Log in

No account? Create an account

Previous Entry | Next Entry

Stupid Frelling Virus update

Got home from show last night to find that brainiacfive had rejoined the battle without me, 'cause he's awesome that way. :-* So what I had expected to have eat up my afternoon and evening today was already done by the time I went to bed last night. Yay!

Malwarebytes was already installed (I do a full scan with it at least a couple times a month ever since the nasty one that infected his computer a couple years back) and available to run in safe mode, which made our lives vastly easier. (If you're not already using it, I HIGHLY recommend it.) I'm sort of morbidly amused that the registry key entries it caught (in addition to the trojan itself) were actually designated "Rogue AV Suite."

It started up fine in normal mode after that, and there's been no sign of the bogus security dialogue or anything. brainiacfive ran Malwarebytes again, this time with the Quick instead of Full scan, and when I got up this morning it had caught two more registry key entries. I was going to run Spybot after that (our SOP, developed through trial and error, is to do them in that order), but when I went to check for updates it told me it couldn't open that site because Internet Explorer was set to use a proxy server that wasn't allowing it. O RLY?

Ran CCleaner a bit more thoroughly than usual, including resetting IE to default everything. Had to manually change Firefox back to no proxy (which, in my head, is snapped imperiously by Edna Mode), but it didn't seem to do anything else funny while I had it open to do so. Spybot still thinks there aren't any newer updates, which I find suspicious because I haven't updated it in at least two weeks, but I put a pin in that and started a full Malwarebytes scan just before I left for work. (I usually don't even bother with the quick scan, just do the full one when I'm going to be elsewhere.) When I get home, I'll see if it caught anything else, then run Spybot, then we should be good. :: touch wood ::

So, all in all, I seem to have dodged most of the bullet, certainly compared to what some people I know have been through lately. *whew* I'm going to make no statement about any plans to do anything on the computer this afternoon/evening (other than the aforementioned further cautionary measures), because of late that seems to jinx me something awful.


( 17 comments — Leave a comment )
Jul. 12th, 2010 05:15 pm (UTC)
Rogue AV always changes browsers to proxy, which can frell up other things (like: little did I know 'til last Friday that Outlook actually processes images through IE, whether IE is your default browser or not, so if IE is set for proxy, you get no images).

Sounds like you've got everything well under control. My only other suggestion is to make sure when you run your periodic Malwarebytes scans to update Malwarebytes at that time so you've got the most recent version. I found out the hard way that older versions of Malwarebytes (which is the Best.Program.Ever) couldn't kill RogueAV.

For the record, RogueAV has been the bane of my existence over lo these long months - it doesn't seem to matter how good my a/v solution is - the bugger still gets in.
Jul. 12th, 2010 05:19 pm (UTC)
*nodnodnod* I routinely check for updates on both Malwarebytes and Spybot when I open them, because the free versions don't update automatically.

Malwarebytes ROCKS MY SOCKS.
Jul. 12th, 2010 05:56 pm (UTC)
Husbands are pretty awesome.

Congrats. *hugs*
Jul. 13th, 2010 01:39 am (UTC)
They certainly can be!
Jul. 12th, 2010 05:57 pm (UTC)
From your description, I picked up that same virus a couple of months ago. It took our IT guy forever to ferret it all out.
Jul. 13th, 2010 01:36 am (UTC)
It seems to be hitting a lot of folks. :: shakes fist at it ::
Jul. 12th, 2010 06:41 pm (UTC)
Not sure how much it happens any more, but one thing I know has happened on several older machines is that, in addition to IE or Firefox having a proxy server enabled, the actual Hosts file has been changed to include a lot of bogus addresses. Obviously not specific to the Rogue AV which you are having issues with now, but always something to keep an eye out for.
Jul. 13th, 2010 01:37 am (UTC)
Good thought, as this is an older machine. Thanks!
Jul. 12th, 2010 07:43 pm (UTC)
Brainiacfive rocks.
Jul. 13th, 2010 01:37 am (UTC)
Jul. 12th, 2010 08:54 pm (UTC)
That sounds like a bastard of a virus!
Jul. 13th, 2010 01:38 am (UTC)
It certainly seems to be getting around, and I seem to have gotten off easy!
Jul. 13th, 2010 04:13 pm (UTC)
Yay for getting off easy!

And I just realized how wrong that sentence could be taken... *smirks*
Jul. 12th, 2010 11:29 pm (UTC)
Malwarebytes saved me on Saturday when I discovered something called 'defense center' on my baby. *shudders*
Jul. 13th, 2010 01:39 am (UTC)
I think that was the actual one that my work computer got. Same general MO, different name.

Malwarebytes is most definitely a Thing To Have.
Jul. 13th, 2010 02:14 am (UTC)
That brainiacfive, he certainly is much of the awesome. I'm glad you guys were able to de-trojan your computer.
Jul. 14th, 2010 05:41 pm (UTC)
Me too, and thanks!
( 17 comments — Leave a comment )


Valerie - Postmodern Pollyanna
WiliQueen's Woods

Latest Month

November 2016


Powered by LiveJournal.com
Designed by chasethestars