Yesterday, I was surfing the web on my Windows Vista laptop when I noticed a window that appeared to be a virus scanner doing a scan. How clever, I thought, a website had popped up an HTML window that looked like a system scanner. My heart sank as I realized, however, that the "virus scanner" was actually a running program and not a fake.
I realized, at that moment, I'd been hit by some sort of malware. And what nasty malware it was, it managed to do at least the following:
- Hook into the Windows Vista virus checking framework. It then reported that every executable was infected, and provided me a way of fixing it - mainly, to run the bogus virus checker.
- It installed itself under common windows program names such as dwm.exe, crss.exe. This means that when the virus is running, examining the task manager doesn't report anything out of the ordinary
- It hooked my web browsers into a proxy running on localhost. This means that all web traffic was being passed through one of the files virus installed
It probably did a lot of other nasty things, too.
Of course, I had a lapsed version of Norton on that laptop, so it was effectively unprotected. Yeah, that was a mistake.
Getting myself out of this jam hasn't exactly been straightforward. Here's what I've fumbled my way through:
- Using F8 at boot time, booted into Safe Mode and ran Windows Defender. It reported I had an infection of Win32/Cycbot.B and that it was very bad news. It also claimed to clean up the issue, but when I booted up my laptop, it was still hosed.
- Using F8 at boot time, booted into a set of recovery tools Windows provides. I then rolled back to a recovery point from a few days earlier. The system was still corrupted when I booted up, but it was in much better shape. It no longer attempted to start up the fake virus checker.
- Booting into regular Windows Vista, I maually disabled the web proxy the virus setup. Without this step, my web browsers weren't functioning properly
- Installed Norton Virus Checker and kicked off a full disk scan
At the moment, Norton has scanned 2,653,182 files and isn't finished yet. It has found 203 issues.
I'm not quite out of the woods yet, but things are definitely looking up.
The key lessons learned:
- Never skimp on having an up to date virus checker
- My strategy of having regularly switching between multiple laptops has meant that this hassle hasn't caused any downtime in my work
I've said it before, but I'll say it again: the people who craft these viruses are geniuses. If they would use their brains for good, instead of evil, we'd be living in a better world.
No comments:
Post a Comment