I cleaned up two malware-infested computers yesterday. Both of them had up-to-date antivirus software and responsible owners who had installed all critical Windows updates.
The only malware that I’ve seen for the last few months has been the kind that pops up phony security warnings, trying to get a credit card number. It can immediately make a computer unusable. There is more information about this type of malware here.
One of the computers I worked on had the malware described here last week by Microsoft’s Malware Protection Center, which can appear with a variety of different names and screens, constantly morphing and changing its code to make it harder to detect. It took a while to figure out that it had changed the file association for .EXE executables – every attempt to launch anything would bring up the fake program instead.
(Tip for administrators: it’s possible to run executables from a command prompt window in that case. It’s not easy to get a command prompt window, since that normally requires running CMD.EXE! The answer: open Task Manager, click on File, then hold the Ctrl key down while clicking on Run.)
I’ve been able to remove malware from many (but not all) of the computers I’ve worked on in the last year. As I’ve written, Malwarebytes does the best job of sniffing out traces of malware after it has gotten on to a system, but it can be difficult to get Malwarebytes installed or running successfully – frequently that’s only possible after I’ve already looked for rogue startup programs and services and found deeply hidden system files, using a combination of safe mode and a separate environment created by a special boot CD.
You can be exposed to malware even if all of your Internet surfing is safe and responsible. Antivirus vendor Avast just released an alarming study showing that the ad servers run by Yahoo, Fox, and others are occasionally delivering malware-infested ads to legitimate web sites. Those companies cover more than 50 percent of online ads! That’s what caused the New York Times web site to briefly deliver poisoned ads last fall; it’s what caused me to run into a bit of malware on Grooveshark last month; it’s what took down the computers I worked on yesterday.
The rules for safe computing are still in force. If you aren’t installing updates for Flash, Java, Quicktime, and Adobe Reader regularly, then you are at risk. Use the free Secunia Online Inspector monthly to stay up to date, or call me for a PC Tuneup – and be careful out there!
This post saved me last night. I got a call from my wife that our computer “alerted” her of multiple viruses and such. I walked her through the alt-F4 shutdown and restart, but our patched and current anti-virus computer had been compromised.
Last night I booted to safe mode and removed the offending programs and startup calls, but many apps would not run – exe had been hijacked. Thankfully I remembered reading this post and how to get the command window so I could run mbam.exe. THANKS! Last time I lost the exe file association, I resorted to a wipe and reinstall — this was much better!