Monday, April 26, 2010

Virus'ed

Well this is an unfamiliar feeling.....booting into safe mode, deleting files, having to fix junk that I didn't break myself....

I suppose it's mostly because I don't have antivirus installed. I personally subscribe to the belief that computers don't get viruses: people get viruses. Viruses, spyware, adware, and what have you don't just hop on your computer, people download them, either out of accident or ignorance. For me, it was accident.

I had just finished my ethics essay and I was watching a video about more philosophy, a Yale professor giving a lecture. After it finished, there were the suggested videos I could watch next, and I clicked on one. Wow. Big mistake. It launched an internet explorer window that downloaded several false AV programs, installed a service, and actually replaced half of the programs I had set to autorun (uTorrent, WinVNC, etc) with small programs by the same name that I suppose started the others. I had to boot into safe mode, delete the files, etc. I would System Restore, but it looks like it either malfunctioned, or the virus knocked out all previous restore dates.

I feel kind of stupid, because you really can't not feel stupid after watching a virus slowly take over your PC before your eyes, but I mean....come on. I was using Firefox, which is supposed to be secure, and I clicked on a video. I know that sometimes you try to watch a video and it will tell you that you need to download a special codec, but I'm not stupid enough to fall for that.....again. All I did was click a link. Freaking annoying.

I hate Linux and especially Mac people saying "Now I don't have to worry about viruses and stuff!" because I really don't worry about that. (Maybe I should, at least a little more....) I mean, it took like half an hour, but my PC is relatively the same state as before the virus. Had I not tried to kill the processes for a few minutes (which kept spawning back up, as viruses often do) and killed the power right as I knew I was infected, it would have been as simple as deleting a few files, but instead, I tried to save it, and I ended out having to delete and rename my old startup entries and dive into the registry to fix one key.


So no, I do not feel like viruses are one of the main reasons to migrate to a new OS. But that will probably do it for me. Because honestly, I just hate how much Windows lets a virus do whatever it wants, and afterwards, even though all my files are safe, I can't fix everything back to the way it was. So either now or later, me migrating to a new OS (either Windows 7 or Linux) will probably come from something like a virus screwing up my system and me just saying "I'm not fixing this. I'm starting over."

I guess the good side is that I feel like I'm more enabled to fight against an infected machine now. all I needed was Autoruns and I found (hopefully) every infection point (at least that was set to autostart). We'll see how the rest of the recovery goes. My network is being kind of spotty (even more than usual) so I might end out switching OSes quicker than expected.

Crap.
-Bry

[UPDATE] So apparently I....uh......had my firewall turned off too.....heh heh.....I can't remember why, it probably had something to do with my Netgear card and how it sucked, but I must have turned it off and accidentally forgot to turn it back on.

So I turned that back on, and now I'm downloading and will install one of the only antivirus programs I've ever liked: AVG. (I haven't tried 9, but I loved 7.5, but I hated 8.....) Let me tell you something, Clamwin did nothing to help me. Maybe I was just impatient because I had to leave to work, but I didn't let it finish scanning, and all it picked up was my AHK programs that were supposedly viruses. Combofix also didn't help, although I again did not let it run. I'll probably run both, just to be sure I don't have a keylogger or anything.

The few programs that helped me out most in this case were these:
AUTORUNS: Basically stunts the virus from starting when your PC starts. I had to manually go through delete some stuff (like it spawned a copy of itself as "utorrent.exe" and renamed the old one to "utorrent .exe" in the same folder), but it made it where I could boot out of safe mode without the virus running.
HIJACKTHIS: Of course! After using Autoruns, I pretty much killed every trace of the nasty bug. The only thing that was left was that when I googled stuff, when I clicked the results, it would take me to a completely different website (like an advertisement). Or when I tried to go to AVG's website, it would fail to connect. The reason was that there was a few O17s that redirected alot of my requests to a different IP, which then passed it on to an advertiser. After deleting those, my internet is back to its normal speed and I haven't had any other weird redirects.

I just don't get these types of viruses. I mean first of all, it installs software that I did not choose to install, but then treats it like a legit AV. But not just that, it installs several of those. Like I'm not going to notice 4 different AV programs that I never had until today. I guess its only to trip up really new PC users.

Even through all this crap, I still think its better than the alternative: Windows Vista. Microsoft's idea of stopping malware is "If we ask the user before doing every little thing, there's no way malware can do any harm." Maybe so, but there's also no way I won't hate the OS for it. [I don't know if 7 is as bad, I haven't tried it.]

[UPDATE 4-27-10] Well, it kinda kicked my butt harder than I first thought. It turns out it was a rootkit that I hadn't exactly nailed down, and it kept spawning itself, even though I had AVG and SUPERAntispyware installed and running. Anyway, I used ComboFix (which I should have used in the first place) which detected a removed about a dozen files, which I hope will actually cure my poor PC.

I still might switch OSes. It kinda sucks cause I've been looking forward to summer and the start of Project vOmniMachine, and I was going to possibly choose an alternate OS after installing all of those, but this might make me choose one before that. And I really don't know what to choose. I sure as hell won't choose Ubuntu, since I hate GNOME, and I really haven't tried enough other distros to make a real choice, so I'd probably end out choosing something like Fluxbuntu, and then maybe not liking it, then changing to maybe something with Openbox or something.....all in all, I don't mind moving my netbook around Operating Systems, but I don't want to do that to my main PC.

Oy. This was not what I wanted. I mean, no one ever wants to be infected, but now of all times, I was just not in the mood. I dunno, it's weird. When I mess up my PC by myself, I'm upset, but not mad. When I got infected yesterday, I got upset and pissed. I guess it's cause I feel like "Hey stupid rootkit, I can mess up my machine enough, trying to tweak it in new ways. I don't need your help." That, and I'm afraid of the rootkit phoning home with some personal information.

With all this said and done, I guess I'll keep Windows XP (my one true love...) for now. Everything seems to be the exact same (I know I said that before....), but the only thing I'm truly worried about is someone stealing my personal information. And as for running an AV/AS.....I hate to say this, but I really am probably not going to. Why? Because earlier I was watching my PC reboot (I did that alot these past few days....) and I noticed it was spending at least 4 times as long at the Windows XP loading screen, and I realized that it was most likely because of AVG and SUPERAntispyware having to start up. Also, before running Combofix, I opened my start menu and clicked on Firefox, and it sat there, my wheel spinning for a good 60 seconds, and I thought to myself "This is exactly what I don't want in a computer." I'm not really all that picky when it comes to a computer. I don't expect alot of flash or things to be a certain way. All I want is snappiness. In fact, I demand snappiness. Considering the fact that my machine is Windows XP (which requires 256MB of RAM as minimum, I believe) on a tri-core 2.9Ghz machien with 2GB of RAM, there's no reason it should take any longer than 5, maybe 10 seconds to start up Firefox. I may be an idiot for opening myself up to viruses, but I'm not going to triple or quadruple that time by having AV/AS running (oh no, not scanning, just running).

Oy oy oy. Not a good two days for an aspiring nerd. I hope Dark (my name for my PC) gets all better. And I reaaaaally hope this doesn't mean I'm going to move to 7.

No comments:

Post a Comment