Infected!

I had some fun with my wife’s computer this weekend.
She called me over because she was getting multiple messages telling her that the harddrive was failing, all being delivered by a very fancy GUI that looked like this:

I became suspicious immediately:  Microsoft have never produced a GUI that looks so slick.  Another big hint was that the Help & Support button tried to take me to a very strange URL.  I say tried because her machine by this point was close to being a vegetable.  The All Programs tab contained nothing, there were no desktop icons and the C: reported that it contained no files.  We could not browse to the NET because all icons to start a browser were gone and even when I started a browser manually (from Start –>  Run), the browser was set to use an unusual proxy.

Fortunately Doctor Google was very helpful and I rapidly found this URL:
http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery
I used the tools and instructions found there and was able to get her computer back into a working state.  Many thanks to the authors of that page.

This experience brought home three lessons:

  1. Her employers anti-virus is useless (her laptop runs a corporate load).
  2. Google images searches can return poisoned URLs that contain malware.   Have a read of this excellent article.   My wife was doing a Google Images search, looking for pictures of Wheat Rust, when the infection occurred.   I am loath to work out which URL it was, as I don’t wish to risk a return to any of those poisoned sites.
  3. Using no-script is a very good idea, and one that I will be implementing on her PC, especially until her employer comes up with a better anti-virus regime.

All of this excitement distracted me from the main event, preparing for the May 9 announcements.     You will see a log of blog posts over the next few days detailing what our developers have been up to.   Prepare to hear about some very cool stuff.

In the meantime… feel free to share any other methods you have to avoid malware… and download and install MalwareBytes.   It is a very nice piece of software that costs nothing to install and use.

Advertisements

About Anthony Vandewerdt

I am an IT Professional who lives and works in Melbourne Australia. This blog is totally my own work. It does not represent the views of any corporation. Constructive and useful comments are very very welcome.
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Infected!

  1. Alex says:

    Just a headsup that Microsoft released “Microsoft Safety Scanner” in April 2011: http://www.microsoft.com/security/scanner/en-us/default.aspx

    Which makes malwarebytes not necessary anymore (unless you really like it).

    Here is a great blogpost about it: http://www.andrewtechhelp.com/tech-news/windowsoffice-news/120-microsoft-safety-scanner

    -Alex

    p.s along with ‘noscript’, i would recommend ‘certificate patrol’ and ‘adblock plus’

    • avandewerdt says:

      Thats great news.
      I have never understood why an Operating System vendor would rely on third parties to keep their OS secure and clean.
      We don’t want an OS, we want a secure infrastructure.
      Will check it and out and deploy across my network, I mean house.. #;-)

      Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s