So, I'll come straight to the point - I visited a dodgy website. I was on Pirate Bay looking to see what's on offer and I clicked on a link - absentmindedly. BANG! WHOOSH. BEEPS!!!! My Avast! anti-virus had a field day after spending the last 18 months with little to do.
Loads of files were being sent to the Virus Chest. Although this is the free version, I had every confidence in it's performance and it's usually updated daily. I've also a hardware firewall and a software firewall to help things from finding a safe environment in my computer. However, things started to come fast and furious.
I stopped the INTERNET connection. However soon after Avast! anti-virus became jammed and no amount of service stopping and starting would get it to update or run correctly.
First port of call after I rebooted was the Avast website for information. Ha! The virus had hijacked the HOST file, the file had also lost it's security permissions. I wasn;'t able to change it directly although this may have been a Vista measure. Even when I changed it to the correct configuration, webpages for Avast, Microsoft, and any other help sites were blocked.
I tried my trusty PSList to view the running processes, this also was blocked. Task manager was blocked...It was starting to look very serious. Luckily I own a laptop and had to use that to connect to the internet. I found everyone recommended a program called Malwarebytes and I transfered that to my computer (very carefully - making sure autorun was disabled) by memory stick.
Once run, Malwarebytes deleted a lot of files. But, webpage was still being blocked. I used Hijackthis to view what was happening. I deleted a few files manually, but still no luck.
I was now able to run a full Virus scan in safe mode (F8), the main warnings were:
Win32:Malware-gen
Win32:Malob-V (Cryp)
Win32:Vitro
Lots of files with weird names like: ncxmareows.exe, a.dat, b.exe, c.exe....being found. A study of the internet revealed that the Vitur virus is a particularly nasty one to recovery from and I soon started to agree.I was puzzled why I wasn't able to access PSlist and found that the c:\windows directory structure was compromised. An error showing "Access Control Structure (ACL) is invalid. Now this is getting a bit too weird.
A this point I made the decision for a complete re-install. The word on the internet showed that even a format wont take the malware virus down, it'll have to be a repartition, full formation and re-install. This was late at night and I decided to do one last thing before I accepted defeat, use the old command "chkdsk /r".
This morning after I woke, I also decided to take the risk of a restore point. If it failed I'd only lose a day. A massive download of service packs and re-installs of all my applications dreaded me. So, I booted up with the F8 and ran a restore to a week earlier. After 3 hours it finished.
At the moment everything looks promising. All webpages look OK. Only time will tell.
Here's the programs I recommend:
If anything happens in the next few days I'll update.
No comments:
Post a Comment