I Got God Damned Malware

Martin · 15 years (3:34 PM · Mar 6, 2009)

And I'm almost ashamed to admit it. My various Win XP installs have been virus free for about 7 years now, but now the streak has finally been broken. The strange thing is, I'm still not entirely sure how, or where, my computer got infected.

I've looked back on the events that have led up to this unfortunate incident, and I have pieced together what I think has happened, which I present to you below.

Two nights ago, I was browsing the net with Google's Chrome. I had a few tabs open, and I was bouncing back and forth between them. In one of them I was working on downloading a file from a file-sharing site, kind of like RapidShare, but not quite as official (if you can call RapidShare "official" by any stretch). I had jumped through all the rings, skipping two ads and waiting 60 seconds for the download link to appear. Once the link was ready, I began downloading (it was a RAR file).

About 5 minutes later, while the RAR file was still downloading, I noticed that I had left the tab open with the file share site on it. With no reason to keep it open, I switched to it to close it, but as soon as I selected it, Chrome became unresponsive. Not wanting to cancel my downloading file, I let the program sit, hoping that whatever was slowing down that page would resolve itself. After a minute or two, the tab finally showed up, but the whole browser was acting slow and slightly unresponsive, so I closed out that tab and a few others that I wasn't using anymore.

I turned away from the computer for a second to look at something, but out of the corner of my eye I saw the screen change. I looked back at the display, and it took me a moment to realize that Chrome wasn't on the screen anymore - not in a window or on the taskbar. So I opened it back up, and began trying to restore the tabs I had open. About 30 seconds into this, all of my tabs (even those that had already loaded and stopped), switched to show the Chrome error page. A minute later Chrome disappeared from my screen again with no warning or error message. Opening the program again resulted in a similar outcome.

By this time, it had gotten pretty late, so I attributed this to Chrome's beta status, turned off the computer, and went to sleep.The next day I got home from work and fired up the computer again. I browsed around the web a little, got up to go eat dinner with my girlfriend, and later came back to the computer to play some games. I noticed that FireFox (my default browser) had opened a window in the background - an ad for some idiotic anti-virus program. I assumed I had overlooked it from using FireFox earlier in the evening, and closed it. A minute later it was back, and this time I was sure that I hadn't initiated it's arrival.

My troubles with Chrome the night before came back to me, and instantly, I suspected something might be wrong.A quick look through the computer's running processes yielded nothing. Everything that was supposed to be running was. I checked the startup folder in the Start Menu; still nothing.

Finally, I opened up msconfig to check and see if anything had been added to my list of boot items. Sure enough, there were four oddly named dll's there that I did not recognize. I unchecked their boxes so they wouldn't be run when my computer started, and immediately went hunting for information on the problem.

I found out that my computer was infected with a few pieces of malware, all of the same origin, and all of which had a nasty habit of renaming themselves and latching onto legitimate processes to run. I wasn't entirely sure if their only function was to show me anti-virus ads however, so I figured the best course of action would be to remove the infection and then re-install Windows, just to be safe.

I tried to start up AdAware, but after waiting a few seconds, a cryptic error message appeared on the screen about a server error, and the program refused to load. So, I looked up NOD32, an anti-virus program which I've heard about on "The Tech Guy" radio show, installed it, and ran it. 10 minutes later, after I'd watched the program cycle through all the known areas of the infection, the program reported that it had found nothing. Lame.

A quick Google search returned a few more promising pieces of software; upon further investigation, I decided to try out a program called Anti-Malware by Malware Bytes. This program zipped through my drive and found about 14 infected files and registry entries. I quarantined and deleted all of these, restarted, and ran the program again. The second search turned up nothing. I checked msconfig and my processes list for similar results. I made a mental note that I should purchase the full version of Anti-Malware when this was all over with, as a token of my thanks.

With that, the pre-re-install process began: check, backup, delete, and restore. I checked the software on my computer to make sure I had all the install files I needed and read up on how to properly save my email and saved games. I copied everything from my main hard drive to the (much larger) second hard drive. I uninstalled everything that pointed to files on the second drive, and then rebooted with my trusty Windows XP disc in the tray.

About 30 minutes later I found myself staring blankly at the rolling green hills of the default Windows XP wallpaper. I turned off the machine and went to sleep.

Now it's time for me to get all my programs, games, and files back in their rightful places – just what I wanted to do this weekend.

Thanks malware. Thanks a lot.

22 Comments

  • BenRK says:

    Which is why I stick with FireFox 110% of the time. Of course, even with IE, I didn’t get viruses, but I attribute that to my paranoia of the internet.

  • erthgy says:

    That is a shame, too bad you were taken advantage of by the Internet… But I think we’ve all experienced a virus once or twice.

  • SleeK GeeK says:

    Well, that’s pretty bad. I guess I got one more reason to stick with Firefox or Opera for that matter.

    BTW: Just curious, what did you use to make that great image at the top of this post?

  • Deus Ph3x says:

    Stop watching porn!

    • Dmaster270 says:

      Shh, we’re supposed to wait until after he gets malware again to tell him that.

  • Spaceoff says:

    “Anti-Malware” might be one of those semi-fake security programs: they don’t look like one of those stupidly obvious malware ones, but they ALWAYS find some results on their first search; then they never find anything again, ever, they just want you to purchase the legitimate key. I could be wrong however… I just have experience finding one of them, thinking I actually was infected with something but I wasn’t.

    • Well, it removed the infection from my computer prior to the re-install, so I don’t have any reason to think it was a scam program. The software that was being advertised in the pop-ups I kept getting, however, was certainly something bogus – unless virus distributors are taking a Three Stooges approach to scamming people by infecting their computers with malware and then asking for money to fix it.

  • kc lc says:

    Tough break, Fred.

    I guess this means you won’t be wearing white at your wedding.

  • edmunn says:

    Nice to see you got it fixed!
    On a totally unrelated note, on your friends list, it should be mattmakesgames, not helixgamesinc. :)

  • Dmaster270 says:

    Whatever happened to your Comp04 entry?

    • I got too busy for the holidays, and wasn’t able to get it past the simple engine stage it’s in now.

      I’ll probably release the executable / source soon – since I had to re-install everything on my computer, I’ve been holding off on digging up my old copies of Photoshop and Illustrator because I am thinking about buying the Premium Production package Adobe has… and I need Photoshop to edit pics for my blog. :D

  • Polystyrene Man says:

    I remember when I first got Google Chrome I made it my mission to crash a tab just so I could see the “Aw Snap!” image.

    …pretty sure it’s not in beta anymore, by the way.

    • Yeah, you’re right – the newest version is not beta. The version I had on my computer, however, was the original (and very beta) launch version.

      Before Chrome was released, I was excited about their presentation that showed each tab being independent of the whole program, so you could close a problem tab without losing your entire browser. In practice though, I’ve rarely had an instance where one tab has stopped responding and I have been able to close it and have the rest of the tabs survive. Usually, if one goes down, the entire program locks up.

      That might be better in the newer version though. Once I’ve gotten over my new found fear of Chrome, I’ll have to give it a shot again.

  • xot says:

    The “Aw, snap!” error page always brings a smile to my face. I went through something very much like this a few months ago after years of prideful folly. Watch out for those “blocked” pop-ups in Chrome, they load in the background.

  • Daniel says:

    I had this same malware problem. Like you I did some research ind found that i should try out Anti-Malware by Malware Bytes, and it worked. My computer was back to just how it was. I kind of makes you think, if that program is the only one that can get rid of that malware, maybe they’re just the same company trying to get more publicity and money.

  • Aviraldg says:

    I experienced something similar recently. While looking for a anonymous proxy , I stumbled upon a toolbar in explorer that I hadn’t seen before. A virus scan toolbar. Wait, this wasn’t explorer [b]it was a ditto image of explorer in chrome[/b] that yelled out loud that my box had a virus and I needed to install their “antivius”[sic] software to remove it… This is quite scary – I can imagine a less experienced computer (like my mom) user to fall for it and install the great antivius software.

  • YEAH. I got the same lame problem too. ‘Cept sometimes my computer doesn’t even boot up now. I’m going to try to re-install my winXP. Luckily I have everything I need on a second HD.

    BTW. Anybody know if when I re-install onto my main HD, should I leave my second HD detatched, and then attatch it after everything his all set? Or does it matter? I’ve done re-installs before but never with 2 HDs.

Leave a Reply

Note: Your name will appear alongside your comment. Your email address will not be published. Comments that include links will need to be manually approved before they appear on the page.