Yep. It happens. Even a techie guy like me can be hit with the viruses and malware on the computer. Even if you have the careful habits, it only takes a little bit of carelessness to allow something quite nasty into the machine. Just see the news reports about the massive cryptovirus outbreaks that have been going around the world lately.
Anyway. What actually happened ? I have a patched up Windows 10 machine, current with all the security updates. I had trusted to Windows Defender for now and to be fair to Defender, it did flag up that something bad was occurring. With its DEATH SCREAMS !!! Yep. Nastie took out Defender first and proceeded to install all sorts of Bad Stuff.
But I'm getting ahead of myself there.
I was looking for a convertor to turn FLAC audio tracks into MP3s that iTunes could understand. Easy enough (I'll be using a questionable quality but safe online convertor). I looked at a reviews site, which pointed me towards a program called Super. Looked good, downloaded it, installed it.
And then the malware gets in. Malwarebytes is an excellent program in itself for getting rid of this stuff but even that has its limits. It spotted 1153 bad items in its first scan.
Symptoms - youtube was utterly broken, many other sites were reporting security compromises, Windows 10 was going nuts with the "An application has caused a problem with this file extension, it has been reset." If you have Windows 10 patched up, you'll be sick of those.
The browser security was messed up by one part of the nastie which was sitting in the middle intercepting the calls (I should really reset a few passwords) and breaking the trust chain. Youtube was also messed up by adverts coming in with Russian script. Not sure what the point of those are, if you don't understand the language, you ain't gonna pay attention.
If you suspect something odd is happening with your machine, follow these steps.
1 - DO NOT PANIC !
The first instinct if you've been hit by a virus is to go nuts changing things like passwords. Don't do that. At least, not on the suspect machine. Keyloggers are quite common and if you change the password before removing the keylogger, you have just sent your username and password combination to the person the keylogger is reporting to.
Wait until after the machine is clean or better still, change the passwords on another machine that is clean.
2 - Run a scan from something like Malwarebytes.
Malwarebytes Anti Malware (MBAM) is a top program that deals with most Internet Nasties. It couldn't cope with this one but .... I think this one was especially tenacious. Follow the process in MBAM, let it clean and reboot as necessary. Keep running the MBAM scans until it reports no threats.
And then run one of the free online virus scans (I used ESET) to confirm that the machine is clean.
Aside - sometimes Malwarebytes doesn't have success. In this case, the Nastie was particularly tenacious with 2 processes running in Windows that I could identify, more processes running as browser extensions and undoubtedly a few more besides that. Any one of those left behind and the machine would be reinfected.
3 - Ask Google how to get rid of the leftovers.
This is probably a waste of time to be honest. I looked up the name of the Nastie on various sites and they were pretty much just carbon copies of "Reboot in Safe Mode, remove all files associated with Nastie." Ok. Tell me what files are associated with the Bad Stuff.
Useless.
4 - Use a competent antivirus.
I've broken a run of 5.5 years without a decent anti-virus, having trusted Windows Defender up to now. Bitdefender won the vote of the online review site jury and is currently doing a full machine scan.
5 - Look into System Restore to resolve the problem.
This seems to have done the trick here. I haven't noticed any symptoms of the Nastie since running that last night. It does reset your data as well as the system files but I hadn't worked on anything saved locally since the Restore although it reset a few of the "Where am I?" in the youtube playlists I'm running through.
Hopefully that's the problem resolved now, although it seemed to be a particularly tenacious bit of malware.
I've learned my lesson and I'm looking to Bitdefender to do a bit more than croak at the first sign of infection like Defender did.
Stay safe on the interwebs !
No comments:
Post a Comment
So much for anonymous commenting ... If you would like to leave a message and don't have a suitable account, there's an email address in my profile.