Tuesday, April 19, 2011

Mercury Retrograde Delivers.....again!

Mercury Retrograde caught me in its web once again. I say once again because on its last retro spin in December 2010 it caught me in a very similar fashion....with a nasty trojan infestation on my desktop computer. Different trojan this time, but same frustration. (Click on Mercury Retrograde in the Label Cloud to read about the last episode).

The infester this time was a little blighter known as XP AntiVirus 2011. There are several alternative titles for this trojan, depending on operating system etc. All start by trying to scare the computer user into clicking on pop-ups notifying that the computer is badly infected and in a dangerous state then pressing them to buy their software to repair the damage....all fake of course. An array of different notices pop up all over the place, programs are shut down, broswer cannot be used, nor can any software normally used for detecting malware. If I logged off, then on again the fake notices filled the screen in rapid succession.

This happened late on Sunday afternoon. We hauled out the laptop to search for solutions. After 2 hours and several attempts to clear the problem I gave it up, assuming I'd have to shell out another $90 for an online remote techie to rescue me again. However, couldn't sleep that night so got up and read every piece of advice I could find, and every forum relating to this trojan. It appears there has been a spate of infestations recently and even the best virus software has been unable to stop the nasties in many cases.

Solutions range from some rather complex tinkering in the registry - highly dangerous for a klutz like me, or paying an afore-mentioned online techie. The only other alternative apart from trecking to the town's only computer shop and leaving the machine there for who knows how long, or throwing the machine into the garbage, was trying to download some anti-spyware software, using the infected computer in safe mode. I decided to try that - nothing ventured etc.

All went well, surprisingly, as long as I ignored and X'd off the ubiquitous scary notices threatening everything but he apocalypse, these popped up even in safe mode. I installed the software, ran a scan and it found about 7 trojan thingies, along with the usual batch of cookies. Then the fun started.

Before I could remove the malware items I had to pay the piper - Spyware Doctor $29.99. I managed to access Paypal from safe mode and had almost finished the transaction when a spate of the flippin' fake notices blocked out the screen. Couldn't tell if payment had gone through or not. Checked my Paypal account and emails via the laptop - it seemed as though payment had gone through. But where was my licence key? Not in the email receipt. Waited for a further email but none came.

Another long search to find out how to get my $29.99 key! Had to do it via the laptop and PC Tools (Daddy of Spyware Doctor)Help website, then write the yards long key down on paper.

Where to put it though - couldn't find a place, and some tabs wouldn't open. I suspected the malware was blocking me again.

Back to PC Tools and an online support chat screen. Ten minutes of explaining, and a simple remedy had me deleting the nasties and geting out of safe mode at last.

I ran my Malwarebytes software after updating it, and found 4 more nasties. Then I noticed that my Microsoft automatic updates were turned off. Went to remedy that but found I was unable to do so.

Ran yet another full scan using the new Spyware Doctor. No joy.

More research but nothing was suggested that I dared to try. Realising that at least one tentacle of the infestation remained I was afriad it might - as my husband put it "phone home" and bring down all hell on my computer again - so back to the $90 online tech. Sigh. At least now he could access my desktop, which would have been impossible earlier in the day, before my own efforts.

He repaired the infection in an hour or so, and left me with a long-running de-frag tool in full flight, another couple of hours later and things were left as normal as they'll ever be on my Delly.

Next Mercury Retrograde will find me as far away from the computer as I can manage!

In case it might help anyone else who surfs the net a lot, and as a reminder for me, some hints to help avoid thees kinds of nasties. Found it online - somewhere.
When you encounter one of these fake virus pop-ups while browsing, immediately do the following:

-Do not touch any browser window to close it or browse further.
-Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser.
--or--
-Go to Start/Shut Down and restart the PC without touching any browser windows.
-If you used task manager to close browser instances, reboot the machine.
-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies.
-Perform a full scan.

The above steps should prevent the infection from taking hold.

14 comments:

Gian Paul said...

Thanks Twilight for your brave account, after one of those "modern struggles". If not to some silly traffic jams or failing appliances (and not necessarily of the "made in China variety"), today's courageous consumer gets periodically "sucked in".

Spyware Doctor is excellent, but one has to run it from the beginning of a new computer, and let it update daily.

What's also useful is a program that at every start cleans up useless files, registry errors. It's also around $ 29.- p.a.. uses 2-3 minutes at start-up but then leaves things running for about 24 hours. I am using Uniblue (and they don't give me a kick-back). It really works to satisfaction.

Besides Mercury Retro, have you looked at your other transits?

Twilight said...

Gian paul ~~ Hi!
Other transits? - No hadn't looked, but just did and I find that the current transiting Mars/Saturn opposition from Aries&Libra (around 13 degrees each) links to my natal Saturn at 12.55 Aries.

The on-line techie disabled Spyware Doctor - I haven't switched it back on yet. I'm wondering why he didn't do so. Will have to conact him.


I had one of those clean-up, registry fixing programs but uninstalled it a short time ago because it was causing all kinds of inconvenience - deleting the cookies needed for me to access Blogger daily- even after I'd set it to ignore them . That's just one example. I probably bought the wrong brand.

Gian Paul said...

Better you re-activate Spyware-Doctor and don't use Windows firewall.

Twilight said...

Gian Paul ~~ Yes - I've re-activated Spyware Doc. Windows Firewall is activated also.
Will wait to see whether Windows Updates continue to be added automatically.
:-)

Twilight said...

And the problems keep a-comin'

Now my anti-virus software has flagged me that it is not working properly - ESET NOD 32. E-mailed their support team who say a file has been corrupted - possibly by 3rd party software being installed. ???

Spyware Doc? Or the online techie's toolbox of software?

Can't win, it seems!

DANG! now I have to uninstall ESET and re-install.....

Kaleymorris said...

I'm tellin' ya, get a Mac!

Twilight said...

And so it continues - reinstalled ESET and after 30 mins it went off again and took me offline as well.

Contacted online techie again.
He advised to uninstall Spyware Doctor completely. Did so in safe mode.

ESET working again....so far. It looks as though ESET and Spyware Doctor just do not get along, and cannot work on same computer even when SD is disabled (as it was on mine)

Twilight said...

Kaleymorris ~~ I know!
DANG!!!!!!!!
In my next life!

R J Adams said...

You know, I've been using Avira free antivirus, in conjunction with ZoneAlarm free firewall for about three years. I do a lot of file sharing (mainly TV video) and once a week I run an Avira scan in conjunction with Malwarebytes (I see you use it, also). About once a month, I run CCleaner (also free) to clear out temp internet files and tidy up the registry.
Avira is brilliant. It clobbers viruses before they do any damage and quarantines them. Also, it doesn't slow the computer down like many of the fancy bought 'suites'. I haven't found one of those that doesn't drastically effect performance.
Maybe I've been lucky, but we have two desktops and two laptops on our home network and have never had a serious problem caused by an infestation.
Another excellent free piece of software is PeerBlock. It's designed to prevent your machine from talking to 'known bad computers'. Mine blocks 1,167,229,860 IPs from accessing my computers. Even if you don't share files (it's primary raison d'etre) it's still useful for blocking IPs you really don't want snooping around your harddrive.
There's loads of free software out there, much of it better than stuff you'll pay a bomb for. You really shouldn't have to suffer that sort of attack, or the cost of disinfecting it.
(Of course, if you will skulk around those male model porno sites, you must expect to get hit). ;-) ;-)

Twilight said...

RJ Adams ~~~ Thanks for the comment - which appears to have been hi-jacked on its way to the blog!

I've been wary of "free" software because it always comes with "stuff" attached. No such thing as a free lunch or free anything I always think. Glad to hear it has worked for you though RJ. I might have to give it a try if things go on as they are at the moment.

Ironically this latest infestation arrived when I clicked on a Google entry for a pharmacy. I was looking to buy some "balm" for a painful mouth/gum/tongue infection I had....trying to avoid a doc visit and the highly inflated price of same "balm" via prescription.

Can't win. They have us by the short and curlies...on all fronts.

Gian Paul said...

When you have Spyware -doctor running you MUST disactivate Windows Firwall. That's what slows your computer down and Spy - Dr. is more efficient then W-Firewall. But the two are not compatible.

Spy -Dr. updates permanently, Windows only occasionally.

PS. When I asked about your other transits, it's because I noticed that Mercury (R) alone does not do much, one needs some personal stressy transits for it to work. Now you know, unfortunately after spending some time mending things.

Twilight said...

Gian Paul ~~~ Yes, that's the way it seems.

Spware Doc and ESET NOD32 will not run together happily - or at all.

I've contacted both support departments. Spyware Doc's support team tells me to disengage ESET then adust the setting of Spyware Doc. ESET asked me to send various logs from my computer.


I'm fed up of the whole thing to be honest.

I'm considering dumping the lot and buying a Mac!

Maybe I'll calm down and decide that discretion is the better part of valour - maybe not.

;-)

R J Adams said...

Free software can come with 'stuff' attached. It depends where you get it from and who has developed it. Of the three I mentioned, the free version of Avira antivirus does throw a splash screen up advertising their products for purchase each time you re-boot the computer (though there is a way to disable it in the registry). It can be 'X'ed out of easily and is no more than a minor inconvenience.
I've noticed later downloads of ZoneAlarm have started to display a similar, smaller splash screen, also on boot-up.
CCleaner is even cuter. It automatically seeks an update on start-up, which takes you to a download page with advertising. After 'updating' a few times I realized the updates weren't doing anything the original didn't do, so I turned off the automatic update in 'settings'. It works just fine without it.
Basically, any free software that is issued under a GNU (GPL) licence is okay. Sourceforge.net is a group of dedicated computer buffs who regularly turn out great free software, totally legit. I believe thy have a new antivirus program available, though I haven't tried it. Every piece of software from them that I have downloaded has been superb.
Finally, I've never tried a Mac, but I'm really not sure I'd want to. Definitely not a fan of Apple, nor Steve Jobs, (though I would wish him a full recovery from his present health problems).

Twilight said...

RJ Adams ~~~ Thanks - I'll keep a note of those names.

I've used some free software called PhotoFiltre for several years without problem, and the free version of Malwarebytes works well too. I've been afraid to use other free anti-virus/spyware stuff though.

I'm going to keep whingeing at the two support depts. of ESET and Spyware Doc. They're sending me standard "form" replies so far.
They must know their stuff is incompatible, I'm not the first who's had problems, for sure. They could easily put warnings on their products.

Each will be getting one of my, ahem, stiffer protest letters demanding a "proper" individual response.

Am in the mood to be ornery!

Don't know a lot about Mac/Apple though Fred's daughter swears by them. I almost bought one from the get-go back in 2001, but chickened out at the last moment, having used PC/Windows at work I felt more comfortable with PC.