November 19, 2011

Disaster Averted

As I mentioned in the comments of the post below, following what seemed to be a perfectly harmless link late last night/early this morning dropped me into a world of computer nightmare.  To whit, my computer was infectorated with some nastyuglyick.

My anti-virus program is proving to be more turnstyle than blocker, I have to admit.  To be sure, it notified me of the nastyuglyick, asked me if I wanted to block it... and then let it through anyway.  That's not the first time that particular sequence of events has occurred, either.

Oddly, this nastyuglyick didn't really seem to do anything other than do annoying crepe.  Much of that, I'm sure, is down to the wonders of Malwarebyte's Anti-Malware program, which did yeoman's work in cleaning and polishing my computer.  I've done nine passes (including three full scans and one full scan in Safe Mode) with that greatest of disinfectorators, and I've been clean for the past six.  Tack on a system restore to Thursday night, and I think a disaster has been averted.

Since last night/early this morning when the nastyuglyick first hit, there's only been one symptom... but it was a doozy, and I only just now finished fixing the last of the affected items.  Somehow, the nastyuglyick changed every file folder to "hidden" status except for one: the programs folder, and everything in it.  Every icon on the desktop was hidden as well, except for My Documents, the Recycle Bin... and My Computer.  Everything else was missing, including everything under the START button.  With the programs folder still being visible, I was able to run The King of Disinfectorators directly.  With My Computer still being visible, I was able to get into Help & Support... which gave me a link to System Restore.  And lo, it was cured.

Which doesn't mean that I trust that assumption, oh no.  There's a Windows reinstall in my near future... fortunately, it's the week o' Thanksgiving, which means the Duck U Bookstore closes early on Wednesday... and I won't have to be back until the following Tuesday!  I'm taking Monday off so I can devote my undivided attention to the last race of the F1 season on Sunday... all day, if need be.  I suspect the reinstall will be done on Black Friday, that day that all retailers love and all retail employees hate.  As I no longer work in "traditional" retail, I don't have to worry about it, and indeed for the past 7 years I've never left Pond Central at all on Black Friday... I refuse to inflict that on myself for any reason, now that I don't have to.

So, a question: anybody have personal experience with Microsoft Security Essentials?  Is it as good as the reviews suggest?  Does it work?

Posted by: Wonderduck at 10:35 PM | Comments (9) | Add Comment
Post contains 465 words, total size 3 kb.

1

I like it. One thing that's nice is that it doesn't louse up system performance. Another is that Microsoft updates the brain files constantly, and they can be downloaded for free.I can't say I know how good it is at protecting me, since I practice "safe hex" and haven't ever been challenged. But test reports I've read say it's very good.

Frankly, if you don't have it,you should get it.

Posted by: Steven Den Beste at November 19, 2011 11:23 PM (+rSRq)

Posted by: Steven Den Beste at November 19, 2011 11:25 PM (+rSRq)

3 The removal tool also got a couple full runs today; they came up clean as well.  I've practiced safe surf for a while, but I thought if one of my readers posted the link... *shrug*

Posted by: Wonderduck at November 20, 2011 12:12 AM (2YMZG)

4 I've been using Avast for many years now.  I mostly practice "safe surfing", but I've hit a few bad files/sites along the way.  Twice something managed to get past the defenses, everything else got identified and stopped.
My work laptop has MSE on it, and I like it enough that when I set up new machines for friends or family, that's what goes on them.  I suspect when my current Avast licence expires, I'll switch to MSE.
I'd be curious what ickybad got you, the professional stuff tries hard not to make a nuisance of itself so you don't realize its there and get rid of it, and some kiddy that's just trying to be obnoxious and mess up your computer is rarely good enough to get past up-to-date security.

Posted by: David at November 20, 2011 01:28 AM (Kn54v)

5 David, it shows up in MBAM's quarantine folder as Trojan.FakeAlert (three times), Trojan.Agent.Gen, Exploit.Drop, and six instances of PUM.Hijack.StartMenu.

I'm using Trend Micro's AntiVirus plus Spyware, and to say that I'm not impressed with it is... well... an understatement.  I might just switch to MSE ASAP, even though I've got six months left on my TM license.

Posted by: Wonderduck at November 20, 2011 01:43 AM (2YMZG)

6 Oh, crap. THAT one. I've added "attrib -h -s -r" to my arsenal of required malware-fighting commands... and the first couple of times that our usual cleanup routine of "blow out the temp directories, that's where the malware usually lives" bit us in the ass since that's where the shortcuts had all been moved to, yeah, we had some angry clients then.

I want all these extortionware spyware adware jackasses strung up by their unmentionables. Every last one.

Posted by: GreyDuck at November 20, 2011 10:14 AM (eHm8o)

7 Trend let you down. There's no good reason to stay with it, license or no license.

Posted by: Steven Den Beste at November 20, 2011 11:03 AM (+rSRq)

8 How did this get through?  I thought browsers were supposed to be all nicely sandboxed....

Personally, I like to keep "NoScript" running in Firefox to have more control over what websites are allowed to do on my computer, as well as Flashblock.  I also run Spyware Search and Destroy and AVG Free.  I've been clean for years now.

(If I'm really suspicious of a site, I can turn to my old 8.6 Mac and Netscape 4.7, but these days that reads almost nothing on the web.)

Posted by: Mauser at November 20, 2011 03:18 PM (cZPoz)

9 That's interesting.

One of my co-worker's computers suffered a virus with similar behavior this past week. (Everything in Programs and Desktop was hidden.)

I think it was designed to be used on people who don't keep 'MyDocuments' or 'MyComputer' on the Desktop, but use the Start Menu to get to those entries. (Last few times I installed XP on anything, I had to manually switch to Classic Start Menu, and manually add 'MyComputer' to the Desktop.)

I don't know what else this virus was designed to do. Since my co-worker isn't the kind of guy who'd play with the game linked on the earlier post, my first guess is that the virus was spread by an embedded-ad-server.

What scares me is that a better-written virus (silently pwn a machine for use in a botnet, set up a spam-generating zombie, or some such) usually don't involve such obvious vandalism. A virus set up to probe the defenses of a network might not be visible to the average user. But such viruses can spread in the same way.

Posted by: karrde at November 20, 2011 03:54 PM (thI7w)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
31kb generated in CPU 0.0137, elapsed 0.502 seconds.
47 queries taking 0.4926 seconds, 284 records returned.
Powered by Minx 1.1.6c-pink.