Saturday, February 18, 2006

Infection

My PC got hit today by adware. I was surprised that it happened because I have my computer set up to block most active x content, and most popups. I also have the newest virus definitions automatically loaded everyday and I have the current MS stuff from Windows Update, but this one came as part of a website I was visiting. I was trying to get lyrics to a song and it just came up, the options for shutting the window led you to download even though I aborted.

As soon as the window closed, I saw the command window open in the corner so I knew something was going on. It was an IE Plugin program that then invites other bad things to come over and hang out. It installed a toolbar on IE and a little icon on the taskbar. Fortunately, I saw what was happening and shut the processes down. I then unplugged from the Internet and started the removal process.

I play with my computer enough to know most of the services and processes that should be running (guess that college education pays off once in a while). I could tell right away what programs were legit and which weren't but I plugged my laptop into the Internet so I could get the specifics on getting rid of the thing. I didn't know how deep it had buried itself or if it already had friends over. Fortunately, Symantec makes a removal tool for this specific one and I downloaded it to my thumbdrive, and ran it on my PC. Looks like it is clean but now I am a bit timid about connecting back up to the Internet (I am still using my laptop).

It just pisses me off that it attacked on a completely innocuous website. I moved my popup blocker to the highest level and I also modified the security settings on my browser, so I am sure it will be painful for a few days until I am able to get the exceptions for some of the sites in there but it is better than losing use of my PC in the middle of the semester.

Only plus about stuff like this, is I get to learn something new and try out my skills. Thankfully this time, it was relatively easy. I have worked on other computers where there was so much, they had to reformat the harddrive. Key is to immediately get off the Internet, which sucks because that is usually where you need to go to find out information. Helps that I have a second computer but I think you could also come up in Safe Mode (Windows users) and still access the Internet that way.

3 comments:

J.a.G. said...

I count myself as very lucky not to have got anything. I don't know that I'd clue in until too late.

Mishka said...

You know, I haven't gotten anything until today. My sis and some of my friends have all dealt with it. Thing about this one was, that it wasn't something that snuck on there because my computer is connected to the Internet all the time, it came up while I was loading a page, and the question box didn't give you the option to close it without it running....it was very sneaky and I can see how most people would just click okay on it. I have noticed that a lot of malware/spyware advertises itself as "popup blockers" or "spyware blockers"...very misleading.

I didn't intentionally run it, I just couldn't get the window to close any other way. I think the fact that I unplugged the Internet from my computer so quickly is the only reason it didn't get completely out of control.

I would recommend that to anyone, or at least only getting back on the Internet in safe mode so it doesn't have a chance to multiply. It even disabled my Internet options in IE and my updates from Windows.

They are interesting to see, just not on my own computer...haha.

Chicken said...

Even though I'm not the biggest fan of Microsoft, their spyware is pretty good.