Wednesday, April 13

XP Anti-Spyware 2011

I got a new spyware-detection program yesterday.

Unintentionally.

I was visiting a Fox news website speaking of an asteroid heading for earth, otherwise known as an NEO, or Near Earth Object, and what impact it way have on earth. No pun intended.

Being an armchair astronomer, this piqued my interest.

But upon arriving at said Fox website, out of the corner of my eye, I saw a popup alerting me a Java app was initiating; of course, THAT meant it was too late to do anything. As I was waiting for my laptop to shut down - the best thing to do in a condition such as this - I saw the fake anti-virus program begin its execution.

I had a feeling this was going to be a long, arduous process - and I was NOT looking forward to it.

I've removed viruses from every flavor of PC over the years. Azusa from a Unisys PC, Michelangelo from an NCR. Even a boot-sector virus - name unknown - that was fixed simply with FDISK /MBR; that removal took two days and a trip to Moab. But this one?

OK, so it was my work laptop, which made things a little sticky. Having NO inclination to call the corporate help desk, this was only going to be solved by some at-home troubleshooting. Having dealt with viruses like this previously, there was no way the running process was going to let me look for a solution.

I only had the programs' purported name to go on: XP Anti-Spyware 2011. Going by several names depending on the OS involved, I found a plethora of sites with suggested fixes. But which one to click on, lest IT be an attack site in and of itself?

I'd been to bleepingcomputer.com in the past, so that's where I started MY attack (note that I was doing these searches on my home netbook). Suggesting a little program called RKILL, it was able to kill the running processes and allow me to run HijackThis to find the offending registry entries.

(This is a VERY abbreviated and paraphrased explanation of virus removal. Having been around computers since before the original IBM PC - the Apple II era - I know what programs are supposed to be on a computer and in what locations. For example, eeing a program executing from the "Program Files" directory and not from a subdirectory makes me especially concerned.)

So after finding several suspect programs, searching for the on the interwebs, and summarily removing them with HijackThis' help, I rebooted. And had no more virus.

Immediately updating the virus definitions on the laptop - likely the reason why McAfee didn't catch it in the frst place - I then began a four-hour full virus scan of the laptop.

This morning, there appears to be again, no virus. Just keeping my fingers crossed in the meantime.

No, I can't find YOUR virus. If you find this entry due to your PC having the XP Anti-Spyware 2011 or a variant, do NOT try to fix it yourself. Find a geek. Take it to your local computer store. If you're a geek yourself, do visit the above-named websites.

And keep those virus defs updated!!

No comments:

Related Posts with Thumbnails
Google Analytics Alternative