TruXter Tech News

Yep this also happened to me. While at work. AT WORK !!! sorry had to say it like it is supposed to be said, yelling.
Now at my job, I am not “The Tech Guy”. I am the drawings and images guy. I mean I know plenty, but they already have a “resident nerd” and well, he is pretty good at it. So by my wandering around on the internet doing things “my way” and stumbling into an ” Oh dang!” moment isn’t the best thing for my career. First warning was ” Microsoft is ready to install Explorer 8″ Yep you guessed it, I installed it . Not thinking one time that I was on Firefox the whole time.
Ok I started with the on board Symantec end point. It caught either 8 viruses , or the same virus kept trying to rescue it’s self. lol I have no idea, I was panicking and hurrying , I saw the word ” Trojan” in the pop up warning from Symantec, and freaked out. I decide I better go check Windows update site and see if I ever downloaded Internet Explorer 8, The page would not load, I run to another computer on the network and all is fine, I head back to mine, still nothing. So I headed to the first place I could think of. Bitdefender’s online malware scan. It never lets me down. Well this time it surely did. I take it up a notch and head to “Malware Bytes” and start doing a search in Google and search the term “windows update takes me to Google” and started reading all the people praying and begging for help. The ever so faithful “tech guy forums” turned up an unanswered request for help, wow that was surprising. After about 45 minutes of reading, I find nothing (well I actually found the right thing but over looked it like 10 times) and malware bytes is done scanning, It found nothing, nothing at all, I try and update it, will not let me, along with anything else I tried to scan with.
So now I break out A-squared, not the worst thing in the line up for sure, but it did not find anything either. Ok now I am feeling like I am losing my mind. Well as this is going on I am still reading threads in forums about the issue. I go back to this thread . The first link in the first and only response, well tried that. Second link I click it it takes me to Super AntiSpyware. First thought is ” Well crap, this place looks like it’s just going to make the issue worse. I figured that it really couldn’t get much worse if I scan the file first. So I wander off to the download area for the free version. All was fine until I get to the point that I actually try and download it. Another dead link.. “hmmm, the link is dead, it is blocked, it must be what I need” is exactly what I thought. Ok also another thing about that name, just kept making me think about power rangers. It really sounded like the slogan from some kid’s show “super anti-spyware free trial go team action go!!!” is what I kept saying and giggling.
I walked over to another one of the computers in the office and download the file and slip it onto an open space on the server.
Walk back to my computer and here comes the I.T. guy, just in time. I let him fumble through it like I did. He made a lot of the assumptions I did at first, I walked away to the store next to the office and get a soda while he does exactly what I did. I get back into the office and there he is, lol just like me.. Reading the forum posts for a second time. We agreed that super action malware scanner was the way to go. Well we install it while Spybot S&D or something was finishing it’s scan.
We reboot to safe mode administration by pressing F8 after the bios scan, just before the windows logo. Yes I was just sitting there hitting the F8 button repeatedly till I got the boot menu.
In administration mode we ran the quick scan. Within seconds it finds 3 Trojans and a dns changer, by the end of the scan Super AntiSpyware found two root-kits and two registry key modifications.
We rebooted after the scan and checked to see if Microsoft Windows Update worked, all was fine but still could not update any of the virus scanners. So we reboot to safe mode administrator, and do the full scan. Nothing came up.

So far not all of the issues are resolved, I will go through my “hosts” file and see if there are any changes there. Probably not but hopefully there are. I know how to change that. and I will add the link that I got the file from in the first place to the list of blocked sites. I may even email a heads up to the guys from mvp’s hosts file website (google it).
This is the help I have for you. I hope it works for you. Heck I’m going to run that goofy named program on my home pc now and see what it finds. http://www.superantispyware.com/
Hope it helps you get un-hijacked. I promise that program actually works, just the name is stupid and their web designer is cheesy.

Also that “Google” page I kept getting redirected to was not regular google. it was an affiliate page. Google English. So the freak was making money off of each search we did while we tried to resolve the issue.  Google needs to ban that account.

Well it seems the lady has come into a few cooties.

She has an xps m1210 laptop.

Since neither of us know just how long the stuff has been on her machine or where or how they all got there, I believe it would be in her best interest if we just back up everything that is important and whip out the reinstall discs. Easy? lol. Newp. No chance. Seems back when she got the computer she lived elsewhere with someone else and obtaining the drivers discs and o/s and all teh bundled software discs had to include a spy. Her little sister had to sneak the border and play friendlies… Now she snuck out with the baggy thing that all the discs are in which of course no one there claims to have seen. We have done some searches and find that one disc on the bag, is not for this laptop that we are about to work on. Ok. Now we have all the discs.

The hard part is deciding what to do after we install everything and well, does the sister go back and act like nothing happened? ( I mean this is a close as family issue, I am not in the family so I have to step back) I am thinking of burning the discs as a back up and bundling some jacked up progs with it.. but will they hate me for it?

well whatever

Ok So now the back up is not going so well. I have been to virustotal ,virscan.org and jotti’s a million times and man, I keep finding malware in everything she wants to backup. I am half tempted to just format and cross my fingers and lie like a dog. I am getting sick of each time they find stuff in the files I end up having to delete them anyway because they are beyond repair. Meanwhile I have a million more files to scan…one by one….. It’s hardly worth it. Then again she is fricken hot and I know what I am doing.
Well I also looked around and saw that ubuntu installs pretty good on this particular model. If I can assure her that open office is just as good as microsoft office/works then I got it made! I wouldn’t have to delete anything!
Tell you what, I will do something with this pretty machine and post it here later ;)

to be continued…….

After years of not touching Dr.Web, I could not remember, in full, why I did not like it. I could not remember why I did not trust it. It has been at least five years since I tried it and someone I see is trusted by quite a few people recommends it. I gave it a go. Well the first download is 14 MB. Quite tiny and happens in a blink — although the file downloaded was actually just a tool to download the actual program. After the download was complete and the install was nearly finished, it asked for a verification key (I did not have one). So the program allowed me to press a button and have a key automatically inserted. Why? Dunno. The scan seemed pretty smooth; I didn’t see the scanner get hung up on anything. The list of files being scanned was pretty steady. Boots and reboots of the system were smooth and there was no delay or hang time from Dr.Web.

I consider any program that you have to find a program from a second party to remove to be malware. If the program does not allow me to see the size of the actual install until after it is finished installing (I had to navigate to the folder it was contained in), I consider it to be deceptive.

Granted, this is a workplace computer. I am not the first employee to use this computer and formatting it is not an option. I did find traces of Limewire once installed on this machine, so you should have a pretty good idea how beat down this machine is because of misuse. Since this program found nothing and ran smoothly, I decided to break out some of the tried and true programs: Ad-Aware, Spybot, and A-Squared. All three found something, and no, it was not all cookies. Ad-Aware found what it labeled as a w32.novarg.a@mm (aka MY DOOM) file. A-Squared found a few hijackers, and Spybot found, like, 60 things.

Now here comes the issue. I decided I do not need this program to start when I start my computer. Since it never found anything, I was not impressed enough that I could leave it on the workplace computer throughout the trial period. I went to un-install Dr.Web, but it wasn’t happening. The un-install actually tries to install the program again. I went through the whole step of seeing if it would say “before we can install you must un-install; would you like to un-install?” Never happened. Full install right over the current.

So I did a Google search on it. The best information I found was sad and scary, all in one. Delete all registry entries and then go back to the directory of install and delete all signs of Dr.Web. I really do not suggest you do that. I mean, it did not damage this machine. I booted fine afterwards with no errors, but if you are new to ‘regedit,’ stay out. It is much safer that way.

After 14 years of doing this online and nine years on local networks (before the Internet), you would think I learned my lesson. Well, I have learned that sometimes you just have to try stuff and be prepared to put things back together. Good thing I do and can.

Here’s an alternative.

TruXter

Owner and writer of :

iworkwithtech.com  and iworkwithpeople.com 

Let’s look at a free online virus scanner compared to Norton antivirus

I scanned with Norton first and found nothing, then scanned again with bit defender online free virus scanner.

what do you think is the better choice?