I Got God Damned Malware

Aw, snap!

And I’m almost ashamed to admit it.  My various Win XP installs have been virus free for about 7 years now, but now the streak has finally been broken.  The strange thing is, I’m still not entirely sure how, or where, my computer got infected.

I’ve looked back on the events that have led up to this unfortunate incident, and I have pieced together what I think has happened, which I present to you below.

Two nights ago I was browsing the net with Google’s Chrome.  I had a few tabs open, and I was bouncing back and forth between them.  In one of them I was working on downloading a file from a file-sharing site, kind of like RapidShare, but not quite as official (if you can call RapidShare “official” by any stretch).  I had jumped through all the rings, skipping two ads and waiting 60 seconds for the download link to appear.  Once the link was ready, I began downloading (it was a RAR file).

About 5 minutes later, while the RAR file was still downloading, I noticed that I had left the tab open with the file share site on it.  With no reason to keep it open, I switched to it to close it, but as soon as I selected it, Chrome became unresponsive.  Not wanting to cancel my downloading file, I let the program sit, hoping that whatever was slowing down that page would resolve itself.  After a minute or two, the tab finally showed up, but the whole browser was acting slow and slightly unresponsive, so I closed out that tab and a few others that I wasn’t using anymore.

I turned away from the computer for a second to look at something, but out of the corner of my eye I saw the screen change.  I looked back at the display, and it took me a moment to realize that Chrome wasn’t on the screen anymore – not in a window or on the taskbar.  So I opened it back up, and began trying to restore the tabs I had open.  About 30 seconds into this, all of my tabs (even those that had already loaded and stopped), switched to show the Chrome error page.  A minute later Chrome disappeared from my screen again with no warning or error message.  Opening the program again resulted in a similar outcome.

By this time, it had gotten pretty late, so I attributed this to Chrome’s beta status,  turned off the computer, and went to sleep.The next day I got home from work and fired up the computer again.  I browsed around the web a little, got up to go eat dinner with my girlfriend, and later came back to the computer to play some games.  I noticed that FireFox (my default browser) had opened a window in the background – an ad for some idiotic anti-virus program.  I assumed I had overlooked it from using FireFox earlier in the evening, and closed it.  A minute later it was back, and this time I was sure that I hadn’t initiated it’s arrival.

My troubles with Chrome the night before came back to me, and instantly, I suspected something might be wrong.A quick look through the computer’s running processes yielded nothing.  Everything that was supposed to be running was.  I checked the startup folder in the Start Menu; still nothing.

Finally, I opened up msconfig to check and see if anything had been added to my list of boot items.  Sure enough, there were four oddly named dll’s there that I did not recognize.  I unchecked their boxes so they wouldn’t be run when my computer started, and immediately went hunting for information on the problem.

I found out that my computer was infected with a few pieces of malware, all of the same origin, and all of which had a nasty habit of renaming themselves and latching onto legitimate processes to run.  I wasn’t entirely sure if their only function was to show me anti-virus ads however, so I figured the best course of action would be to remove the infection and then re-install Windows, just to be safe.

I tried to start up AdAware, but after waiting a few seconds, a cryptic error message appeared on the screen about a server error, and the program refused to load.  So I looked up NOD32, an anti-virus program which I’ve heard Leo LaPorte rave about on his “The Tech Guy” radio show, installed it, and ran it.  10 minutes later, after I’d watched the program cycle through all the known areas of the infection, the program reported that it had found nothing.  Lame.

A quick Google search returned a few more promising pieces of software; upon further investigation, I decided to try out a program called Anti-Malware by Malware Bytes.  This program zipped through my drive and found about 14 infected files and registry entries.  I quarantined and deleted all of these, restarted, and ran the program again.  The second search turned up nothing.  I checked msconfig and my processes list for similar results.  I made a mental note that I should purchase the full version of Anti-Malware when this was all over with, as a token of my thanks.

With that, the pre-re-install process began: check, backup, delete, and restore.  I checked the software on my computer to make sure I had all the install files I needed and read up on how to properly save my email and saved games.  I copied everything from my main hard drive to the (much larger) second hard drive.  I uninstalled everything that pointed to files on the second drive, and then rebooted with my trusty Windows XP disc in the tray.

About 30 minutes later I found myself staring blankly at the rolling green hills of the default Windows XP wallpaper.  I turned off the machine and went to sleep.

Now it’s time for me to get all my programs, games, and files back in their rightful places – just what I wanted to do this weekend.

Thanks malware.  Thanks a lot.

22 comments:

  1. BenRK - Over a year ago

    Which is why I stick with FireFox 110% of the time. Of course, even with IE, I didn’t get viruses, but I attribute that to my paranoia of the internet.

  2. erthgy - Over a year ago

    That is a shame, too bad you were taken advantage of by the Internet… But I think we’ve all experienced a virus once or twice.

  3. SleeK GeeK - Over a year ago

    Well, that’s pretty bad. I guess I got one more reason to stick with Firefox or Opera for that matter.

    BTW: Just curious, what did you use to make that great image at the top of this post?

    1. FredFredrickson - Over a year ago

      It’s a Photoshop’d image of the Chrome error page. :)

  4. Deus Ph3x - Over a year ago

    Stop watching porn!

    1. Dmaster270 - Over a year ago

      Shh, we’re supposed to wait until after he gets malware again to tell him that.

  5. Spaceoff - Over a year ago

    “Anti-Malware” might be one of those semi-fake security programs: they don’t look like one of those stupidly obvious malware ones, but they ALWAYS find some results on their first search; then they never find anything again, ever, they just want you to purchase the legitimate key. I could be wrong however… I just have experience finding one of them, thinking I actually was infected with something but I wasn’t.

    1. FredFredrickson - Over a year ago

      Well, it removed the infection from my computer prior to the re-install, so I don’t have any reason to think it was a scam program. The software that was being advertised in the pop-ups I kept getting, however, was certainly something bogus – unless virus distributors are taking a Three Stooges approach to scamming people by infecting their computers with malware and then asking for money to fix it.

  6. kc lc - Over a year ago

    Tough break, Fred.

    I guess this means you won’t be wearing white at your wedding.

  7. edmunn - Over a year ago

    Nice to see you got it fixed!
    On a totally unrelated note, on your friends list, it should be mattmakesgames, not helixgamesinc. :)

    1. FredFredrickson - Over a year ago

      Noted and corrected – thanks for letting me know. I’ve added a link to your site too, if that’s alright. :)

  8. Dmaster270 - Over a year ago

    Whatever happened to your Comp04 entry?

    1. FredFredrickson - Over a year ago

      I got too busy for the holidays, and wasn’t able to get it past the simple engine stage it’s in now.

      I’ll probably release the executable / source soon – since I had to re-install everything on my computer, I’ve been holding off on digging up my old copies of Photoshop and Illustrator because I am thinking about buying the Premium Production package Adobe has… and I need Photoshop to edit pics for my blog. :D

  9. Polystyrene Man - Over a year ago

    I remember when I first got Google Chrome I made it my mission to crash a tab just so I could see the “Aw Snap!” image.

    …pretty sure it’s not in beta anymore, by the way.

    1. FredFredrickson - Over a year ago

      Yeah, you’re right – the newest version is not beta. The version I had on my computer, however, was the original (and very beta) launch version.

      Before Chrome was released, I was excited about their presentation that showed each tab being independent of the whole program, so you could close a problem tab without losing your entire browser. In practice though, I’ve rarely had an instance where one tab has stopped responding and I have been able to close it and have the rest of the tabs survive. Usually, if one goes down, the entire program locks up.

      That might be better in the newer version though. Once I’ve gotten over my new found fear of Chrome, I’ll have to give it a shot again.

  10. xot - Over a year ago

    The “Aw, snap!” error page always brings a smile to my face. I went through something very much like this a few months ago after years of prideful folly. Watch out for those “blocked” pop-ups in Chrome, they load in the background.

  11. Daniel - Over a year ago

    I had this same malware problem. Like you I did some research ind found that i should try out Anti-Malware by Malware Bytes, and it worked. My computer was back to just how it was. I kind of makes you think, if that program is the only one that can get rid of that malware, maybe they’re just the same company trying to get more publicity and money.

    1. Hockeyflyers - Over a year ago

      Wow I would have never thought of that. Maybe you’re right…

  12. Aviraldg - Over a year ago

    I experienced something similar recently. While looking for a anonymous proxy , I stumbled upon a toolbar in explorer that I hadn’t seen before. A virus scan toolbar. Wait, this wasn’t explorer [b]it was a ditto image of explorer in chrome[/b] that yelled out loud that my box had a virus and I needed to install their “antivius”[sic] software to remove it… This is quite scary – I can imagine a less experienced computer (like my mom) user to fall for it and install the great antivius software.

  13. yourlocalloser - Over a year ago

    YEAH. I got the same lame problem too. ‘Cept sometimes my computer doesn’t even boot up now. I’m going to try to re-install my winXP. Luckily I have everything I need on a second HD.

    BTW. Anybody know if when I re-install onto my main HD, should I leave my second HD detatched, and then attatch it after everything his all set? Or does it matter? I’ve done re-installs before but never with 2 HDs.

Leave a Reply