?

Log in

No account? Create an account

Previous Entry | Next Entry

Stupid Frelling Virus update

Got home from show last night to find that brainiacfive had rejoined the battle without me, 'cause he's awesome that way. :-* So what I had expected to have eat up my afternoon and evening today was already done by the time I went to bed last night. Yay!

Malwarebytes was already installed (I do a full scan with it at least a couple times a month ever since the nasty one that infected his computer a couple years back) and available to run in safe mode, which made our lives vastly easier. (If you're not already using it, I HIGHLY recommend it.) I'm sort of morbidly amused that the registry key entries it caught (in addition to the trojan itself) were actually designated "Rogue AV Suite."

It started up fine in normal mode after that, and there's been no sign of the bogus security dialogue or anything. brainiacfive ran Malwarebytes again, this time with the Quick instead of Full scan, and when I got up this morning it had caught two more registry key entries. I was going to run Spybot after that (our SOP, developed through trial and error, is to do them in that order), but when I went to check for updates it told me it couldn't open that site because Internet Explorer was set to use a proxy server that wasn't allowing it. O RLY?

Ran CCleaner a bit more thoroughly than usual, including resetting IE to default everything. Had to manually change Firefox back to no proxy (which, in my head, is snapped imperiously by Edna Mode), but it didn't seem to do anything else funny while I had it open to do so. Spybot still thinks there aren't any newer updates, which I find suspicious because I haven't updated it in at least two weeks, but I put a pin in that and started a full Malwarebytes scan just before I left for work. (I usually don't even bother with the quick scan, just do the full one when I'm going to be elsewhere.) When I get home, I'll see if it caught anything else, then run Spybot, then we should be good. :: touch wood ::

So, all in all, I seem to have dodged most of the bullet, certainly compared to what some people I know have been through lately. *whew* I'm going to make no statement about any plans to do anything on the computer this afternoon/evening (other than the aforementioned further cautionary measures), because of late that seems to jinx me something awful.

Comments

( 17 comments — Leave a comment )
jennetj
Jul. 12th, 2010 05:15 pm (UTC)
Rogue AV always changes browsers to proxy, which can frell up other things (like: little did I know 'til last Friday that Outlook actually processes images through IE, whether IE is your default browser or not, so if IE is set for proxy, you get no images).

Sounds like you've got everything well under control. My only other suggestion is to make sure when you run your periodic Malwarebytes scans to update Malwarebytes at that time so you've got the most recent version. I found out the hard way that older versions of Malwarebytes (which is the Best.Program.Ever) couldn't kill RogueAV.

For the record, RogueAV has been the bane of my existence over lo these long months - it doesn't seem to matter how good my a/v solution is - the bugger still gets in.
wiliqueen
Jul. 12th, 2010 05:19 pm (UTC)
*nodnodnod* I routinely check for updates on both Malwarebytes and Spybot when I open them, because the free versions don't update automatically.

Malwarebytes ROCKS MY SOCKS.
amilyn
Jul. 12th, 2010 05:56 pm (UTC)
Husbands are pretty awesome.

Congrats. *hugs*
wiliqueen
Jul. 13th, 2010 01:39 am (UTC)
They certainly can be!
phantomminuet
Jul. 12th, 2010 05:57 pm (UTC)
From your description, I picked up that same virus a couple of months ago. It took our IT guy forever to ferret it all out.
wiliqueen
Jul. 13th, 2010 01:36 am (UTC)
It seems to be hitting a lot of folks. :: shakes fist at it ::
chiroho
Jul. 12th, 2010 06:41 pm (UTC)
Not sure how much it happens any more, but one thing I know has happened on several older machines is that, in addition to IE or Firefox having a proxy server enabled, the actual Hosts file has been changed to include a lot of bogus addresses. Obviously not specific to the Rogue AV which you are having issues with now, but always something to keep an eye out for.
wiliqueen
Jul. 13th, 2010 01:37 am (UTC)
Good thought, as this is an older machine. Thanks!
deire
Jul. 12th, 2010 07:43 pm (UTC)
Brainiacfive rocks.
wiliqueen
Jul. 13th, 2010 01:37 am (UTC)
Trufax.
ariestess
Jul. 12th, 2010 08:54 pm (UTC)
That sounds like a bastard of a virus!
wiliqueen
Jul. 13th, 2010 01:38 am (UTC)
It certainly seems to be getting around, and I seem to have gotten off easy!
ariestess
Jul. 13th, 2010 04:13 pm (UTC)
Yay for getting off easy!


And I just realized how wrong that sentence could be taken... *smirks*
lyssie
Jul. 12th, 2010 11:29 pm (UTC)
Malwarebytes saved me on Saturday when I discovered something called 'defense center' on my baby. *shudders*
wiliqueen
Jul. 13th, 2010 01:39 am (UTC)
I think that was the actual one that my work computer got. Same general MO, different name.

Malwarebytes is most definitely a Thing To Have.
irish_horse
Jul. 13th, 2010 02:14 am (UTC)
That brainiacfive, he certainly is much of the awesome. I'm glad you guys were able to de-trojan your computer.
wiliqueen
Jul. 14th, 2010 05:41 pm (UTC)
Me too, and thanks!
( 17 comments — Leave a comment )

Profile

sugarplum
wiliqueen
Valerie - Postmodern Pollyanna
WiliQueen's Woods

Latest Month

November 2016
S M T W T F S
  12345
6789101112
13141516171819
20212223242526
27282930   

Tags

Powered by LiveJournal.com
Designed by chasethestars