The Haphazard Blog

Tag: malware

All Clear on the Malware Front

by on Sep.18, 2009, under Software, Technology

The Malware is all gone. It hooked in pretty deeply. It was actually pretty clever. It manages to load a library during boot-up before you even get to the Windows log in screen, and well before your anti-virus software is running. It does not stop there. It then attaches to any/multiple running processes as a thread so nothing looks out of sorts. So you look at the task manager and all the running processes appear legit. I assume that’s why the anti-virus software was clueless. In addition, it discretely disabled the Windows Security Center warnings when your anti-virus software is disabled and hid Windows Updates. (This is how I figured out the problem. I highly recommend Malwarebytes to everyone, it pointed me to the registry entries that were being changed.)

I first used RegMon to watch the registry entries to see what was changing the entries. It was odd that my mail program and explorer were doing it. So I used Process Explorer to see what those programs were up to. After that, Google led me to a program that took care of it once and for all, ComboFix. It’s straight forward to use if you follow the directions. I like that it installs the recovery console as a boot option.

Updated 9/29/2009: I just discovered that ComboFix resets the hosts file. For most, this won’t matter. I added some hosts for testing multiple web applications on different “domains”. It took me a little bit of time to realize why they would not work.

Leave a Comment :, , , more...

That Didn’t Take Long

by on Sep.17, 2009, under Software, Technology

Two Days. That’s all it took for my machine to be compromised by something. I have no idea what it is, or how it got past my anti-virus software. I got it from a legitimate website. I suspect it was an advertisement type of attack. That’s what I get for using Internet Explorer and forgetting to disable the Adobe Acrobat plug-in. My anti-virus software was going nuts warning me and Acrobat launched. I closed it and I thought everything was fine.

A couple hours later popup ads started to spawn like crazy. I managed to close all the windows and kill the process. I did some Googling and found this product called Prevx. I downloaded it and ran it. It detected the problem and said it could fix it. This is where I’m annoyed. All it does is detect the malware. When you want to remove it, it’s time to pay for a subscription. I fully understand the business model, but it’s pretty cold to taunt the user. We found a problem, now pay up to fix it! I imagine this is pretty successful. I can’t believe PC Magazine awarded this software an Editor’s Choice award and doesn’t mention how crippled the “free” version is. To add to the annoyance, you can’t even exit the program easily. I had to kill the process.

I managed to do enough that I haven’t seen any popups, but it’s not gone. If I try to eliminate the DLLs, it becomes active. I’m pretty tired at this point. I’m going to shut down the PC and try to get rid of this in the morning. It is definitely something very hard to remove. I really don’t want to reformat and install Windows again.

Leave a Comment :, , , more...