sophisticated enough to do this without my knowledge. It was as plain as day immediately that things were not right. I wonder what happens when they finally figure out how to take over my computer without my knowledge.

"Windows Defense" is known, and there were instructions on how to remove it. Spy-doctor would apparently do it, except I could not download it. There were manual instructions, but in this case they only worked to a point. I certainly like getting down and dirty in the registers, but after awhile the instructions did not correspond to any of the realities I was experiencing.

So Monday afternoon, figuring the computer was hosed up but good, we disconnected it and carted it down to Ron's Computers on main street in Valdese. I'm glad to have the opportunity to contribute to the local economy.

We brought down the old laptop, did a little rewiring, downloaded a printer driver, and we were good to go. Everybody could get online and function at the stuff we need to do. (We have a little home business going). Monday was pretty much a wash, but Tuesday was a normal day.

We got the desktop back from Ron Tuesday afternoon - he formatted the hard drive and reloaded Windows XP. I could have done that, had I known where my disks were. That's not as bad as it may seem - I had everything backed up on an external drive. I did lose paint shop pro 8 - something I downloaded a lifetime ago. And I had a great game of Civ III going - I was doing good and getting ready to attack the French, my first step in conquering planet earth and that's gone now.

I've decided to get along without Norton - this is twice in the past year that something like this has happened. Back in February 2009, we were able to recover, but not this time. So not only did Norton fail to catch these things twice, but both times it was put completely out of commission. Norton isn't free, and I can certainly pay a lot less for something that apparently has major flaws, so now I've gone another route, and we'll see how that works. I no longer have Windows Defender either, and I'm going to let that go. I did download Malwarebytes. I upgraded to IE8, and also have the latest versions of firefox and opera.

So things seem to be working, all the scans come back clean, but I'm still in a wait and see mode.


Lin said...

Lots of trojans on EC lately and lots of bloggers writing about it. Ugh. Be careful who you are dropping on.

A Valdese Blogger said...

Lin: I dont know where it came from, but EC is a real possibility. Thanks for the comment.

Anonymous said...

Get a yourself time, trouble and grief

Heather said...

Thankfully for me I am on dial up. I came across one of those last year, it said I had a bunch of things wrong. I did panic but declined it cause I was tired and wanted to go to bed. All things on my comupter take for ever to scan and fix. Luckily I decined it, my brother told me if I ever get another one, to shut down my computer manually or unplug it immediately!

Glad your back in business!

A Valdese Blogger said...

Grace: That might not be a bad idea!

Heather: Yep, don't ever say yes or click anything. And Ron the computer guy said the same thing as your brother - turn it off immediately and wait a few minutes. Now we know.

Jude said...

That's bad and it happened to me when I first started online, now a days I refuse to click anything that pops up and I love the free version of Avast it has stopped many a Trojan for me.

The Author said...

Wow, you are the second person's blog I read who had it happen to them. I run McAfee and Lava Adaware and I've been getting lots of warning messages lately especially on some of the EC blogs.

A Valdese Blogger said...

Jude: Thanks - I have a free version of anti-virus software now & it seems to be doing great.

Mountain Woman: I don't know where this came from, I don't think it came from EC. But it may very well have come from a link in a blog. Just gotta be careful, I guess.