How This Savvy Techie Downloaded His First Virus - Part 2

Continued from How This Savvy Techie Downloaded His First Virus

I got lucky. Others have had direct attacks on their sites after a trojan is installed which sniffs their passwords. I’ve got two adware programs which are a nusiance, but right now they’re isolated and cannot get out. I’ll kill them later today as I have time, and find a program that works on them better than the ones I’ve already owned.

From one victim’s words:

I spotted tvsetmp3. com in my web stats refering to one of my sites. As I’d never heard of it, and being curious, I decided to take a look.

Big mistake! the site pretends to offer porn videos but of course you need to install a special codec. Not being stupid I tried to cancel and close the browser - but it still installed a trojan - videoaccesscodecinstall.exe which I’ve now removed.

It’s hard to be your own IT/IS department

Since I had pulled the plug to the wireless router I took some time to figure out what I was dealing with.

Now to fix my system… What are my resources against tvsetupMP3?

Installed: Norton Antivirus, Norton Firewall. I don’t click on ads, and Microsoft and Google toolbar generally protect me against popups and other scummy items.

It’s the social engineering on this bug that made me click it.

I thought I was safe inside my web server’s stats program. Just like people used to think ten years ago about their email.

Norton doesn’t pick up adware it turns out. I’m sure they make another product that does, but what’s the point in that?

So I downloaded Lavasoft’s Ad-Aware. It didn’t pick it up either. Shocked I moved onwards, and tried both in Safe Mode.

Next move was to get into Safe Mode, and do all the full scans again, on a deep level (normally it only goes three levels down within .zip or .rar files, I did seven levels down).

As you can imagine, this takes a while. Normally I have two systems set up, but since my move back at Labor Day I haven’t had the core system set up. So I went offline to read some books.

I let it scan overnight, and no such luck. Next on the list was AVG. Now, I had come out of safe mode and PC Doctor had already found and isolated the malware / virus / adware programs. I was concerned because I’d also seen a download.BN virus pop up which Norton took care of.

I also went back to Lavasoft and found out that they have a specific application which takes out these types of programs. Right now they’re isolated, but I’ll have to try them right after the AVG scan, which is over 1 hour so far without finding it.

Here’s what worked for me - almost. PCTools Spyware Doctor found and isolated the nasty suckers, and didn’t let them relaunch when I restarted my system.

…but it asked me to register and pay $30 before it would dispose of them. Well, at least now I can use my browser without real concern. So it’s off to shop around and find the best I can for $30.

So I called up Joe, one of my friends who started his own computer services company and used to ask me for technical help. Our usual roles were reversed since I have been out of hardware support for years, so he’s now the onsite commando.

Joe asked, have you been thinking about formatting your system lately?

After we discussed the ‘Nuke the site from orbit’ plan of formatting the system, he told me to check AVG software out, since that was his preferred method. Since he’s in the ‘Data Plumber’ business and does daily threat removal for his clients, I’ve downloaded AVG’s adware component.

I used to use AVG years ago, and I like its slim profile rather than Norton’s heavier grip on system resources. However, and I’m not sure if this is because it’s already quarantined by PC Doctor, nothing has been found with a full scan.

Update: As it turns out, an hour and a half after a full scan, nothing found. You get what you pay for, apparently, with the free AVG and Ad-Aware software.