*Rant* Super Computer virus alert!!!

[shawn30]

Hey guys and pretty gals:)

I'm pretty good friends with a number of you on this board, casual friends with a few more, and just a PR author with the rest. Those that know me well know that while I worked in real estate for over a decade, I have since moved on to the world of IT in recent years. To that end my job these days is as a PC technician. It's what I went to college for, got certified in (Comptia A+ and Network+) and I'm in college at night pursuing my BA in Computer Information Services. So what I am about to talk about I am very versed in, and have talked about with a number of people in the IT world who have many more years than I do.

Its about what happened to me Sunday night.

I got a call from a woman about her two daughters, both college students, computer. They had a virus called "PC Total Security 2009." So as I typically do before going out on a call, I researched the virus thoroughly. I found out that is been around for a number of months and tons of people have had it and offered ways to get rid of it. So I wrote down five possible ways, already had my own plan for getting rid of most infected machines, and went about my way.

What I found was the absolute most dug in deep, bitching virus of all fucking time. Forgive me, the language isn't gonna be PG from here on out.

Okay, so before I begin let me utter three truths IT professionals I know and trust, coupled with my own experiences have come to accept. The following will be in all caps.

1. IF YOU RUN NORTONS ANYTHING ON YOUR PC ITS LIKE GOING ON VACATION FROM YOUR HOPE, PUTTING UP A BRIGHT SIGN ON YOUR FRONT LAWN THAT YOU ARE ON VACATION, LEAVING THE FRONT DOORS UNLOCKED AND ALL YOUR BANK INFORMATION ON YOUR COUCH ALONG WITH YOUR SOCIAL SECURITY NUMBER. NORTONS SIMPLY DOES NOT WORK EVER!!!!

2. MCAFEE IS JUST AS BAD!

3. REREAD OPINIONS 1 AND 2!!!

Okay, back to my story. I went to my job, met the woman and her daughters. Her daughters use *a online service I will not name that you can illegally download music from. This is to protect Cathy and her site* PC Total Security 2009 looks exactly like a virus scanner and pretends to find many virus's on your PC. It slows your PC to a crawl, runs as soon as the PC starts up, and can remove your access to the internet.

What I typically do to solve 90% of my clients virus problems is install my 3 best cleaning tools (Malwarebytes Anti-malware, Spybot: Search and Destroy, and Avast). I update them, install a registry cleaner called CCleaner and then reboot in safe mode without networking. Meaning safe mode without access to online so the virus can't replicate itself. Then I scan the pc in safe mode with the first two, and then have Avast do a boot scan, which means it will scan the pc before it even boots looking for the worst of the worst of virus.

That was my plan.

My plan got fucked!

"PC Total Security 2009" does the following and I have never, ever seen a virus do this before. Again, if you research the virus you will see people offer a number of ways to remove it. So why don't they work? I'll get to that in a second. Again, this is what PC Total Security 2009 does...

1. It removes the ability to install any new program of any kind in your normal Windows operating system PC. 2000, XP,and Vista.

2. It either kills your access to the internet or monitors it and as soon as you attempt to use a search engine to research words or names of anti-virus software the PC will either shut down or your browser will quit. It alos blocks many IT websites where you might find information.

3. You will not have access to Task Manger to quit any processes whatsoever!

4. You will not have access to Command Prompt.

5. You will not have access to Admin Tools

6. You will not have access to Add or Remove programs

7. Nortons and Mcafee anti-virus simply will not function. All five clients I have visited had one or the other.

8. Most PC's wont even boot into safe mode.

9. If you do boot into safe mode and can install new software all scans quit within ten seconds and the PC automatically restarts. After the restart you wont be able to get into those programs.

10. If you upload a second party "task manager" software to try and locate processes you looked up to be the PC Total Security 2009 you might be able to shut a few down, as I was able to. But the virus is still dug in so deep and you have so little access to anything that you still cannot stop it.

11. It has the same powers in safe mode as it does in normal start up. You still can't get into anything that will allow you to get rid of this, can't get any scanner to scan the pc, and can't do crap for the most part.

Weary sigh...

So I went to work and used for the next two hours every single thing I could think of, even calling two friends of mine in IT to find a way to beat this thing. Nothing worked. The end result was I had to wipe her system clean and re-install windows. They lost everything they had on their harddrive. Five years worth of stuff.

So I got in my car and drove home, pissed and with a head-ache. I hopped on aim and ranted to my sisters and then fell asleep, lol.

Since Sunday I have had five more duels with "PC Total Security." And five more defeats. This thing digs in so deep, but most people just don't have the right virus protection.

So here's some real-world truths from as IT professional.

Nortons does not work. Neither does Mcafee. Nothing made by them works. Using it is worthless. To protect yourself you need to use a number of scanners that have their own protection systems and know when some of these new threats are trying to take over your computer. Scanners that specifically know where these new malware and spyware programs have to be installed in. Scanners that update daily to give you the most up to date protection. Because that's what PC Total Security 2009 does!!

It updates. It is getting better. And once its in your PC deep its game over. Just re-install windows.

When I go to banks, car dealerships, offices, and residential customers I install two free programs and then give them 1 of 2 others that they can try for free for two months and then purchase afterwords or keep the basic version. Any combination of the following 3 will protect you from this threat, IMHO.

1. Malwarebytes Anti-Malware - Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. I use this professionally and its free and can be updated.

www.filehippo.com/download_malwarebytes_anti_malware/

2. Spybot: Search and Destroy:

Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies.
If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware.

Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.
Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don't want them to see what you have been working on. And for professional users, Spybot-S&D allows you to fix some registry inconsistencies and extended report.

www.filehippo.com/download_spybot_search_destroy/

Guys, gals, hobos, guests, whatever... these two products work, are free, and they can save and protect your PC. If you do now have them downloaded and installed I suggest you do so.

3. AVG- Anti-Spyware - AVG Anti-Spyware offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers. ewido anti-spyware begins and supplements existing security applications to create a complete security system - because only a complete security system works effectively.

* Completely renewed user interface
* Possibility to create exceptions
* Shredder for secure file deletion
* XP Antispy
* BHO Viewer
* LSP Viewer
* Heuristics to detect unknown threats
* Scanning and cleaning of the Windows registry
* Support for NTFS-ADS scanning
* Daily database updates
* Patch proof by using strong signatures
* Analysis tools (startup, connections and processes)
* Intelligent online-update
* Scan inside archives
* Secure detection and deletion of DLL-Trojans
* Generic crypter detection through emulation
* Generic binder detection
* Free E-Mail Support
* Automatic Clean Engine
* Quarantine for suspicious files
* Multilingual User Interface

www.filehippo.com/download_avg_antivirus/

You can keep the basic version without paying for the upgrade, but their upgrade is very good. This, in conjunction with the two free products can protect you extremely well.

4. Avast - Home Edition -

avast! antivirus Home Edition represents the best free antivirus protection currently available on the market. This edition is FREE OF CHARGE for non-commercial & home use. Its features include:

* Anti-spyware built-in
* Web Shield
* Anti-rootkit built-in
* Automatic updates
* Strong self-protection
* Virus Chest
* Antivirus kernel
* System integration
* Simple User Interface
* Integrated Virus Cleaner
* Resident protection
* Support for 64-bit Windows
* P2P and IM Shields
* Internationalization
* Network Shield

www.filehippo.com/download_avast_antivirus/

This is a beast of a program, my fav cause it will do a boot sector scan as your PC starts up, and is offered in both basic (free) and full versions.

Okay, so where do you get these virus's? Look, everyone steals something from the internet. And if they aren't then they might be looking up porn, websites with naked women, online casino's, or whatever. These things can be anywhere and you need multiple fronts of protection that are focused on specific things like malware and spyware. The world of computer infections has progressed well beyond virus's and trojans. Please, please, please do not be like the six people this week who all had to have their systems wiped. You can ask me further questions if you like:)

Shawn

[Kim]

Amen! And as a recent graduate with a Bachelor's of IT Security, I second everything Shawn just said. I should know, up until recently I was using Norton...and god, after it came off the computer, its running better than ever. Plus, when you defrag your harddrive, you'll notice a BIG difference!

[nfty07]

I have McAffe and Malwarebytes Anti-Malware. I had a Virus on my computer that I couldnt get rid of it back in June. I had to get my computer completely cleaned, but all of my stuff was backed up for me.

Thanks for the information Shawn

[psycochick32]

I just wiped this off my mother-in-law's computer a few weeks ago. It was HELL. I wanted to break things. It didn't help that she's pretty much useless with computers as is, so it dug in deep.

I suggest doing it manually - there's a list of each of the processes, files, etc. online. It's a very long, complicated process but I got there after about 5 hours of deleting, refreshing, etc.

Although it's really strange compared to what you described - after a bit of tinkering and deleting, I was able to get into the Add/Remove Programs, Task Manager and Command Prompt. It took a while, again, but it did work.

Nonetheless - You are 100% correct in that it's a total pain in the ass, and that people need to be on the lookout.

NOTHING IS EVER 100% SAFE.

[shawn30]

I wish to God I had found a way to access something, but either this is a new version or you have super powers, lol. Nothing was accessible in any way and I wanted to throw the computers out the window. This virus is updating and getting better. People better have good, up to date scanner and protection and more than one type.

Congrats though on beating this thing.

[psycochick32]

It was an all day thing and I was close to sending the computer out the window myself.

It was really funny how I kinda strutted around the room afterward, feeling all full of myself -_-;;
BUT I FELT VINDICATED

I -have- heard that it's getting worse... what was happening when you tried to access the Task Manager? Just lack of any action or a forced shutdown?

Sorry - I'm a major techno-nerd. If I didn't have a good job on the web team at the local news station, I'd be moved to the IT department. *grumbles* As it is, I do half the stupid maintenance on the computers since our IT people suck!

Edited to add: You didn't mention Lavasoft's Ad-Aware up there. I know the free version is spyware only, but I've found the full version, including virus protection, is really solid and very up-to-speed with the latest threats. I've seen mine updating against PC Total Security almost daily, so that might be a good one to toss out.

[nfty07]

I my laptop is under warranty so i to take it to best buy they kept it for a week. I am being extra careful now, because I don't want to send my laptop back in

[shawn30]

Pop up window claiming that we didn't have admin rights. This new thing blocked everything and I had ti install a third party process manager, rename it iexplorer.exe and use that to kill some processes, but once you did the computer began a automatic time shutdown after 40 seconds. It wouldn't let you boot from any CD, so I had to go into the bios and change manually the boot sequence - It still did nothing. I tried to boot using Ghost and the latest Hirens Boot CD. Still nothing. The version you beat is the one a number of people online have said there is a way to overcome, but I think there's a new version out now that counters all that stuff cause none of those techniques worked for me, lol.

PS, I loved all the wonderful reviews you left me. Please send more soon.

PPS: psycochick32, could you link us to Lavasoft when you have time? Avast and SpyBot have been updating daily as well.
S

[psycochick32]

Ohhh OUCH. I've heard the newer version was doing the forced shutdown - I would have lost it and started screaming at the computer! *whistles* Didn't even work by messing with the boot sequence... *cringe* That SUCKS. *thanks every higher power in the world that she got to fight the easier version*

Ad-Aware can be found here:
www.lavasoft.com/

Ad-Aware free is a FABULOUS anti-spyware program, and like the name says, it's completely free. It updates whenever you set it to (mine is set to daily) and runs in the background without taking up pretty much any resources - I've never seen a lag while running it (whereas Norton and MacAfee drove me insane).

Ad-Aware Plus is around $27 but BEYOND worth the amount. There's really no point in picking up Pro - it does the same thing as Plus just as one program... and I know I'd rather run them separately anyway so I can see where the worst of the stuff is coming from. Both take up the same amount of space, too.

PS - *grins* Glad you're enjoying the reviews... ;D I'm having a blast reading!

[bahamut]

Avast? Hm........ I'm using Kaspersky, it has its daily updates. Is using Avast more preferable?

[shawn30]

With Kapersky you're fine. That's a great. great piece of software.

Shawn

[~*Cathy*~]

Thanks for posting this Shawn. I use McAfee and have for two years now (wish I'd had this info two weeks ago when I renewed ) and thought I was totally protected. I'm going to download the programs you suggested and see what happens.

[kpower80]

i got hit with that virus, and let me tell you, its sucks!!! i was using bitdefender and it let it through for some reason. i had to reformat after that.

i now use a program called Malware Bytes and it kicked it out the next time that it tried to hit me. Thanks god!!!

Well, trust what shawn says, TOTALLY! even my husband who is a computer tech agrees with he had to say!!

**Catch ya on the flipside!!**