Journey to Malware
( A Horror Story)
Its really odd that my latest post does not talk about pristine beaches or restaurant experiences. Nor does it talk about incompetent golf club employees.
To me, it is still a journey...and a horrible experience with malicious ware, Trojans, worms and Microsoft MVPs (Most Valuable Professionals) ...which is the reason why I have not posted for the past two (2) days...and have not slept well for almost a week.
My journey started last week when I was at this forum where I am a member. I have dedicated some of my time to this forum helping people by responding to their inquiry which is mostly related to immigration.
Responding to the topics and getting replies gives me a little sense of relief and accomplishment having been to similar situations and now teaching them some of the "how to" steps.
An anonymous member posted an ad and a URL in one of our threads. He posted so many ads that they blocked all our important topics at the message board.
So I copied the link and pasted it to my trial version of the ActiveWhois by JOHNRU, a network tool you can use to find any information about the owners of IP address or Internet domain.
I found that the domain belonged to a gentleman from Europe. So silly me, I confronted him on the thread if his name was so and so and ask him to stop posting. Later, I asked my moderator to delete the posts.
What I did not know was while I was right-clicking his link on the read to copy and paste it to ActiveWhois, it opened a new window and embedded executable files to my system!
It was horrible. The page was full of photos of women having sex with farm animals. The page was embedded with Trojans and spywares. My pc went crashing.
I restarted the pc to safe mode and scanned Ewid0 4.0 , an anti-malware program that rids your computer of Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers and supplements existing security applications to create a complete security system .
I have to upgrade it as it has become outdated. I found out that i have 22 infections in my computer. So I clicked the recommended action and thought that i destroyed everything.
But the malware seemed to keep coming and my computer has started to run low.
I saved the Ewido report and made a new scan with Hijack This, an expert tool that displays a log of legitimate and illegitimate programs which usually can't be detected by other tools. It will also indicate whether or not your computer is running unknown to you.
Sunday morning, before taking the trip to Lake Berryessa, I gathered the two (2) reports from Ewido and HJT, I submitted it to a Windows support group composed of highly intelligent experts called AumHa Forum for analysis.
My husband told me so many times that i spent too much time on the computer. I was scared to tell him what happened.
As the Aumha professionals are volunteers and have their own jobs and personal lives aside from helping in the posts, you'll have to wait for hours to get your response.
So by the time I received them, it was already Monday. I got some replies telling me to fix some system files with Hijack This clean-up. I was also asked to update my Java. I followed their instructions religiously.
Then my phone rings and I talk to my friend for an hour. While on the phone, I make the bed, sweep the floor, clean the rug, wash the dishes, clean the bathroom, and by the time we hang up, I'm done turning the sprinklers on. I go back to my computer.
I was asked to download the Avenger, a file removal software by Swandog.I ran the Avenger and by the time I'm done its time to pick up the kids. I walked two blocks to the children's school, get them, and walked back home.
I ran Ewido again. I ran HJT again. And this time I was asked to download ( Oh my God, I’m going nuts!) Active Scan by Panda,another anti malware.
I ran the software and by the time I'm done and saved a log, my husband arrives and I have leave my computer to get back to my real life.
After dinner was video time.We were viewing Nanny McPhee but my mind was seeing other things. I was thinking of the Hijack logs and the spyware embedded in my pc. I imagined them as little ninjas trying to open my files and getting as much information as they can.
I couldn't wait for the movie to finish so I can get back to my pc.I waited for my husband to brush his teeth and go to bed. By the time he is sleeping its already 11pm..and I'm still awake and very exhausted.
I went back to my work and I was asked to make another HJT Log.I made some errors with Ewido and I have to run it over again.Ewido runs for approximately 35 minutes. Before I was done, I fell asleep.Its 1:30 am.
Its Tuesday 5:30 am and the alarm rings.I turn the the pc and the Ewido scan is done waiting for me to aplly recommended action. I removed two infections.I saved the report and got up to get the kids ready.
Im getting frustrated. Im not getting the response I expected.And an MVP reprimanded me for highlighting some texts red which is of course a mistake on my part.
I use to have a similar problem but it wasn't this complicated.Now I realized its gething complicated.
I was asked to run the programs again and again like they never ended.I then ran the CCleaner, a system optimization tool that removes unused files from your system.
By Wednesday I was making progress.I was also asked not to surf the net or check my email using the same computer until I get my updates.
Thursday, I was asked to download the Windows XP SP2 from Windows Update. This is where the bomber started. Windows would not validate my XP stating that I may be a victim of counterfeit software! I was then asked if I have a COA sticker on my tower. I checked, Yes I have one.
An MVP from Aumha asked me to ran the WGA Diagnostic Tool, save the data and post it in the Windows Genuine Advantage Forum.
I was told that they were hopeful.I was ask to download and run Belarc, a tool used to read your license codes, so I can match the numbers in my sticker to the one Belarc is reading.
Que Horror ! My the numbers don't match. I went back to the Windows Forum to see if I got a reply. I did get a reply. It read:
" Your MGA Diagnostic Data indicates the presence of an illegal Volume License Product Key. Dell does not ship their computers with a Volume License version of Windows XP, only "OEM" versions. Contact Dell support and order their Dell Reinstallation CD (if you do not have one) and then proceed with a "clean install"...."
"...Also, your copy of Microsoft Office XP Professional with FrontPage is non-genuine. You'll need to uninstall it, then visit a nearby store that sells computer software and purchase a genuine version of Microsoft Office. "
I said, "What?!!"It couldn't be. We never installed a new XP after purchase. Did we? Let me recall how many technicians we hired to fix it and allowed them to install new software..two,four,seven? I'm not sure anymore.
Suddenly I didn't feel safe anymore. The Windows moderator asked me to purchase new sofware. How am I going to tell my husband that the PC crashed because it is filled with ugly trojans and spyware. How can I tell him that we have to purchase a new XP? How am I going to tell him that we cannot purchase online until the PCs clean? HELP!!!!
I shut down my system.
My Husband arrived and we went to have dinner at a Mexican restaurant in Benecia.We went home. We went to bed. I was not asleep. I couldn't sleep.
Friday, I have not told Him yet. My computer is walking ( not running) slow and I needed to make it run fast until I can tell him. It shouldn't be too obvious.
I went back to my previous thread on malware where I was given advice on how to remove malware and make my system run fast again. I ran Ewido and Spyware Doctor in Safe Mode. I ran the CCleaner .
Believing that everything is squeaky clean, I went to System Restore and restored the system to an earlier time.
I uninstalled my Avant Browser and reinstalled it. I needed to have a temporary firewall. I went to CNET and downloaded a trial version of Trend Micro's PC- cillin Internet Security . I updated the firewall and enabled all possible security.I restared my PC.
Voila! My computer was running fast. Or so it seemed. I’m cooking dinner. Spaghetti with Shrimps, tomatoes and capers and a bottle of Muscat. I slept well that night.
And then came Saturday. Another weekend for one of those awesome and bloggable family get-aways! Destination UC Berkeley and the Chinese Festival in Oakland. I'm so excited. I can take more photos and post it in the Blog. The Blog? Yes, the blog that I have forsaken because malware has taken so much of my time.
And then my husband asked if he could use my computer. I said sure why not? Why not? I still have not told him. I was waiting for his best mood. And I was confident because I thought I repaired it on Friday. Not a problem.
My husband was looking for the the quickest way to Berkeley. He typed the URL http://www.mapquest.com/ and looked for directions to Martin Luther King Jr. Suddenly the computer was running so slow. He reloaded the page and type the same directions...Nada.
He looked in my direction with an angry face. Uh-O! I’m in trouble. I was forced to tell the Truth.I felt like a 5-year old girl expecting a time-out for turning the cartoon show on.
Then my husband said, "Okay, we'll have it fixed Monday. How did this happen...and then....Feeling' better Luv?"
I never thought it would be that easy. If I told him at an earlier time, I would have been saved from that horrible experience. What a week.
The world of MALWARE is not a pretty thing. It’s a dirty jungle. And you have to be persevering, experimental, and updated to be able to win the battle. I learned my lesson the hard way. But, I am happy.
Sunday, I have a blog to write....