GGGGGRRRRRRRRRRRR! Virus and computer take over!

[K Frame]

I was surfing last night when all hell broke loose. I must have hit a site that downloaded a trojan virus. I managed to get it cleared off, but I don't have internet access. It's taken control of the system and won't allow IE to do anything except try to log on to the site where the virus is resident (at least that's what it looks like to me).

Luckily, mtnbkr is wise in the ways of such things, and I'm going to be taking him my CPU.

Also luckily, I never got rid of my old Gateway, so I'm back on it.

This is the first time I've ever had anything like this happen. Talk about frustrating as hell!

[cosine]

Jeez, what's going on here? First Lennyjoe was having 'puter problems and now you!

[Felonious Monk/Fignozzle]

There are just some bad mofo incarnations of scumware out there at this point.  I've had a couple on client machines that were just not able to be cleaned, so you wind up backing up data, wiping the HDD and reloading Windoze and apps, then migrating the data back in.

Good luck!

[brimic]

Gimme an F
Gimme an I
Gimme an R
Gimme an E
Gimme an F
Gimme an O
Gimme an X

Whatsthat spell?  FIREFOX!

[Calumus]

The only problem is that the latest release of firefox is the buggiest I've seen yet. I ran it for a day, had it crash at least 10 times, uninstalled and went back to 1.07.  Even worse is the fact that I usually use Opera, and almost the same day that the new firefox came out so did the new version of Opera. Same problems, many crashes, uninstall, reinstall last version, everything's fine again.  If anyone here is having computer problems they can't take care of and lives in northwestern NJ (Warren, Sussex, Morris) or eastern Pa. along the 80 corridor, I'd be happy to help you out. I'll even give you a 30% discount on labor for being a fellow gunnie  Cheers,
Shawn

[cosine]

Gimme an F
Gimme an I
Gimme an R
Gimme an E
Gimme an F
Gimme an O
Gimme an X

Whatsthat spell?  FIREFOX!

Maybe, but I've always used IE and never had any problem.

[garyk/nm]

Wierd. In all of the years I have had Norton running, just yesterday I got a trojan virus notification. First time for anything on Norton.  Wouldn't let me delete the final file, either.

[brimic]

I've had the new version of firefox crash 3 or 4 times on me so far. I'll take that over the constant spyware/malware/virus/security/crash problems involved with IE any day, add to that, is I no longer have to buy the Norton/Mcafee snakeoil products.

[Calumus]

re-install 1.07. there are a lot of people having issues with 1.5 their forums have been pretty much humming since it came out. On the bright side, they tend to be very quick with their fixes and updates. You should give Opera 8.50 a try too, 8.51 is the newest, but like firefox it seems to be a bit buggy. Cheers,
Shawn

[RadioFreeSeaLab]

CoughcoughUbuntuLinuxcoughcough

And if you can't, or don't want to make the jump to Linux, at least make the jump to FIrefox.  Really, you will not regret it. I haven't started IE for years on my windows machines.
www.getfirefox.com.

[Ben]

It really sucks that the people who create all these internet problems cannot be tarred and feathered. Over the years I have in order:

1) Switched to Netscape for the single Windoze PC I had to do everything (did this for a long time).

2) Malware stuff started getting worse. Added a Linux machine and switched to Mozilla/Firefox/Thunderbird for everything that would work on them (for the last couple of years). Did the majority of my internet stuff on the Linux box. Just used IE on the PC when it was the only way to access a site. Locked down on cookies, popups, etc. on the browsers and added spy/adware checkers.

3) Now I'm at the point that I recently hauled out a surplus P3 I have, just stuck an old copy of Win2K on it with only browser and related internet software, and use it as my "pawn" for internet access. Have all three of my machines on a KVM but keep the pawn machine off my local network. I access "trusted" sites (e.g., here, my banking or other secure sites) on my Linux and "main" Windoze machine. General poking around on the web and new sites get tested out on the pawn machine first. If I get hit with something, it's just 30 or so minutes of reinstalling its basic, backed-up system. No worries about losing infected data files or having to reinstall a bajillion programs as would be the case if I were hit on one of my other machines.

There are times that I miss the simple days of 9600 baud access and text only BBS sites.

[Felonious Monk/Fignozzle]

CoughcoughUbuntuLinuxcoughcough

And if you can't, or don't want to make the jump to Linux, at least make the jump to FIrefox.  Really, you will not regret it. I haven't started IE for years on my windows machines.
www.getfirefox.com.

So if I have been a Windoze drone all my life and have never been exposed to Linux, how do I get to where I can actually function in a Linux environment?  I have a couple of extra boxes sitting around, so I've got the hardware I need, just no knowledge of or experience with Linux.

Where do I start?

[Ben]

Where do I start?

I started with Mandrake, but if I were to do it all over again with what's available now, I would start with Ubuntu. You'll either figure that's all the Linux you'll ever need, or else it will be a friendly intro into the OS, and you can jump to other flavors from there.

[K Frame]

Well, Chris worked his fanny off last night, and made some progress with my computer. I'll let him explain what's going on with it, because I'm not at all familiar with stuff like this. I'm only good enough to infect my computer through poor security practices...

[mtnbkr]

Everything is more or less fine now.  The problem was caused by a couple of Trojans that were being called differently than I've seen in the past.  Once that was clear, it was a pretty straightforward affair to get things working again.  I've never seen a Trojan use the Explorer (desktop) Policies portion of the registry like that.  It's probably commonplace these days, but I'm out of practice.  Once I removed the trojans (and got better sensations as a result), I removed some old apps, cleaned the registry, defragged the drive, updated the system, and it's been running fine ever since.  The PC needs more memory though.  256mb for an XP machine is bare minimum IMO.  

BenW, I have never had such problems with my PCs that I felt the need to use a "throwaway" for Internet use.  I use a moderately tightened Win2K system sitting behind hardware and software firewalls.  I've never had an actual infection.  Norton's caught a few attempts, as has Zonealarm, but nothing's every taken hold.  I use Firefox, but mainly for the tabbed browsing.  

I use Linux, but only on my personal server and that's mainly because I'm too cheap to buy a copy of Win2003 Server.

Chris

[K Frame]

"Everything is more or less fine now."

Mah Hero!

Can you get internet connectivity?

That was the other wrinkle in the situation... No programs could get through to the internet...

Oh yeah, I'm going to order more memory from crucial.com

[Ben]

BenW, I have never had such problems with my PCs that I felt the need to use a "throwaway" for Internet use.

I've actually never had a web or email* problem serious enough to damage the OS or to have to nuke any of my personal machines, but because I've seen it happen a few times on others (and had to fix the problems), I just decided to take the paranoid route since I have the extra box anyway.  

* It never ceases to amaze me regarding how people can be so curious that they will download attachments from clearly unknown sources, just because they HAVE to see what it was about. DELETE DELETE DELETE!!!

[K Frame]

Ben,

Just to be clear, I didn't download any attachments.

I was surfing, and apparently I got caught in the graphics engine connundrum that Microsoft just had.

It certainly didn't help that I had let my virus definitions get out of date.

[cosine]

Hey Mike, if you didn't know, Micrsoft released the patch for the graphics "hole" on Thursday.

[K Frame]

Yep, I found out AFTER the fact.

I had originally heard that they were going to release it Tuesday of this coming week, but I guess they were able to speed the delivery process up, and for some reason the automatic update icon never popped up on my computer.

[Lennyjoe]

Same here.  Just surfing. THe kids didnt download anything but go to myspace alot.  I think one of them drew in the culprit.  Im running hijack this to find out whats up.  I keep getting pop ups when the internet is offline and when I try to download fixes it shuts IE down.  I updated to SP2 from SP1 as well.  Running Norton Firewall and Anti-virus but something still got thru.  If I can't find it then I guess I'll call in the geek squad;)

[mtnbkr]

LJ:

In your registry, look under

Global:
hkey_local_Machine\software\microsoft\windows\currentversion\policies\explorer
hkey_local_Machine\software\microsoft\windows\currentversion\run (there'll be many entries here, but look for the suspicious ones and research the exe they call)

These two will be specific to the currently logged in user:
hkey_current_user\software\microsoft\windows\currentversion\run
hkey_current_user\software\microsoft\windows\currentversion\policies\explorer

In Irwin's case, the trojan created entries under the hkey_current_user\software\microsoft\windows\currentversion\policies\explorer to load when he logged in.  We were able to remove it by logging in as another user (admin) and deleting those entries and the files they pointed to.  Trying to do so while logged in as him failed because the files were locked and the registry keys kept regenerating immediately.

Chris

[K Frame]

Lennyjoe,

That sounds a lot like what I was facing.

What are the popups saying?

The one I had was in the system tray and was a virus "warning" which directed me to click the warning to download the best anti-virus software for getting rid of that particular problem.

Only problem was, I have no doubt that had I actually paid for the software, I would have opened up a whole HOST of backdoor vulnerabilities.

Chris really saved my bacon on this one. I want to talk to him about how to make my system even more secure than it is...

I'm trying to get him to accept a token of my appreciation and esteem, but he says he has no use for a state of the art IBM 8088...

[Ben]

Just to be clear, I didn't download any attachments.

Mike -- I should have been more clear in my post. That email comment wasn't aimed at you. That was a generalization of what I see and read about regarding users in general.

I recently read an article in Federal Computer Week that discussed teaching general computer security protocols to I think it was Annapolis or one of the Academies anyway. They tested security awareness by sending an email from some made up person with an officer's rank, but routing through a non-.mil mailserver, with a funky attachment. If the attachment was opened, a notification was sent to the experiment monitors. Something on the order of 40% of cadets opened the attachment.

[lee n. field]

Maybe, but I've always used IE and never had any problem.

Well, you do now.