Thursday, November 19, 2009
well..... WELL..... WELL.....
Boy is my face red... not from embarrassment but from anger... ok, a bit of embarrassment too. HOWEVER, my recent tribulations brought forth a topic for a new post. Here's how it went down...
Thinking I'm invulnerable (do NOT ever think that way) due to all the security programs I run, I was researching and trying (downloading) several programs the other day. Then IT happened !!! And by the time I realized what "IT" was, it was too late....
TROJAN !!!!!!!!! Not your average trojan mind you. A NASTY little sucker !!! I guess I don't "do" things half-assed.
This particular piece of shit's name is "Win32/Vundo"... Do NOT get infected by this scum.... it'll render your computer obsolete !!! read on....
It doesn't blow your computer up (or "fry" your hard drive). BUT.... what it does do is rewrite your registry adding up to 100 new entries !!! Yeah, so ????
SOOOOOOOOOOOOOOOOOO... what these entries do vary from automatically launching pop-ups (ok, been there done that) to rendering your anti-virus program inoperable (ok, THAT blows) .... and eventually ????
It won't be found by anti-virus or anti-malware utilities. It won't even let you search the internet for these utilities anymore in order to re-install them !!! All that it will let come up in your search results are totally unrelated to what you were searching for (due to the new entries in your registry - ie, if Joe Shmoe searches for "xyz", return "zyx").
How the fuck does it do that ??? Good question... Certainly i researched this bastard (AFTER having locked down my firewall and realized (after HOURS of trying) that I had no solution to this problem). I needed to know WTF was going on...
What I found out is that this is a new threat and one of the most cunning ones out there... it is built to look like a ".dll" (dynamic link library) which is a standard entry or part of any particular program.
HOWEVER, what makes this .dll different is the fact that when it is launched on your system, it tells your system to run .dll files as applications... ERGO, it re-writes the registry adding the entries that are contained within the particular version of this trojan that you have been infected with...
Like I said, it started with the stupid pop-ups and lack of being able to return search results relevant to what I was looking for. It progressed (progression seems to intensify the more you reboot your system - very common trait) to not even allowing my anti-virus program to enter "Scan" mode".
Needless to say I was (am) pissed... but, it did prompt this post to tell you all to be extra cautious about what you download and where you download it from. This sucker "uses advanced defensive and stealth techniques to escape detection and to hinder removal". Like I said, it is disguised as a ".dll" file which is intimately acceptable by any anti-virus utility - EVERY program on your machine is built using .dlls.
NOW WHAT ???? Well, fortunately for me, I'm a pack-rat.... and have acquired and saved several other computer systems (and parts galore) over the years !!! So, I have been working for the past few days bringing my "new" system up to speed.... thank GAWD the 1GB of ram from the infected computer is compatible with this one.
The bulk of the time has been spent installing software applications that I had on the old machine... some I have the disks for, some I don't... um... THAT's another post, though.
What? Huh?... What about my personal files??? Good question. As I posted previously, I have always had 2 separate hard drives... one for the system programs and applications, and one for personal files... music, pictures, videos AND the applications that generate different media files.
As also previously posted, I INTENTIONALLY have never "Raided" my separate hard drives... in layman's terms... The Raid application will make 2 separate hard drives appear as 1 single hard drive to your system... ie, separate 30 GB and 40 GB hard drives will be seen by your system as a single 70 GB hard drive... THANK GOD I do NOT Raid... my main motivation for keeping them separate is that it takes less resources for the system to look through smaller drives than one large drive. In this case, the additional drive isn't subjected to the same registry entries as it is merely being used as a data storage device... NOT a system device.
SOOOOOOOOOOOO... hopefully (crossing fingers) the drive with my multimedia/personal files remained uninfected as I have now transferred it to my "new" system.... IN TACT... so far so good !!!
On another note... at the same time my system crashed, my Firefox browser became inoperable.... it wouldn't even open without crashing... Obviously I assumed it had something to do with the virus...
I was wrong... Part of the process for getting my new system up to speed included installing Firefox as it is my favorite browser application. So I downloaded and installed it... only to experience the same behavior i was having on the infected machine....
OH SHIT !!!!!! Did the virus actually migrate to my second hard drive which is now installed in THIS machine???
NOOOOOOOOOOOOOOOOOOOPE !!! I Googled the info from Firefox's "Crash Reporter" to find that there are a few very common issues that render Firefox useless... 2 of which were causing my machine to not be able to run Firefox.
The first and most "common" issue arises from the installation of Microsoft's .NET Framework version 3.5... If you're a Firefox user... DO NOT EVER INSTALL THIS Microsoft "update". It automatically installs a plug-in in your Firefox browser that will not allow Firefox to run... the .NET Framework 3.5 plug-in... TOTALLY incompatible with the Firefox browser... "funny" how it IS compatible with Internet Explorer... MICRSOFT'S browser... hmmmmmm... I'm feeling hijacked by Microsoft. I had to go into the registry and physically delete this plugin...
Another, less strenuous issue I had with Firefox was with the interactive media plug-in that was automatically installed... "Move Player".. not really sure where it came from (this IS a used machine) but apparently Firefox doesn't like it being there.. this was easy enough to delete from my Firefox application settings. after a bit of research....
Anyway, that's what I'VE been up to lately... I'm back up and running... and actually faster than ever before... hopefully your experiences have been less stressful... just be careful out there !!!!!!!!
Thinking I'm invulnerable (do NOT ever think that way) due to all the security programs I run, I was researching and trying (downloading) several programs the other day. Then IT happened !!! And by the time I realized what "IT" was, it was too late....
TROJAN !!!!!!!!! Not your average trojan mind you. A NASTY little sucker !!! I guess I don't "do" things half-assed.
This particular piece of shit's name is "Win32/Vundo"... Do NOT get infected by this scum.... it'll render your computer obsolete !!! read on....
It doesn't blow your computer up (or "fry" your hard drive). BUT.... what it does do is rewrite your registry adding up to 100 new entries !!! Yeah, so ????
SOOOOOOOOOOOOOOOOOO... what these entries do vary from automatically launching pop-ups (ok, been there done that) to rendering your anti-virus program inoperable (ok, THAT blows) .... and eventually ????
It won't be found by anti-virus or anti-malware utilities. It won't even let you search the internet for these utilities anymore in order to re-install them !!! All that it will let come up in your search results are totally unrelated to what you were searching for (due to the new entries in your registry - ie, if Joe Shmoe searches for "xyz", return "zyx").
How the fuck does it do that ??? Good question... Certainly i researched this bastard (AFTER having locked down my firewall and realized (after HOURS of trying) that I had no solution to this problem). I needed to know WTF was going on...
What I found out is that this is a new threat and one of the most cunning ones out there... it is built to look like a ".dll" (dynamic link library) which is a standard entry or part of any particular program.
HOWEVER, what makes this .dll different is the fact that when it is launched on your system, it tells your system to run .dll files as applications... ERGO, it re-writes the registry adding the entries that are contained within the particular version of this trojan that you have been infected with...
Like I said, it started with the stupid pop-ups and lack of being able to return search results relevant to what I was looking for. It progressed (progression seems to intensify the more you reboot your system - very common trait) to not even allowing my anti-virus program to enter "Scan" mode".
Needless to say I was (am) pissed... but, it did prompt this post to tell you all to be extra cautious about what you download and where you download it from. This sucker "uses advanced defensive and stealth techniques to escape detection and to hinder removal". Like I said, it is disguised as a ".dll" file which is intimately acceptable by any anti-virus utility - EVERY program on your machine is built using .dlls.
NOW WHAT ???? Well, fortunately for me, I'm a pack-rat.... and have acquired and saved several other computer systems (and parts galore) over the years !!! So, I have been working for the past few days bringing my "new" system up to speed.... thank GAWD the 1GB of ram from the infected computer is compatible with this one.
The bulk of the time has been spent installing software applications that I had on the old machine... some I have the disks for, some I don't... um... THAT's another post, though.
What? Huh?... What about my personal files??? Good question. As I posted previously, I have always had 2 separate hard drives... one for the system programs and applications, and one for personal files... music, pictures, videos AND the applications that generate different media files.
As also previously posted, I INTENTIONALLY have never "Raided" my separate hard drives... in layman's terms... The Raid application will make 2 separate hard drives appear as 1 single hard drive to your system... ie, separate 30 GB and 40 GB hard drives will be seen by your system as a single 70 GB hard drive... THANK GOD I do NOT Raid... my main motivation for keeping them separate is that it takes less resources for the system to look through smaller drives than one large drive. In this case, the additional drive isn't subjected to the same registry entries as it is merely being used as a data storage device... NOT a system device.
SOOOOOOOOOOOO... hopefully (crossing fingers) the drive with my multimedia/personal files remained uninfected as I have now transferred it to my "new" system.... IN TACT... so far so good !!!
On another note... at the same time my system crashed, my Firefox browser became inoperable.... it wouldn't even open without crashing... Obviously I assumed it had something to do with the virus...
I was wrong... Part of the process for getting my new system up to speed included installing Firefox as it is my favorite browser application. So I downloaded and installed it... only to experience the same behavior i was having on the infected machine....
OH SHIT !!!!!! Did the virus actually migrate to my second hard drive which is now installed in THIS machine???
NOOOOOOOOOOOOOOOOOOOPE !!! I Googled the info from Firefox's "Crash Reporter" to find that there are a few very common issues that render Firefox useless... 2 of which were causing my machine to not be able to run Firefox.
The first and most "common" issue arises from the installation of Microsoft's .NET Framework version 3.5... If you're a Firefox user... DO NOT EVER INSTALL THIS Microsoft "update". It automatically installs a plug-in in your Firefox browser that will not allow Firefox to run... the .NET Framework 3.5 plug-in... TOTALLY incompatible with the Firefox browser... "funny" how it IS compatible with Internet Explorer... MICRSOFT'S browser... hmmmmmm... I'm feeling hijacked by Microsoft. I had to go into the registry and physically delete this plugin...
Another, less strenuous issue I had with Firefox was with the interactive media plug-in that was automatically installed... "Move Player".. not really sure where it came from (this IS a used machine) but apparently Firefox doesn't like it being there.. this was easy enough to delete from my Firefox application settings. after a bit of research....
Anyway, that's what I'VE been up to lately... I'm back up and running... and actually faster than ever before... hopefully your experiences have been less stressful... just be careful out there !!!!!!!!
The Doctor is..... OUT !!!!!
0 comments:
Post a Comment