The Infection

Brad R Sunday 27 December 2009 - 07:50:04

It was worse than I had feared. I arrived to find a computer seriously infected with something called "Malware Defense". This is one of those insidious pop-ups which tells you that your computer is infected and offers to clean it for you. Of course, it is the infection. I'll give it credit for good social engineering, because its pop-ups look remarkably like notices from the Windows software. It even uses notification balloons and has a taskbar icon that looks like Windows Defender.

I suspect this was a "drive-by" infection. Unfortunately, while my folks practice many safe computing practices and installed Norton Internet Security, they also use Internet Explorer. (I feel some guilt for not installing Firefox on my last visit.)

And this PC was now really screwed up. The networking was completely dead -- I don't know if this infection had broken it, or just locks every other application out from using it. Some applications wouldn't launch. And pop-ups appeared every few seconds announcing that the computer is infected with this or that, and offering software which will clean it up. My mom, being a savvy person, knows better than to click on any of those offers.

I was able to boot into safe mode, so I figured I'd try my repair efforts from there.

1. A manual scan with Norton turned up nothing. (Not surprising, since Norton was asleep on the job when this computer got infected.)

2. I next searched Google, and found several web pages describing how to remove this infection manually. Alas, those instructions didn't work.

3. Thinking that this might be a corrupted registry, I decided to try the "Windows Restore" utility to return to a known-working state. (The date of the infection was known.) But after asking what restore point to use, Windows Restore just got stuck. Clicking "Next" did nothing.

4. Several web pages recommended that Malwarebytes could remove this. That's a known anti-spyware package, so I downloaded it with my netbook and transferred it with a USB stick to the infected PC. But for some reason, launching the installation .exe did absolutely nothing.

5. Another site recommended PCtools anti-spyware. That one did install; but then it refused to run until it had connected to the mother ship for a database update. With no Internet connection, it wouldn't run. (It also refused to run in Safe mode.)

6. I knew that AVG now includes anti-spyware, and they offer a "complete" download which will run without an Internet connection. But their installer announced a weird error at the end of the process, and AVG never successfully installed.

7. Some more Google searching led me to Sunbelt Software's VIPRE Rescue product, which is designed to recover a "computer that is so infected that programs cannot be easily run." This unzipped, and ran, and a few hours later reported that it had removed three infections. Hooray! But when I rebooted into Windows normal mode, the damned infection was still there.

At this point I realized that this was a "nuke the machine from orbit" situation. It was time to reinstall Windows XP.

I must salute Dell for providing a Windows reinstallation CD with this computer (a Vostro 200). Plus four more CDs with various drivers, utilities, and applications. From safe mode, I copied my mom's user files -- remarkably few -- onto that USB stick, and then I rebooted from the CD-ROM.

8. I should mention that the install CD offered to "repair" our existing Windows XP. I tried that. It didn't work either.

So, over the space of several hours on Christmas Day, I:
a. Reinstalled Windows XP SP2 from CD.
b. Installed AVG Antivirus -- since I'd already downloaded it to the USB stick -- and ran it (mostly to be sure it would work).
c. Installed Firefox. This time I'm not leaving my folks to the foibles of Internet Explorer.
d. Installed the Dell device drivers from CD.
e. Downloaded and installed the HP printer drivers. (Beats me why there was no CD for this.)
f. Reinstalled the Roxio CD writing software from CD. (Not that they've ever used it, but they have the hardware, so I should install the necessary software.)
g. Ran Windows Update to get Service Pack 3. (I'm so glad my folks have high-speed Internet.)
h. Ran Windows Update again to get more critical updates.
i. Ran Windows Update again to get still more critical updates.
j. Ran Windows Update again to get another load of critical updates. (Evidently it can't install them all in one go.)
k. Ran Windows Update again, and hurrah! there were no more updates to be installed.
l. Downloaded and installed the sound card driver from the Dell site, which apparently wasn't on the drivers CD.
m. Downloaded and installed the one (!) freeware application that my folks use. (From cnet.com, a trusted source.)

My mom, who is superbly organized, had already made a list of their Internet bookmarks (back when they upgraded to this PC). So it was easy to put those into Firefox.

All that remained was to set them up with anti-virus software -- the AVG I installed was a one-month trial version. My mom was as disgusted as I was about Norton's failure to protect her PC, and she had liked AVG on her previous computer, so after some discussion of alternatives, she's opted for the paid AVG product. That will simply require registering the software that's already installed.

Two days after Christmas, I depart, leaving a once-again functioning PC, which I hope is somewhat more protected from malicious software.

P.S. I had hoped to install Linux on a spare partition of their hard drive. But the Fedora 11 USB stick, which I had used to install Fedora on our netbook, refused to boot in their computer. And since these were the holidays, I didn't want to take the extra time it would require to diagnose this problem, download a different distro, and learn to make a new bootable USB stick. I'll do all that on the next visit.

PayPal Donations

If you found this web site useful, would you please make a small donation?

Web Links

Newcomer's Glossary

applications: The software that lets you do things with your computer (word processor, Internet browser, email, etc.). The programs you see and use.

distribution: Also called "distro." An operating system (usu. Linux) combined with a selection of application programs, in a ready-to-install form. Different distributions are customized for different purposes, e.g., desktop computing, music editing, Internet server, and so on.

FOSS: "Free / Open Source Software," a catch-all term. Sometimes F/OSS or FLOSS.

free software: Refers to free as in freedom, not free as in free beer. Specifically, the freedom to run, study, share, and modify the software.

howto: A short tutorial telling "how to" perform some task. See, for instance, the Linux HowTos.

Linux: Strictly, GNU/Linux. A free operating system, modeled on Unix, developed since 1991 by volunteers around the world.

open source: Refers to software whose source code can be examined, modified, and redistributed. Similar to but not exactly the same as "free software."

operating system: The software that manages your computer's hardware (disk drives, display, network connection, etc.). The stuff "under the hood" that makes your computer work.

repository: An on-line library of application programs for a particular distribution, in a ready-to-download-and-install format. In many distributions, programs can be installed from the repository with just a few mouse clicks.

Unix: A computer operating system originally released by Bell Labs in 1970. It is still widely used in several commercial variants, and in the open-source BSD Unix.