Somehow or another last night my laptop got infected with a virus. No, I was not surfing pr0n, no, I was not downloading warez, no I did not open an attachment that tells me that it loves me and to click. It just happened.
I get these spammy messages about iemonster, and then thousands of little message windows from symantec telling me my email has been blocked because of content pop up, and now, I fire up the computer, and it auto shuts down.
*** Update ***
Downloaded malwarebytes on one of the conference free computers, put it on the infected machine with a memory stick, and voila, completely fixed.
PC Users- go get Malwarebytes. I am impressed.
I ran ad aware, and it did nothing. Help.
Svensker
Adaware won’t help with a virus. What’s your anti-virus? Can you run it?
frogspawn
You can try this. You might need to do it in safe mode- are you running Vista or XP?
salvage
Download and run this:
http://www.malwarebytes.org/mbam.php
jon
"Somehow or nother"
Sure, buddy. Just be sure to sterilize the keyboard while you’re at work on those fixes.
And salvage, won’t it be difficult to download and add something to his laptop when it doesn’t start up? You may have a great link there, and the service might be the best in the world, but some problems go beyond what a software patch can do.
Guav DNA
I have some great software that protects your computer against viruses and spyware/adware …. it’s called OS X.
frogspawn
My first comment didn’t go through; if you’re running Windows you might want to try this. Can you boot into safe mode? That might load and allow you to at least kill the process, and then you can clean up the executables and dll’s. Per salvage above, Malwarebytes’ Anti-Malware seems to work well to clean up a lot of this crap, but you have to get the OS to load long enough to download and install it.
TheFountainHead
Get a Mac?
rob
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-AVGAntiVir&subj=dl&tag=button
Tim F.
Wipe hard drive, re-install from an earlier backup. Think of it as nuking the virus from space.
Cathy W
If your computer won’t even start up, you’ll probably need the services of an in-person geek. If you have an in-person geek who will work for pizza instead of your credit card, so much the better.
If you want to try a fix based on the collective wisdom here – do you have a rescue disk or some other bootable CD-ROM?
Does it display an error message when it shuts down?
HeartlandLiberal
Can you boot into safe mode? If so, what anti-virus security software are you running?
After years of preferring ZoneAlarm, I have switched back to the new Symantec Endpoint, latest version. Not as bloated as ZoneAlarm has become, loads faster, now includes similar in and out bound features.
That being said, as an IT professional of 25 years, I have some really, really bad news for you.
In my organization, we have one standard response to an infected/pwned machine: flip and flush. That means it is flattened, formatted, and the OS reinstalled. Unfortunately, in today’s world of root kits, that is the ONLY guarantee you have you have expunged whatever got you, since, in the world of root kits, there is almost no way to be sure. In other words, cleaning up a machine is no longer a viable option.
That being said, I now have to ask you about your backup procedures for all your files and documents. You do have one… don’t you? If not, then you need to do so in the future. External USB connected hard drives with massive amounts of disk space can now be purchased for measley amounts. Go out, buy one, and start backing up religiously.
Stimpy
First things first. Getting the laptop to boot is the first priority. When you boot up though you want to make sure that the networking is disabled. It sounds like your laptop has been zombied and is possibly being used to spam.
Try this:
1. Start your laptop and hold down the F8 key while it starts. The computer should display the "Windows advanced options" menu.
2. Use your arrow key to select the "Last Known Good Configuration" option.
This will start you in the last configuration (i.e. system registry settings) that successfully booted. If this does not work, or windows is still flaky then repeat step 1 above but select "Safe Mode" as your boot option. This will start you up in a mode where your viruses should be disabled.
Once you are up and running you can try to use the media that came with Symantec on it’s CD and run the anti-virus software there.
But here is the problem, once your computer is infected it is impossible to know for sure that you have removed it. Some of these root kits that get installed are very tough to remove and make themselves undetectable since the effectively alter the software that detects them so that they are ignored.
So, the only way to be sure you have removed the virus is to back up your data and wipe and start over.
Then buy a Mac and run windows from a virtual machine and if the image gets infected throw it away and go to your back up image. Problem solved! :-)
Dennis - SGMM
@HeartlandLiberal:
Agreed. I’ve become so paranoid that I run a utility that writes zeros to the entire hard disk and before formatting it.
Just re-installing the OS from a recovery disk won’t reliably fix it any more
Airmon
John –
iemonster is a spyware program that puts up fake "Your computer is infected…" ( well, technically, I guess they’re not faked )messages in an attempt to get you to buy some other crappy antispyware/antivirus program.
Whatever you do, don’t purchase the software the messages suggest, unless of course you’re into credit card fraud.
Malwarebytes is good, as is the advice to boot into safe mode. Feel free to contact me offline if that doesn’t work. Computers are my biz.
Foxhunter
@HeartlandLiberal:
Could not agree more. By the time someone learns to use ‘hijack this’ or a Bart PE disk, they could have reinstalled with less headache.
I flatten and re-image infected machines, too. The only way to go…
Rick Taylor
Back when I was using Windows, I’d keep a back-up of my hard drive with the basic os and applications on an external drive. The I’d restore it in an emergency. I recommend Boot-It ng and the accompanying back up software to make it easier to deal with multiple Os’s. In the mean time, if all else fails, by a large external hard drive (you should have one anyway), copy your data files, reformat your hard drive, make sure to scrub the master boot record, and re-install from scratch. I did this for my brother and it worked wonders.
By the way, which operating system are you running? Windows XP or Vista?
Stimpy
@rob:
Agreed. I consider Symantec and Norton to be a cure that is worse than the disease. Get AVG Free and forget Norton and Symantec.
But the other posters are correct, a good backup policy and an ability to wipe and start over is great.
I use Parallels on the Mac for my windows needs and it works great. Twice I have gotten that OS image infected and I was able to swap it out to a backed up image of windows + my apps in the amount of time it took to copy a 5+GB image file from my network drive to my MacBook Pro.
Nice stuff.
Tim Fuller
I’m guessing it’s not a Mac.
Just for the record, when did it become acceptable or understandable to get a virus surfing porn? Is the virus gotten there seen as a proper punishment for the ‘sin’ of the act?
Good thing ‘the man’ hasn’t figured out how to deliver those same nasty porno viruses through liberal blog sites or we’d all be screwed…..or maybe that’s exactly what happened in this case since we have a public pronouncement of purity?
Enjoy.
Enjoy.
cmorenc
Next time, keep on hand a bootable CD from one of the anti-virus/anti-spamware vendors (i.e. that’s clean from problems). The purpose of such a CD is that it will:
a) allow your computer to boot up, even though the OS on your computer’s primary HD has been turned to toast by the infection;
b) permit the scanning of your computer’s primary HD for the problem virus/spamware by a version of the OS that’s assuredly uncorrupted by whatever has infected your primary HD. Many viruses/trojans include in their kit of nasty tricks the disabling/spoofing of the portions of the system any legitimate antivirus/antispamware software needs to do its job. That’s one collateral reason that often one of the symptoms of infection is difficulty downloading updates to your antivirus/antispamware, even though much of the rest of the internet seems accessible.
salvage
jon – Well if he can’t get it to stay on then the whole system will obviously need to be wiped and that’s that but if he can get it on long enough the Malware app will fix it.
Punchy
Call those experts at RedState. I hear their programing acumen is top-notch.
JGabriel
Tim Fuller:
Tim, it didn’t become acceptable or understandable per se. It just became expected, or predictable, in that pr0n – especially FREE pr0n – is often used by scammers and other virus spreaders as bait to sucker in the unwary.
.
Kirk
I’m with Cathy in guessing you’re going to need an in-person geek. On the other hand a couple of things caught my eye.
I’m guessing this happens when you open your web browser – be it internet explorer or firefox or whatever. The reason is that this is how iemonster works (mostly). If you have access to a less-common browser, even one that mostly sucks, it’s probable that you can work around it to download a removal tool for the monster. (Salvage posted a good one, but there are others.) An alternate is to get a friend (or use a common use computer) to get one of the removal tools and copy them to flash drive or cd. (most won’t fit on a floppy even if you’re still using them.) You can then run the file from that. [I highly recommend you use a disposable or read-only copy, not your flash. Using your flash means it may pick up a carrier.]
The probable reason you’re getting shut down is that the fight between your protection and iemonster is eating up so much memory that the system can’t handle it. But if you don’t run your browser you bypass the problem.
iemonster puts hooks in a bunch of places. If you’re comfortable working in the registry, with unregistering dll files, with stopping processes in the task manager, and with accessing hidden directories, I’m willing to send the manual instructions. If you’re comfortable with that you know all the warnings that start with, "Not my fault if this permanently trashes your computer."
Good luck.
DR
You’re using Vista, right? Serves you right!
Barry
Here’s a question – how does one prepare a back-up boot disk? I’ve got a laptop (running Windows XP) and an external hard drive, which I’m now using only for backing up files.
How should I proceed to set up things in case [when :( ] I have to ‘nuke it from orbit’?
Thanks!
Fr33d0m
If the last known good config or safe mode attempts fail, use another computer to get Ubuntu, write the ISO to disk and boot to it, and try to recover any needed data to some other media. After thats done, and if all your hardware seems to work properly, click on the install icon and join the revolution.
Tim Fuller
My porn comments were meant as a little tongue in cheek, but I am honestly sold on both the satisfying experience of my Mac usage as well as the p()rn.
Enjoy.
Steve Jobs
Get a Mac.
Don McArthur
What are your meatspace coordinates, I’ll FedEx an Ubuntu LiveCD…
The Other Steve
If the computer won’t even boot up… I would suspect it’s not a virus, but rather something else wrong.
I hope you don’t have any files on there which are important. The simplest step now is to try what Tim F did and put in the recovery disk.
If you do have files which are important, you’ll need some help in recovering them.
Cathy W
@Airmon:
Oh good christ. My husband works in the field, and he had someone call about a laptop with something like that (I don’t know if it was this specific program, though) – it was a company laptop, and the caller claimed all he’d done to get it was to connect to the network at a hotel.
Hubby was trying to avoid the reinstall – and couldn’t reinstall, really, when he first got the call, because the caller was in a different state at the time. So he tried to rebuild the system software. He spent the better part of two days trying to get rid of the thing, thought he’d had it licked, thought he’d immunized the system against it – and then it came back.
John, save yourself the pain. Wipe the hard drive (consider replacing it if you’ve got irreplaceable data on it – you might be able to recover files without reinfecting yourself, and hard drives are cheapish), and reinstall your system.
Zifnab
@Steve Jobs:
One of these days, someone is going to create a really nasty and pernicious virus that targets only Apple computers. It’ll fuck over your iMacs, short our your iPhones, frag your iCars, and leave me to iLaugh. I’m counting the days.
leinie
Yes, the reinstall is the way to go, to be sure it’s gone.
One tip if you are one of those people who doesn’t do backups, or haven’t for a while.
Get yourself an UbuntulLive boot disk, and use that to start up the computer. It will run Linux from the cd, without you having to install anything. You’ll need another computer to download and burn the image.
It will also allow you access to your data and allow you to copy anything you must have to a flash drive.
You just have to be really, really careful about scanning that stuff before you copy it back to your newly installed, clean Windows machine.
I’ve used this a couple of times for people to salvage photos, spreadsheets, etc., from a machine that got diseased and had to be killed. It’s also useful if you need to determine if an issue is hardware or software if a drive or port won’t work.
Don McArthur
In all seriousness, can you imagine what the numbers would look like if someone were to total the amount of time and treasure lost to fiddling with that worthless pile of crap-code operating system? It would have to be measured in man-centuries and GDP-Equivalents.
How come the plaintiff’s bar hasn’t had at these incompetents?
flounder
I followed all the instructions here to clean my wife’s virus. I still supsect it may be there. Good luck.
http://forums.majorgeeks.com/showthread.php?t=35407
Incertus
@Zifnab: Don’t be a hater, man.
Tim Fuller
Until that day comes, GET A MAC. Somewhere in the Windows development process it became DE-FACTO for nearly every user to become a PC support person because if you relied on paid support for all the issues you faced, it would actually be cheaper to get the Mac in the first place. Alternatively, if you value your time and don’t receive serenity and joy from constantly rebuilding your system (HD) from scratch, by all means save a few bucks.
Get a Mac. They just work. I know it pains the hell out of some in the Windows community (hence the ‘can’t wait for the Mac virus’ hater language) but it’s true. I don’t make the rules about this stuff, but just like you, I have to live with them so I bought the CHEAPEST Mac I could find a couple years ago. A solo Macmini which proved to me that the O/S was solid and that I could adapt to OS/X. I upgraded last year to an Imac dual Intel because the only complaint I had with the Mini was speed (mainly because harddrive used in it is slow laptop type). Now my backup PC is a Macmini. LOL.
Enjoy
Billy K (D-TX)
@Zifnab: And when that happens, the score will be Eleventy-bazillion to one.
Or, to put it another way, it would be the first virus I’ve had since those Zip Drive worms in the mid-nineties.
As a confirmed Grade-A Apple Zealot, I try not to be a sanctimonious prick, but when I see crap like this, I just don’t understand why 90% of the computing world puts up with this.
bs23
If you have trouble getting the machine to boot in safe mode and don’t have any boot disks lying around, you can use ubuntu instead! Assuming you have another computer to download it and a cdburner to make a disk, that is.
Just download the regular ubuntu version (Intrepid Ibex), burn it to cd, then boot from said cd. You could copy your important data to an external hard drive this way, before nuking the internal disk from space, as it were.
Additional advantage: you can take ubuntu for a spin while you’re at it. Kick the tires, see if it’s for you. Viruses aren’t really a problem, for one…
Also cheaper than getting a mac, and … I see everyone already beat me to this point.
Xanthippas
I second this. I got the nasty XP Antivirus 2008 on my work computer (I have no idea how as I didn’t do any of the stupid stuff John mentions either) and the ONLY thing that would get rid of it was malwarebytes. Malwarebytes destroyed it in one run, and this after I ran several other spyware removers and manually tried to get it off myself to no avail.
Good Shoes
Turn on the PC and hold down F8.
select "Safe mode with networking"
once in, fire up a browser and go to
http://www.pandasecurity.com/homeusers/solutions/activescan/
and select "Scan my computer now"
Once the Panda scan has completed go to
http://shop.trendmicro.com/trialpay/
and select "free house call"
Hopefully one of the above will catch the virus but as mentioned above, once you’ve backed up your data it would be a good idea to re-install :(
Zifnab
@Incertus: I will be a hater. And I will continue to drink my juice.
Billy K (D-TX)
@Zifnab: Hate leads to suffering.
RememberNovember
I run AVG on my Xp partition…haven’t had issues yet- biggest fear for me is keyloggers as I am into MMO’s
malwarebytes seems worth looking into.
salvage
Yup Malwarebytes rules, same sort of thing happened to me (except the porn part… that may have been a factor), the virus had actually hijacked and neutered BitDefender but one run of Malwarebytes and it found the virus, nuked it and I could once again surf porn in secure shame.
Comrade Stuck
Also, Spyware Blaster is excellent as a real time guard. You don’t think it’s doing much and is only updated every two or three weeks, but I haven’t had a single malware infection for 9 months. SuperAntispyware is also very good and complements Malwarebytes, catching a few bugs that that get by.
jcricket
Hate leads to voting Republican.
Notorious P.A.T.
Neither was I, wink wink.
I just had someone wipe and re-install my operating system, but now I don’t have Word for Windows. Can I get that for free, since I used to have it?
Incertus
@Billy K (D-TX):
If Apple were 90% of the computing world, hackers would be doing everything they could to fuck with them. It’s as much their small percentage of the market as their OS architecture that keeps Apple users safe from viruses.
Jeff
I love this blog. You have consistently been the funniest, and one of the most insightful, throughout this campaign. But I have zero patience for your computer foibles until you wise up and shell out a few extra bucks for the far-superior choice out there calmly sailing in gentle waters in a tumultuous sea of the free market.
Gravenstone
You’ve already learned about the goodness that is Malwarebytes. One other tool an IT savvy friend of mine suggested to complement it is Avira antivir.
His reasoning is that being a lesser known company, they’re not (yet) subject to some of the active AVS countermeasures showing up in viruses these days that target the better known software like Norton and the like. With the two together (and a lot of patience) I was able to rescue a very heavily spyware/trojan/faux anti-virus (etc…) infested PC for my nephew.
LarryB
ZOMG! Call the FBI, you must have been hacked by a foreign power.
Comrade Stuck
For those of you with older computers like moi’, I was having trouble with a slowing computer and someone recommended a site called Driver Detective. It cost 30 bucks for the service, but I learned most of my device drivers were way outdated. Best 30 bucks I ever spent for computer care. It’s like a whole new machine, literally running faster than when new.
Mac G
This has happen to me twice and after talking to several different IT people, rebooting your system is the only way to fully get rid of these bugs.
These programs will clean it but there is always a possibility that it will come back.
Xoebe
Firefox + NoScript.
Never, ever, visit any website without NoScript. The preferred method of infection these days is the "drive-by". Legitimate websites can be compromised with malicious scripts, or more likely, simply contain links to malicious sites.
There’s a very minor annoyance with configuring the NoScript extension when you visit a new site, but it’s a ridiculously small price to pay.
Juan del Llano
I realize that it’s impolitic to point out to frustrated PC owners that Macs simply don’t have these problems, but it’s the truth. The absolute truth. We’re not making this shit up, you know. Sure, someday someone will write a pernicious virus, email worm, or whatever that has Mac users crying in their beer. But it hasn’t happened yet, and probably won’t for a long time, for two reasons:
1. First and foremost, Mac OS X has a structure that makes it very difficult for malicious hackers to be successful. Without getting into high geekery, that’s all you need to know. Besides, the way the operating system is set up, a Mac user would have to WANT to install a virus… if there were any, that is.
2. Second, we’re still the minority when it comes to total numbers of computers out there, so a virus writer wouldn’t get much bang for the buck. Yes, there are things out there that can affect your Mac, but the odds are very much against your encountering them. Right now the only thing I’m aware of are certain tracking cookies that you really don’t want because you might get more spam, but that’s about it.
Wouldn’t you love to be online all the time without EVER worrying about having your system wrecked?
Ratufa
Some advice for after you clean up:
– Have a good anti-virus program installed. Anti-virus won’t catch everything, but it’s part of a layered defense.
– Switch to Firefox (if you haven’t already) and use the NoScript extension.
– Make sure your firewall is on.
– Keep your PC up-to-date with OS patches. If you’re somebody who regularly forgets to do so, turn on automatic updates.
– Make sure that any other software on your host is kept up-to-date wrt patches. This includes such things as Flash, Adobe Acrobat, whatever you use to read your e-mail, and any instant messaging software you use (just to give some examples).
– Also, make sure that you change any passwords you may have typed while your PC was infected.
Laura W
@Juan del Llano:
Yes. And I am. I’ve had an iMac (first generation lime green), iBook, and now a MacBook Pro Intel Duo. I leave it on 24/7, pretty much. Put it to sleep when I go to sleep, only shut it down if I’m going away for a while or there is a fierce storm. And I only power down in a storm to save the battery in case I have to use the dreaded dial-up connection, cuz lord knows I can’t be away from the email for too long.
I’m grateful that I learned on a mac eons ago (1992ish? I can’t even remember what we called the first laptop I had…a heavy, black, clunky thing…) and have had nothing but macs since. I am very impatient, but very intuitive, so this works for me.
Gemina13
I have Norton Antivirus 2009 on order. Somehow I got the same Antivirus2009 malware on my system–and I don’t go to porn sites, chat rooms, or dating sites. (I love Firefox; it warns me when I’m about to go to any kind of attack site.) I ran Ad-Aware–I might as well have waved chicken feet over my Dell. I ran Avira Anti-Virus, a backup I got when my subscription to Norton ran out. No use.
Finally, when I saw this post, I clicked on Malwarebyte. Bye-bye, AV2009. If I could find the shitheel who designed it, I’d shove both his/her hands in my food processor and set the fucker to "Liquefy."