Probably the Most Boring Blog in the World
I have been absent from the Cloud for a brief while. One of the things this blog aims to do is explain why. More importantly, it aims to provide insight into a murky world most would rather not contemplate because it’s a dead boring murky world, and, when does anyone ever really get a definitive answer in this subject area anyway?
In a staggering break from tradition, the answer is here.
The short version:
Got a computer virus.
The story-teller’s and writer’s version:
I have encountered particularly nasty computer viruses, rootkits, trojans, worms and malware before, but this one pooped on the lot.
I’d left my computer on overnight. In the morning there was a Microsoft security update to greet me. I clicked to close it, but it started running in a manner that transferred me from bleary-eyed and dopy, to awake, alert, and panicked. Although Antimalware Doctor bore the look and supporting indicators of a Microsoft update, it had revealed itself to be a malicious program, or malware, which couldn’t be stopped.
Pressing CTRL, ALT and DELETE brought up the Task Manager. Selecting Application/End Task temporarily halted the malware, but it was able to self-execute at will, and from a variety of different actions. I changed tack to the Control Panel and selected Add or Remove Programs. But this standard Microsoft functionality had been compromised so that any attempt to Remove the malware resulted in it executing. Worst of all, fully up-to-date and operational Norton 360 anti-virus software had also been compromised to the point of being completely disabled. Attempts to get it functional again failed, or were blocked. Look, I know Norton is pants, but it came free with the computer, so I’d thought I’d give it another chance to see if it had got any better since the last time it screwed up. Nope.
I was in trouble and out of my depth, so I dived online to learn what I could about Antimalware Doctor, and learn it fast. A sedate morning easing out of sleepiness by responding to Clouder posts was an intention shot to smithereens.
An online removal procedure provided a short list of associated files and registry HKEYS, so I removed those files manually. The antimalwaredoctor.exe file wasn’t present in the location specified, nor did it show up in a file search. However, another file called newsecureapp70700.exe (which wasn’t mentioned) was present in a specified directory. I searched for information about this file online, and recognised that a specialist removal tool was required.
I restarted my computer, got Norton 360 functioning again, and ran several anti-virus full system scans. The scans returned no threats, even though I had identified a known threat and had confirmed its location. I contacted Norton directly. A representative accessed my machine remotely. If you’ve never witnessed this before, it’s moderately spectacular. Someone else, a long way away, controls your mouse pointer, opens things, types stuff, closes things and generally buggers about on your computer while you watch the screen.
After a couple of hours, the representative had removed the .exe file with a tool called Norton Power Eraser. I pointed out that there were still regular attack/intrusion threat notifications every few minutes (which they also witnessed), but the case was declared resolved and the job closed.
In the past I have tried a wide variety of highly-recommended anti-virus software. The market leaders Norton (Symantec) and McAfee are [insert an expletive of your choice], do not deserve to be market leaders, and I’ve told them so. I’ve tried AVG, CA, Kaspersky, F-Secure, Panda, Ad-Aware... all of them ranging from poor to terrible. BitDefender has been very good in the past, and my former preferred choice. This time around, I ran scans with Malwarebytes’ Anti-Malware and Trend Micro Homecare. These two are the flavour of the moment in techie circles, but both failed to detect any threats on my machine when I knew something unholy was there.
Many people know someone who is referred to as a computer genius, whether or not that is an exaggeration. Henk is a former colleague of mine and a long-standing friend. He is very senior, very important, and fulfils the role of protecting Microsoft from viruses, computer threats and all that malarkey. Imagine Dolph Lundgren, if you’re familiar with the mountain of a man. Now imagine him even bigger, friendly, helpful, generous, and a thoroughly decent bloke. That’s Henk. Everyone should have a Henk in their lives.
Microsoft, as an organisation, has done more to infuriate me than could be put into several volumes of a dull and overly-ranty book. One branch of Microsoft, however, has impressed me to the point of blog-writing. In terms of computer stuff, the level to which I have been impressed is second only to when Tim Berners-Lee gave the internet to the world for free.
I contacted Henk and explained what had happened. Within minutes, he was back to me with a link to something called the Windows Live OneCare safety scanner. This returned a threat called Win32/Alureon.H, which Norton and others had completely missed. Henk recognised this instantly and provided another link to the solution. Malicious Software Removal Tool KB890830 (I wonder what its friends call it?) detected and eradicated the most devious and subversive virus I have ever heard of.
The Aleurean Virus/Rootkit is described as “severe” and, “a multi-component family of Trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers... which also utilises advanced stealth techniques in order to hinder the detection and removal of its various components.”
Antimalware Doctor was just a little side show put on to keep me preoccupied while Alureon set about some serious nasty business like emptying my bank accounts, rendering my computer useless and impregnating my fiancée. Left in the incapable hands of Norton (and others) Alureon would have:
Modified search results (search hijacking);
Redirected browsing to sites of the attacker's choice (browser hijacking);
Changed Domain Name System (DNS) settings in order to redirect to sites of the attacker's choice without the affected user's knowledge;
Downloaded and executed arbitrary files, including additional components and other malware;
Installed rogue security software.
In the words of Henk himself, “It’s a nasty one, that.”
More than the downloadable tools, Microsoft offers its own little-known anti-virus and computer protection package. I hadn’t previously heard of it; it’s called Microsoft Security Essentials. It is clear to me that this is the most advanced anti-virus software available at the moment, and offers the highest level of security. It’s the kind of offering you’d expect to dig deep into your pockets for, but it’s all completely free. I have completely uninstalled Norton 360, replaced it with Essentials, and put this new bit of kit through its paces. It’s the badger’s nadgers. And a doddle.
It has taken me a long while to get to this point. [I see you nodding]. I’ve been through the trauma of being a gnat’s chuff away from losing all my work, intrusion attacks, and my computers’ security being breached. I’ve trudged the internet, read independent reviews, and tried all sorts of options. I’ve learned a great deal, and learned it the hard way. So what I am doing in this blog is passing on my experiences so that you good people don’t have to go through anything similar. And, of course, my self-indulgence of getting the whole flippin’ experience off my chest.
Take it, or leave it, it’s your own call. Contrary to my deep-rooted instinct, I am now a strong advocate of these free Microsoft tools and the anti-virus software. I will highly recommend these to other individuals and businesses.
Now then, is there any use for a Word Cloud group that centralises all things computer and Cloud technical?
Comments
Subscribe
Visitor counter
Blog Roll Centre
Blog Hints
20 Comments
Seriously good call and actually it was readable, my eldest son is a bit of a Henk and saved his School once from a virus, or trojan whatnot.
Perhaps in about 50 years if someone comes in and saves the day it could be called "Doing a Henk"
'Oh yes we had a terrible day last Sunday the dog got it's head stuck on the washing machine, luckily a neighbours son was visiting and used some lard and a tyre lever to do a Henk on it, both dog and washing machine are OK now!'
Ely, who is very tempted to turn her Microsoft Virusware back on...
BTW: I want a Henk. Not because he is a computer bod (I have one of those), but because he sounds ADORABLE!
Did you also know that Dolph Lundgren has a Masters degree in Chemical Engineering? Love Dolph Lundgren...
Norton does NOTHING for me, everyones comps are different, but McAfee is shite as well. Imo.
That sounded like a total nightmare and one I would hope to avoid. Now copied your blog so I can remember the links etc, ta :)
Incidentally, Apple users should not get too complacent. Most viruses and malware are still aimed at Mr Gates and the many layers of his wooly soft(under)ware, but a lot will happily live and breed in your inbox or installed Microsoft software. I use Intego anti-virus and net barrier and have detected and removed trojans but not (knowingly) suffered any damage in 15 years. It's the Apple hardware that's getting less reliable.
Anyone know anything bad about ESET?
Microsoft is dreadful for giving help in these situations, they always refer you to their website help page. I think all the big companies are terrible in that respect. When I got my new computer, it has windows 7 and downloaded the drivers for my printer automatically. But my printer comes with a host of software over and above the drivers that it had downloaded. I mailed Hewlett Packard and asked them to send me a link to the page that had the relevant download on it. The mail I got back told me that my printer was out of warranty and they sent me a link to a help page. Fortunately, I have a support service (which I pay for, and is worth every penny) and they sorted me out. These big companies are so keen to sell you something, but if you then need some help, they are just not interested. Oh, and by the way Steve, I've had someone remote assist my computer several times, and it is absolutely awesome!
One of the things this Alureon virus is capable of (the not very well explained DNS bit above) is altering your internet browser settings so that it looks like you're going to the correct place to access your online bank account, for example. The address in the bar of your browser appears to be correct, but the attackers actually direct you to their own website somewhere else which looks just like the real thing. When you put in your security details, they capture all your information while you're none the wiser, access your actual online account and do what they like with your dosh.
Dunno if you can see the same, but I'm noting Ads by Google links at the bottom of this page that are for anti-virus software. They're nothing to do with me - one that I'm getting is for Norton. The irony. Don't trust anti-virus and anti-malware links and sites unless you're absolutely sure they're genuine and good. A large proportion of these software downloads claiming to help you, actually do the exact opposite.
Oh, and one more thing. Alureon hides itself in multiple locations on your computer, including legitimate files that your machine needs. To detect it requires a full/deep scan (which takes ages) as it won't show up on a quick scan, which most anti-virus software is automatically set for.
I only use a credit card online and on the phone, never my bank debit card. That way it's ring-fenced, and if anything online crops up on my bank statement I know it's not mine. It works too - the one time someone's tried something, the bank rang me straight away...
I've just binned the accursed MacAfee, and have installed BitDefender on everything. Impressed so far, though why after so many years of amateurishly grappling with the beasts I think that any change to one's computer set up, ever, will go completely without blips I don't know...
If I've struck a chord and a few of you are not bored to tears by this sort of stuff, I could inflict a data scraping blog on you next... it's now the number one reason why we get so many dodgy junk mails and phishing scams, even if we're cautious.
I just received this from "PC Knowledge for Seniors"
"Warning! Rogue Microsoft Anti-virus Program
I'm approaching this item with some trepidation. The last time I wrote about an email-based scam in this newsletter, several email services thought the newsletter itself looked suspicious and refused to deliver it! This time I'll try to get the point across without quoting too much of the message in question.
The email message that's started doing the rounds appears to come from Microsoft, and it's telling you about a free 'safety scanner' program for your PC. It's laid out in a surprisingly neat way, listing all the various checks that this scanner carries out. Several links invite you to download this free 'safety scanner'.
Further down, though, the message claims to have scanned your computer already. Exactly how it's managed to do that isn't explained, and it would be pretty difficult to come up with a convincing explanation, since that isn't possible. It then manages to add a second impossibility: a pink box containing the results of this 'safety scan' which - surprise surprise - say that malicious software has been found on your PC.
In this section you'll find more download links. The obvious intention is that, if you weren't tempted to download it after reading its description at the beginning of the message, you might be fooled into doing so at the discovery that your PC is 'infected' with a variety of nasty, but removable software.
Of course, this pink warning box is simply part of the email message itself. Nothing has scanned your PC, and everyone who receives this email message will see exactly the same pink box listing exactly the same infections.
More importantly, this being a scam, the software you're being cajoled into downloading is malicious itself. It comes from a Russian website, not Microsoft's own site, and the message itself probably originates from Russia. (It's hard to tell, but it's certainly littered with spelling mistakes and oddly-shaped English. Curiously, though, Microsoft's contact details and disclaimer at the bottom are in German.)
I hope you'd recognise this as a scam if you saw it, not least because of the rather absurd way it tries to pretend that a humble email message has somehow been able to scan your system and display the results. Even if you didn't, though, our constant advice holds true: unless you're 100% sure you know who sent the message, and you're sure that person or organisation wouldn't give you links to anything risky, don't click the links!
One thing that makes this particular scam more insidious than most is that there is a germ of truth behind it. If you were to go to a good search engine and search for 'microsoft safety scanner', you'd find that Microsoft does offer such a product. At Microsoft's website, you can at least be sure that you're not downloading something nasty and Russian. If you don't already have anti-virus software on your PC (and you definitely should!), there are two free products we recommend, either of which will do an admirable job of protecting you. PC Knowledge for Seniors subscribers can read about these in articles V330 - Viruses: How to Protect Your PC (included in your main manual) and P920 - Protect Your PC with Microsoft Security Essentials (included in update 3/10)."
The Microsoft Security Essentials download is a full replacement for existing anti-virus software. But anyone wanting to test its capability or check their machine to see if their current anti-virus is missing any threats, the Windows Live OneCare safety scanner can be run (preferably a full scan) without disabling existing software.
I had a really bad virus that nothing including the highly regarded Bit-defender could touch.. So I went with your blog, but the virus had attacked internet explorer and would not allow the online scan you mentioned.. So I downloaded essentials and it found it... Well 4 actually and since then (Knock on wood) No further problems! :D
I'm now certain there's no other anti-virus software that can match the security of the Microsoft offering.
Whatever, their tools are known to be pretty good. For some reason they don't market them very well and haven't productised them. They could just roll them into windows, but they don't. I wonder why. Is it possible that they are afraid they would be duffed up by various governments for abusing their position, as they were with internet explorer.
Click here to sign up now.