Pin It
Dr. Digit 'Splains It AllDr. Digit 'Splains It AllDr. Digit 'Splains It All

My computer was infected by a trojan this morning.  A trojan, named after the Trojan Horse of Greek lore, is a piece of malicious software disguised as a good program.  This particular one puts up phony spyware warnings and directs you to the Antispylab Web site.  It tries to scare you into buying their fake anti-spyware software.  In the course of doing this it creates phony system files, hijacks your web browser to take you to another fake spyware warning, logs your keystrokes in order to steal your passwords.  It installs by stealth and is very difficult to remove.  It also makes programs like regedit and Windows Task manager unusable so you can't manually remove it.  

That's not all it does, but you get the picture.  My computer was unusable, because about once a minute another phony warning would pop up and then a browser would open to the Antispylab site.  Brilliant techie that I am I immediately realized the warnings were fakes, and set about finding the fastest way to get the miserable thing off my system.

How did I recognize the warnings as fakes?  First of all, the Microsoft warning windows they emulated never have messages like they were flashing.  And the combination of warning windows they emulate don't actually work together.  And they took me to an obviously not - someplace - Microsoft - would - send - you site.  Then I checked my system files and found eight or ten that had been created that day.  I deleted them and they were immediately recreated.  Oh oh!  Something really really bad was happening, and the good news was that I recognized it.  But recognizing a phony isn't the same as knowing how to get rid of it.

First I cut off my Internet connection so the program couldn't send any more of my information to the baddies.  Next I  went to Google on another computer and ran a search on "antispylab removal" and got 520 search results.  How did I know to search for that?  Well, the web browser hijacked me to antispylab.com, so I guessed.  I turned out to be right.

Many of the sites I found in my search had the same advice.   I ended up at bleepingcomputer.com which had a copy of the SmitFraudFix utilities and instructions on how to use them.  I was advised to reboot my computer into Safe Mode (and full instructions on doing so were provided).  Then I was told how to use SmitFraudFix, which amounted to double clicking a file to start it and responding to a few prompts as it went along.  It cleaned my system in a reasonably short time and I was up and running in time to write this article before my deadline!

How did I get this thing?  I don't really know.  Normally viruses and trojans are sent in e-mail, with the malicious mailer counting on you to click on the attachment.  Now some web sites can auto-run programs so just visiting them has the potential to infect your system.  Maybe someone I trust was infected and didn't know it, and sent me something that I clicked on because I trusted them.  I don't know.

The important thing is that if you think you have been infected be sure to have a plan.  Do not type any sensitive information like passwords that malware might steal from you and send to a baddie.  If possible turn off your Internet connection to prevent the program sending your private information to an unkonwn baddie.  Immediately do a search to find out how to identify and remove the problem, and try to stick to sites that are trustworthy for this advice.  Follow the advice, or get someone who understands it to do it for you.  And most of all, don't wait!  The longer you wait, the worse the problem will get.

The bad news is that there are countless morons who have nothing better to do than make software that ruins other peoples computing experience, costing untold millions of dollars in lost labor.  The good news is that there are some really good people who figure out ways to defeat the baddies, and they often make their solutions available free.  Even if you have to pay for tools it is well worth it.  Whatever you do, don't click on buttons or messages that pop up.  That just makes you a party to your own misery.  And there is misery enough even when you know what to do to fix it.

----
v2i19
Pin It