Our very own Patti Anne managed to get things working yesterday evening. We both have computer backgrounds, and we both know (yes, even me) that most problems can be solved. This stuff doesn't happen out of thin air, it's not magic. It came from somewhere, it exists somewhere, and it can be dealt with. This can be a challenge however. You have to have some skills, and frequently some good fortune.
So here's what happened:
- A pdf pops up out of nowhere
- Something called Windows XP Anti-Virus Pro starts running, warning me that I have all kinds of problems
- XP Anti-Virus Pro wants me to register their product (i.e. send them money)
***Don't ever send these people money. It will do no good. Personally, I'll remove my hard drive and smash it with a hammer before I send any money to someone who has hijacked my computer.
- My normal anti-virus software is disabled
- I am unable to download anything
- I am unable to do a system restore
- XP Anti-Virus Pro perfectly mimics Windows Security
- Everything it warns you about is bogus
If you search google, you can find out all sorts of info about this program, with instructions on how to remove it. My problem is, they all involved downloads of anti-virus software at some point, and I could not download anything. It effectively disables all your protections and makes it impossible to go online "safely".
Patti Anne took a different approach to the problem. On another computer she typed in "cannot run mbam.exe" (some additional anti-virus software we have), and "a virus has taken over my computer". She got different information.
So here's what she did:
- she created an "Avira" rescue CD on an non-infected computer
- she put the rescue CD in the CD drive on the infected computer
- she booted up the infected computer in safe mode
*** I have to remember that "safe mode" is F8, not F-anything else. Also, Patti Anne is not sure that the rescue CD actually did anything. Just keep that in mind
- from safe mode, she was able to do a system restore to an earlier date
*** I know this worked, because my desktop wallpaper changed; also it's significant, because I could not do a system restore normally.
- at that point we could execute malwarebytes (full scan)
- also, my normal anti-virus software, which had been scheduled to run earlier but didn't, kicked off.
Malwarebytes came back clean - it didn't find anything.
My other software did find something - "Trojan Horse Cryptic.AM", and removed it. I looked in the history and found that this software had kicked off as scheduled hours earlier, but ended abnormally, with an error message saying its log file was corrupted. Further searching showed that the software had actually found this trojan the first time it had started, in a different location, and had also removed it. The scan still ended abnormally, and my computer was still infected.
I can't begin to describe how uneasy I feel about all this. I do not feel secure at all. Neither of us are a 100% sure that this particular issue is solved. We don't know if this "Cryptic.AM" was the culprit or not, though it seems a likely suspect. But we've got an online business going, so we need to keep on trudging along. At the moment, everything appears normal.
This stuff is apparently quite well known, so neither of us understands how it gets past firewalls and our anti-virus software. (I use anti-virus to mean everything, trojans, spyware, adware, etc., just so you know)
Any comments or ideas about this will be very welcome.