Posts Tagged freeware


Bookmarks for July 13th through September 3rd

Posted by Jen in Delicious |
9 comments »

These are my links for July 13th through September 3rd:

Burninated

Posted by Jen in Nerdiness |
one comment »

So, I had a virus on my desktop computer.  The actual virus was called W32/Beagle.HW@mm and it was particularly nasty.  I know exactly where I got it and it was partially my fault that I even infected my computer with it in the first place.  The file was obtained from eMule and was (what I thought) valid and safe and very much free of viruses.  I even ran it through my AVG program to make sure it was okay.  (That’s the part where it wasn’t really my fault…AVG told me it was safe!)  The problem was that the name of the install file had a misspelling.  That should have tipped me off that perhaps it wasn’t quite as valid and safe as I had originally thought it was.

Well, to make a long story short…I clicked on it and chaos ensued.  Basically, it shut down my anti-virus software and my firewall and disabled my ability to enter Safe Mode.  I spent a few hours in an endless loop of finding the bad file (with the name winupgro.exe) with BitDefender’s online scanner, cleaning it, rebooting the computer…watching the “cleaned” virus file regenerate itself.  Safe mode was not an option.  System Restore wouldn’t work properly.  No other virus scanner could be installed.

Finally, I decided to try Malwarebytes malware scanner.  I was surprised I was even able to install it.  It wouldn’t let me install any other scanner out there.  Malwarebytes is seriously awesome, by the way.  It finds those sneaky little files that some of the other scanners can’t find.  It not only found winupgro.exe, but it found a few extra goodies hidden in a folder labeled “m” in my Application Data folder.  This was a good step in the right direction, but didn’t exactly fix the problem.  My searches online led me to this thread: http://www.precisesecurity.com/files-process/2008/12/28/winupgro/ which is where I found out that the virus will add another file somewhere in the computer that will run and regenerate the virus during every reboot.  This other file (sort of the evil twin brother) will be about 824KB and is usually hidden in the folder of your virus scan program or (in my case) one of your disk imaging programs.  Mine was hidden in my Alcohol 120% Program Files folder.  I recognized it right away because the file’s shortcut icon was identical to the icon of the eMule file I had downloaded with the original virus.  (It was an icon of two big eyeballs.)  Once I deleted that file and then ran Malwarebytes again, the virus was finally gone.

The final step was to use a registry replacement file from here: http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/ and restore my ability to enter Safe Mode.  Then I re-installed my virus scanner…this time I am switching to Avast and I am now using Comodo firewall, too.  The Malwarebytes Anti-Malware will stay on my system and I’m going to make sure I use it to scan any odd individual files I come across in the future.  I’m a little embarrassed I even had the virus in the first place – I pride myself on being more careful than that.  On the bright side, however, I did learn a lot and I will definitely be able to pass that knowledge onto others. 

I am sooooo glad I don’t have to reformat my computer.  I do love to reformat… (seriously I do – I’m odd that way)…but I just purchased this hard drive a few months ago and I just finished installing all my software and transferring all my files to it and really didn’t want to do it again.  I’m currently using my laptop as Avast does its initial scan of my 650GB hard drive.  That’s going to take awhile.