Monday, December 8, 2008

More nasty viruses

I thought that I had seen the last of this virus after my post last week.

This weekend we discovered an infected machine at home (one of the few that we have available for family use) that was launching multiple internet explorer windows and trying to take us to a sports betting page. We couldn't figure out how the trojan had been downloaded until I heard that this happened after trying to catch up with some missed TV shows. Visiting the site - which appeared to be the site of one of the major TV stations here - resulted in a notice that in order to view the shows you had to download and install a new video viewer. Without really suspecting anything, the new video viewer was installed and the TV show continued. Googling for trojans and tv shows has several links to articles describing in general how this might happen but nothing directly related - but I have to assume that is how it got there.

It was a mission to remove this program. It was a close relative to Antivirus 2009 (it even had a similar name) and kept on launching new IE windows that were not really going anywhere. Eventually I downloaded a tool mentioned in one of the articles that I referred to in my earlier post called Malwarebytes which took care of the problem.

At work today, we discover that the staff member's computer from last week has worsened over the weekend. My colleague who was dealing with it had managed to remove most of the obvious traces of the application by following some manual procedures but must have left some of the core in place (or our collegue is not getting the message about avoiding downloading executables) and the machine was re-infected with a vengeance this weekend.

So I suggested trying Malwarebytes - only to discover that on this machine - not only could you not download this program, you could not install it either. We used a disk share to get the program copied onto his desktop (when we gave up trying to download it) and had to rename the installation file to get it installed. Once we had it installed we could not run, it hung! The forums for Malwarebytes provided a recipe to get around this and we were able to clean off something like 16 adware and trojan programs on the machine. So not only was this trojan inserting itself onto the machine, but it was actively looking for a copy of malwarebytes to make it harder to clean.

There is an interesting eZine Article on how trojans can put your banking information at risk that is a worthwhile read.

No comments:

Post a Comment