Don’t Compromise Your Whole Computer!

I’m not just being dramatic here.

Trojans are awful!

I was going along, minding my own business when up on the screen pops a box telling me that my version of java is out of date and prompts me to download the update. My first inclination was to get straight out of the site, but I didn’t follow that inclination. I downloaded the program file, scanned it with AVG, and finding that it didn’t contain any threats, I opened it.

Two minutes later, I was the proud new owner of a NeoSploit Trojan virus.

Trojan Warrior

Click image to visit original

The best thing about a trojan is that it knows how to party. True to it’s nature, it invited a few friends including Generic 13.

Fortunately for me, I knew that the longer a Trojan has access to the internet, the more friends it can bring over, so I disconnected and ran the two programs I had at my disposal; AVG and MalwareBytes.

Neither one of them could take care of the problem, even in safe mode with the system restore turned off*.

Let me just add, that if you don’t know how to turn off the system restore, you are better off formatting the drive or getting a nerd to do the virus removal, because you’re going to be in over your head otherwise.

To make a long story short (took me more than 48 hours spread between 4 days.), I used Reg run Reanimator and Combofix to take out the exe files** and MalwareBytes and AVG to mop up the random .dlls. Then I downloaded Bit Defender just to be on the safe side and used fport to check and see that no open ports weren’t waiting to trick me. (Had to watch a video to make sure I knew what to look for.)

*You want to turn the system restore off because trojans and some other viruses can hideout in the system restore and come back to haunt you after you blow them away. This is a classic example of windows trying to be helpful, but failing. System restore is great for undoing stuff you did to yourself, but is useless against trojans.
**Remember how I said that you better know a good bit about windows before you attempt this? Combofix and Regrun Reanimator both opperate on low levels. Lower than your typical virus or malware protection. As such, you can easily kick out the pillars of windows if you don’t know what they are. Reanimator has a way to just assess the damage and send the report to their professionals instead of doing anything you would regret, but I can’t attest to their effectiveness, and I don’t know whether they are free, since I didn’t need the help.

So, the moral of the story is,  don’t download any important updates from anywhere but their update downloader (which usually shows up near the clock.), or from the official website.

Leave a Reply