For the last several days, I’ve been dealing with a most malignant computer infestation of malware. This pile of garbage is apparently new enough that existing anti virus software cannot identify it or remove it. I believe I must have downloaded it from a malicious web site, thinking it was a safe program or script.
This infection involved a hidden code that periodically triggered rotated through a payload of many different viruses, worms, trojans and spyware — including by not limited to Trojan Virtumondo, Trojan V.B. Zu, Trojan Fake Alert and Windows Antivirus 2009 (The latter pretends to be a Microsoft Security product, but it is not. It tells you that you have a large number of viruses on your system, then charges you to remove the viruses that it put there in the first place).
As I understand it, this malware infestation contained a highly danger root kit. It had the ability to give remote control of my system to unauthorized users, it contained a keystroke logger that could have tracked and reported on passwords and financial information and much more.
The code hides itself by using a different file name on each computer — thereby making it hideously difficult to track and remove it. The script activates periodically, releasing a different set of viruses on a rotating basis. It also infects any software application that is run. Over a few days, this malware shut down my existing anti virus software and blocked my ability to access the Internet. Every time I (or the technicians I eventually engaged) removed all existing viruses, the system would reinfect within a matter of minutes.
The solution for me was Telus Professional Services. A component of Telus.com (my ISP), this group of technicians works with you remotely, using a combination of remote access, telephone help and online chat. They charge an extremely reasonable $80 per incident OR $15 per month fee, in which case you pay nothing for service when needed.
Three technicians worked on the problem, which was made more difficult when I could no longer access the Internet because of the malware block. At that time, the technicians worked with me over the telephone, offering step by step instructions for me to take the necessary steps so I could get my Internet access back and thereby grant them remote access to my system.
After two days of almost working round the block, the technicians managed to remove the root kit manually and then cleaned the system of all damaged incurred. They documented the steps taken should they encounter this malware on another computer.
I wanted to know what I could do to prevent this from happening again — given that I already have an updated anti virus program running, a spyware program running, a firewall, all cricital updates installed on my computer and I use personal caution when I’m surfing and opening email.
The suggestion I received from the technicians is this: When your browser notifies you that a website wants to install a script, locate the file name and run a Google search for that file. See what other people have to say about it and act accordingly. The same thing applies to downloading freeware. Before downloading, run a search and see what you can learn before you install.
Yep, it’ll slow me down some, but you can be sure I’m planning on following this advice — on top of the other precautions I already take to protect myself online.
The technicians told me that with a root kit, there is only a 30% chance that they can save the system. And — even more alarmingly, all documents could be lost, since most backup systems will also be infected. Apparently the professionals have a means of doing a “clean backup and clean install” — so that should be done rather than attempting it personally.
I’m lucky it didn’t come to that in my case. The professionals managed to rid the system of this deceptively damaging malware without a system reinstall.
