Mercury Retrograde caught me in its web once again. I say once again because on its last retro spin in December 2010 it caught me in a very similar fashion....with a nasty trojan infestation on my desktop computer. Different trojan this time, but same frustration. (Click on Mercury Retrograde in the Label Cloud to read about the last episode).
The infester this time was a little blighter known as XP AntiVirus 2011. There are several alternative titles for this trojan, depending on operating system etc. All start by trying to scare the computer user into clicking on pop-ups notifying that the computer is badly infected and in a dangerous state then pressing them to buy their software to repair the damage....all fake of course. An array of different notices pop up all over the place, programs are shut down, broswer cannot be used, nor can any software normally used for detecting malware. If I logged off, then on again the fake notices filled the screen in rapid succession.
This happened late on Sunday afternoon. We hauled out the laptop to search for solutions. After 2 hours and several attempts to clear the problem I gave it up, assuming I'd have to shell out another $90 for an online remote techie to rescue me again. However, couldn't sleep that night so got up and read every piece of advice I could find, and every forum relating to this trojan. It appears there has been a spate of infestations recently and even the best virus software has been unable to stop the nasties in many cases.
Solutions range from some rather complex tinkering in the registry - highly dangerous for a klutz like me, or paying an afore-mentioned online techie. The only other alternative apart from trecking to the town's only computer shop and leaving the machine there for who knows how long, or throwing the machine into the garbage, was trying to download some anti-spyware software, using the infected computer in safe mode. I decided to try that - nothing ventured etc.
All went well, surprisingly, as long as I ignored and X'd off the ubiquitous scary notices threatening everything but he apocalypse, these popped up even in safe mode. I installed the software, ran a scan and it found about 7 trojan thingies, along with the usual batch of cookies. Then the fun started.
Before I could remove the malware items I had to pay the piper - Spyware Doctor $29.99. I managed to access Paypal from safe mode and had almost finished the transaction when a spate of the flippin' fake notices blocked out the screen. Couldn't tell if payment had gone through or not. Checked my Paypal account and emails via the laptop - it seemed as though payment had gone through. But where was my licence key? Not in the email receipt. Waited for a further email but none came.
Another long search to find out how to get my $29.99 key! Had to do it via the laptop and PC Tools (Daddy of Spyware Doctor)Help website, then write the yards long key down on paper.
Where to put it though - couldn't find a place, and some tabs wouldn't open. I suspected the malware was blocking me again.
Back to PC Tools and an online support chat screen. Ten minutes of explaining, and a simple remedy had me deleting the nasties and geting out of safe mode at last.
I ran my Malwarebytes software after updating it, and found 4 more nasties. Then I noticed that my Microsoft automatic updates were turned off. Went to remedy that but found I was unable to do so.
Ran yet another full scan using the new Spyware Doctor. No joy.
More research but nothing was suggested that I dared to try. Realising that at least one tentacle of the infestation remained I was afriad it might - as my husband put it "phone home" and bring down all hell on my computer again - so back to the $90 online tech. Sigh. At least now he could access my desktop, which would have been impossible earlier in the day, before my own efforts.
He repaired the infection in an hour or so, and left me with a long-running de-frag tool in full flight, another couple of hours later and things were left as normal as they'll ever be on my Delly.
Next Mercury Retrograde will find me as far away from the computer as I can manage!
In case it might help anyone else who surfs the net a lot, and as a reminder for me, some hints to help avoid thees kinds of nasties. Found it online - somewhere.
The infester this time was a little blighter known as XP AntiVirus 2011. There are several alternative titles for this trojan, depending on operating system etc. All start by trying to scare the computer user into clicking on pop-ups notifying that the computer is badly infected and in a dangerous state then pressing them to buy their software to repair the damage....all fake of course. An array of different notices pop up all over the place, programs are shut down, broswer cannot be used, nor can any software normally used for detecting malware. If I logged off, then on again the fake notices filled the screen in rapid succession.
This happened late on Sunday afternoon. We hauled out the laptop to search for solutions. After 2 hours and several attempts to clear the problem I gave it up, assuming I'd have to shell out another $90 for an online remote techie to rescue me again. However, couldn't sleep that night so got up and read every piece of advice I could find, and every forum relating to this trojan. It appears there has been a spate of infestations recently and even the best virus software has been unable to stop the nasties in many cases.
Solutions range from some rather complex tinkering in the registry - highly dangerous for a klutz like me, or paying an afore-mentioned online techie. The only other alternative apart from trecking to the town's only computer shop and leaving the machine there for who knows how long, or throwing the machine into the garbage, was trying to download some anti-spyware software, using the infected computer in safe mode. I decided to try that - nothing ventured etc.
All went well, surprisingly, as long as I ignored and X'd off the ubiquitous scary notices threatening everything but he apocalypse, these popped up even in safe mode. I installed the software, ran a scan and it found about 7 trojan thingies, along with the usual batch of cookies. Then the fun started.
Before I could remove the malware items I had to pay the piper - Spyware Doctor $29.99. I managed to access Paypal from safe mode and had almost finished the transaction when a spate of the flippin' fake notices blocked out the screen. Couldn't tell if payment had gone through or not. Checked my Paypal account and emails via the laptop - it seemed as though payment had gone through. But where was my licence key? Not in the email receipt. Waited for a further email but none came.
Another long search to find out how to get my $29.99 key! Had to do it via the laptop and PC Tools (Daddy of Spyware Doctor)Help website, then write the yards long key down on paper.
Where to put it though - couldn't find a place, and some tabs wouldn't open. I suspected the malware was blocking me again.
Back to PC Tools and an online support chat screen. Ten minutes of explaining, and a simple remedy had me deleting the nasties and geting out of safe mode at last.
I ran my Malwarebytes software after updating it, and found 4 more nasties. Then I noticed that my Microsoft automatic updates were turned off. Went to remedy that but found I was unable to do so.
Ran yet another full scan using the new Spyware Doctor. No joy.
More research but nothing was suggested that I dared to try. Realising that at least one tentacle of the infestation remained I was afriad it might - as my husband put it "phone home" and bring down all hell on my computer again - so back to the $90 online tech. Sigh. At least now he could access my desktop, which would have been impossible earlier in the day, before my own efforts.
He repaired the infection in an hour or so, and left me with a long-running de-frag tool in full flight, another couple of hours later and things were left as normal as they'll ever be on my Delly.
Next Mercury Retrograde will find me as far away from the computer as I can manage!
In case it might help anyone else who surfs the net a lot, and as a reminder for me, some hints to help avoid thees kinds of nasties. Found it online - somewhere.When you encounter one of these fake virus pop-ups while browsing, immediately do the following:
-Do not touch any browser window to close it or browse further.
-Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser.
--or--
-Go to Start/Shut Down and restart the PC without touching any browser windows.
-If you used task manager to close browser instances, reboot the machine.
-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies.
-Perform a full scan.
The above steps should prevent the infection from taking hold.
.JPG)