Login to participate
Register   Lost ID/password?
Louis Kessler's Behold Blog » Blog Entry           prev Prev   Next next

I Hate Trojans - Sat, 17 Sep 2011

Today, I was looking forward to spending a good number of hours working on Behold. My computer has been running well almost since I bought it several years ago, but this morning it was either a fake genealogy website or an email link (I’m not sure which), that ended up wasting my day.

Fortunately (or should I say unfortunately), we have a fair deal of experience with viruses and trojans in my household, with about one a year causing havoc on one of our computers.

But this morning my computer caught a Trojan. It may have be Alureon, which Microsoft Security Essentials reported and then removed at 10:58 a.m. or it may have been FakeSysdef which MSE reported at 11:27 which I thought was removed but I see now is marked as “Allowed”. I knew something still was wrong when my IE browser windows closed on their own and error windows popped up followed by one of the FakeSysdef fake scan windows.

To make a long day short, here were the general steps I used to clean up.

  1. Install Malwarebytes
  2. Run the scan (3 hours). Six items found. 2 were the FakeSysDef trojan.
  3. Use Malwarebytes to remove them … but that didn’t completely work. Files at the top level of the c: drive were there from that time that needed to be removed as well.
  4. Reboot and find not everything was working. Missing desktop wallpaper, not all items from the start menu were there, and the system was still very slow.
  5. Decided to do a System Restore back to this morning. But System Restore said there was a disk problem, and it needed to do a CHKDSK to fix it first.
  6. CHKDSK deleted a corrupt attribute record (128,”).
  7. System Restore worked this time.

Actually, I took about 20 steps, because some of the things I tried along the way didn’t work, as I sometimes used Safe mode and sometimes a complete startup (5 minutes).

I was never really worried about eventually getting the system working again and I did about 10 hours later. But it’s frustrating. Who are these people who need to invent viruses and trojans?

Spending an hour on this blog entry I found necessary, but it wasn’t good time spent on Behold either.

3 Comments           comments Leave a Comment

1. genej (genej)
United States flag
Joined: Wed, 5 Jan 2011
13 blog comments, 0 forum posts
Posted: Sun, 18 Sep 2011  Permalink

Bummer. Would you recommend Malwarebytes? –GJ

2. Louis Kessler (lkessler)
Canada flag
Joined: Sun, 9 Mar 2003
237 blog comments, 226 forum posts
Posted: Sun, 18 Sep 2011  Permalink

Malwarebytes is the best program we’ve found for removing the majority of viruses and trojans from your computer. It has worked much of the time but isn’t perfect. Another possibility is Microsoft’s new equivalent called “Microsoft Safety Scanner”. But I have no experience with it yet, other than trying it out when my computer was clean.

Some of these trojans delete or make it difficult for you to run these anti-malware programs. After my experiences, I’d say the best and easiest solution is to not worry about cleaning off the virus but simply use System Restore from Safe Mode to get back to the configuration you had prior to your attack. Windows stores a new configuration for you every day. So that would be starting at step 5 (above) and would have taken a couple of hours. That’s what I’ll try first the next time (hopefully many years from now) it happens.

One thing to note about system restore. After you start it, it takes a couple of minutes for anything at all to happen. You’ll think you didn’t click it and you’ll try clicking it again. But if you do, it’ll pop up a box that says it is running and that will cancel the process and you won’t know what state you’re in. This is horrible implementation. A box should pop up right away saying its checking configurations, but it doesn’t. So be aware and give it up to 5 minutes to respond the first time. After that, it works great. We’re lucky Microsoft put the work in to make it available. Otherwise, it’s two weeks to load everything again from scratch.

3. uwe (uwe)
United States flag
Joined: Tue, 14 Oct 2008
20 blog comments, 0 forum posts
Posted: Wed, 21 Sep 2011  Permalink

Stay away from IE - that’s all I can say. Since I changed my browser (I’m using the latest Opera and Mozilla now), I’ve never had a problem again with viruses and malware.

Leave a Comment

You must login to comment.

Login to participate
Register   Lost ID/password?