Monday, January 18, 2010

Google Installer Virus / House Full of Virii



A fractal model of malware code found on my computer*

Not sure where it came from, but I recently had a small battle with some sort of virus that presented itself as a Google installation.  I never would have noticed (I'm getting used to Lappy Tappy running slowly), but every five minutes or so I would get an "End Program" error about a Google Installer program failing.

Then one day every web site I went to redirected me to comcastsomething.net  I forgot the actual URL, but it looked quite legit.  The web site claimed to be Comcast asking for user info - which screamed 1997 AOL scam.  Running my previous methods using Malwarebytes cured the browser redirection, but I still had a problem with the Google installer, and there were a few infections showing up in my virus/malware scanners.

Enter ComboFix from Bleepingcomputer:

This is great.  Very light.  Very effective.  As a side note, my roommate had a virus of his own that prohibited him from using Windows in anything but Safe Mode for more than five minutes.  He was ready to drop over a hundred bucks at a local computer tech shop, but ComboFix kicked that trouble to the curb**!

** ComboFix allowed my roommate and myself to get around the virus/malware to scan, clean, and continue protecting our computers again.  Here's a list of my recommended scanners and utilities:

Recommended Scanners:
All of my recommendations are freeware.  If you have the means, purchase a license or contribute a few bucks, as these are great utilities and are well worth the money.  Otherwise, get ready to spend at least $100 at a tech shop or Best Buy.


ComboFix  - (download from bleepingcomputer.com only) This is a very light (3.64 MB) standalone/no install program that searches deep within the boot sector of your hard drive for malware which may be prohibiting other utilities to run.  Often, malicious software prohibits this, and many other scanners from running, so it may be necessary (just go ahead and do this) to rename the executable file from ComboFix.exe to anything else that is not ComboFix.exe.  I used the suggested Ieexplore.exe and it worked swimmingly.

I saved this to C:\Program Files\ComboFix Anti-Malware\ and copied the shortcut (with the modified name) into my Start\Programs\Utilities menu for easy future access (ala forbid).  If you use this, follow the directions listed on the bleepingcomputer website verbatim.  This was not difficult to run, but there seem to be more warnings than are usually provided with such software, so be careful.  Overall, there aren't really any decisions.  Just follow it's directions and choose Yes to install the Windows Recovery Console thing and you'll be good to go.

AVG Anti-Virus - This is great anti-virus software.  It's also FREE and seems lighter and faster than other software packages I've used in the past.  McAfee was great but it sometimes gets clunky.

Malwarebytes' Anti-Malware - This saved me from the dreaded Spyware Guard 2008 pain in the ass extortionware fiasco.  I don't think the software is completely free, but I used the free portion to disable malware that was blocking other free scanners.  Life saver.  Good scanner to have in this case.

Lavasoft Ad-Aware - A standard in adware detection and removal software.  I rarely run or scan, but it's a good tool to have in the arsenal.

Spybot Search and Destroy - Another free package.  Many ups provided by users.

Tips to Consider:
  • If a software package does not seem to run, or you cannot install on an infected machine, rename the file you're trying to run.  I had to burn Malwarebytes to a CD from another computer under a fake install name to disable to malware that was prohibiting me from scanning.  Same thing with ComboFix; where I had to rename ComboFix.exe to Ieexplore.exe, and had no subsequent trouble.
  • If you're lazy like me and HATE scanning your computer on a regular basis, at least update your scanners every once in a while.  It takes ten minutes tops and can really save your butt - just in case.
  • If you find an infection, stop using your computer and scan the shit out of it.  It may take a few days of scanning overnight, wake up, run another scan, go to work, come home and follow up with another damn scan.  I recommend several software packages because A) they're free, 2) they're quite powerful and comprehensive, and D) they're free.  Take the time to fix your computer on your own.  Otherwise have fun shelling out a wad of cash to loose your computer for a week or more.
  • Upgrading to the full version of these programs seems to provide "live scans" and more control over scheduled scans.  No thanks.  The free versions of these software are wonderful.  Again, purchase or support whenever possible.  These rock.



* This is actually the AIDS virus - not code, nor a fractal

1 comment:

Asad Ali said...

I guess I am the only one who came here to share my very own experience. Guess what!? I am using my laptop for almost the past 2 years, but I had no idea of solving some basic issues. I do not know how to Download Cracked Pro Softwares But thankfully, I recently visited a website named wahabtech.net
ComboFix Crack