I got infected!
I do not use any anti virus software; have not done so for the last 5 years. All the antivirus tools I have used takes 10-25% of the overall pc performance (at least for the work I do, development and compiling a lot).
Anyway I have not had a virus in any of my 10 computers – I have firewalls etc, but no antivirus.
Yesterday I tested an avi I had found, it opened up in Windows media player, it automatically detected a missing codec, it downloaded it, installed it, and BAM. Infected!
The shit I got struck with is called “Malware Defense”, and it is NOT a malware defense I tell you. It is Malware period. Screens popping up everywhere telling me that I was in big trouble (the Malware defense crap did this).
Anyway, it turned out that the Malware defense had installed itself as a well behaving program and I could uninstall it with “remove program”. Fine.
I then wanted to run a Antivir 30 day trial on the machine to scan thru it so there was not anymore residues. But both E-Set and AVG complained that it already had an Antivirus called “Malware protection” installed and prompted me to remove that first. But to my knowledge it was already removed! Scary!
Anyway it seems that the instructions found here helped me to clean away the rest of it: http://www.pchell.com/support/multiple_antivirus_in_security_center.shtml
In case the link goes away, this is what it says:
Step by Step Procedure for Fixing Problem
1) Right-click on My Computer
2) Click on Manage
3) Click on the plus sign(+) next to Services and Applications in the left-hand column
4) Click on Services
5) Find the service called Windows Management Instrumentation, right-click on it, and choose Stop.
6) Open My Computer
7) Double-click on Drive C (or whatever drive windows is installed on)
8) Double-click on the Windows folder
9) Double-click on System32
10) Double-click on WBEM
11) Right-click on the Repository folder and click Delete and remove it
12) Close the My Computer windows and return to the Windows services screen using steps 1 - 4 shown above
13) Find the service called Windows Management Instrumentation, right-click on it, and choose Start. Restarting this service will rebuild the repository folder information.
14) Restart your computer
Once the computer has restarted, open Windows Security Center or run Belarc Advisor. Only your currently installed antivirus and firewall programs should be listed.
Duh!
Not clean! IE starts without a window and points to addresses like :
www.topportion.com/ac.php?aid=216&sid=new
www.networkreferences.cn
www.licensingweb.cn/ac.php?aid=216&sid=new
Fishy indeed!
This is apparently the signs of Rootkit.Win32.TDSS
Removed with:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Now it is clean! (I Hope)
2 Comments:
This is when one starts pondering a more thorough firewall solution. I for one have a firewall, but only for incoming trafic.
It'd be a lot better to also manually have to open up all outgoing ports, to prevent malware from calling their evil overlords on non-standard ports.
Flipside:
* What if they use port 80?
* How much time do I have to spend googling and configuring to open all legitimate ports for all my apps such as skype, msn and what not?
all the best,
--Jesper
By Unknown, At January 21, 2010 at 8:24 AM
This comment has been removed by a blog administrator.
By proswet654, At February 4, 2010 at 2:24 AM
Post a Comment
Subscribe to Post Comments [Atom]
<< Home