Friday, January 9, 2015

Over My Head

The other day our friendly neighbors from Alberta were over for Happy Hour and Francis mentioned he could not get Skype to work on his computer. I said I would have a look at it for him so yesterday he brought it over and I started it up. Right away an AVG window popped up saying there was a virus. He said, "ignore it, it happens all the time and I can't do anything about it". I clicked the 'remove' button and nothing happened, AVG would not work. He said his daughter had installed AVG a long time ago but he had never updated it.

I thought I would be the smart guy and uninstall AVG and install MSE, a better product that just works away in the background, updating itself whenever required. Well, I finally got AVG uninstalled and then things got worse, much worse. Windows were popping open everywhere and it would not let me go to the MSE site, putting me on other third party sites instead. I knew better than to let it do this but try as I might, I could not download MSE. I closed the computer before I did any more damage. I was about three feet over my head and the computer was worse than when I started, or at least I thought it was.

Last night I emailed my friend Rick who is wintering just down the road, asking for help. I hated doing this because it was not his problem or even his neighbor but at this point I had little choice. Rick answered right back that he would be glad to help so we set up a time of 9:30 this morning. I thought it was just going to be a simple matter of downloading and installing MSE but no. As soon as Risk turned it on he knew there were serious problems. He discovered many malware programs that were redirecting search requests. When he tried to install Revo Uninstaller, it would not let him do it. He used some professional tricks and installed Revo which found probably twenty malware programs (all in Russian) which he slowly eliminated.

The ten minute job had now taken almost three hours! Our neighbors are happy, Skype works again and Rick got some mental exercise trying to out think the Russian malware writers. As he was leaving he told me that in his 50 years of doing this both as a hobby and professionally, this was the worst he had ever seen. The computer was completely taken over and was unusable.

Thanks again Rick! I learned a lot from this exercise as well and might be able to get further next time I try to help.

18 comments:

  1. WoW! At least it turned our well - your neighbour must be thrilled even though you were sweating buckets. All greek to me but obviously 'malware' is bad. Hooray for Rick!

    ReplyDelete
  2. All because they clicked on something that they shouldn't have. We've been over five years now without any antivirus program at all. The lesson is, never click on something unless you know for sure what it is.

    Good on you for helping them out. I hope they know how to avoid getting into the same situation again.

    ReplyDelete
    Replies
    1. You are asking for trouble Kevin if you don't use any antivirus. You really should install something unless you don't care about anything on your computer.

      And I'm saying this in as caring a way I can. It's kind of like having a lot of sex without using a condom. Eventually you are going to pay.

      Delete
    2. Five years virus free is a pretty good track record Don.

      Delete
    3. Many parents refuse to vaccinate their children against infectious diseases that could kill them. Many of those children live for years but the clock is always ticking unfortunately even though a 'free' vaccine could protect them.

      Parents who refuse proven, free vaccinations for their children are simply foolish.

      Computer users who do not install anti-virus software (free or otherwise) are also foolish and not to be listened to by anyone who values the data kept on their computers or simply the ability to continue to use their computer.

      The fact is that there are many ways for a computer to become infected with a virus or malware other than by 'clicking on something that they shouldn't have'. That is the most common cause but by no means the only method hackers use.

      There are contrariness (i.e. attention getters) who oppose any safety precautions - i.e. lots of people still won't use seatbelts claiming they've driven for 50+ years and never been hurt in a car accident. Is it a good idea? About as good as not installing anti-virus software!

      Delete
  3. Rick is a handy guys to know, good thing that all things were fixed up.

    ReplyDelete
  4. All right! Way to go Rick. How nice it is to have such a professional computer guru to help out. Your friends caught a lucky break meeting you and Rick.

    ReplyDelete
  5. I've had some knarly ones like this. When I get one as bad as this I usually go get the latest Kaspersky CD ISO and burn a CD which is bootable. I then boot off of that and it cleans up the machine.

    It's very hard to try to clean something that infected if you're booting up the infected OS.

    ReplyDelete
    Replies
    1. Rick said he was just one step from re-installing Windows. It was good to watch him, I learned a lot.

      Delete
    2. The question is Don, how did you get those viruses in the first place?

      Delete
    3. They weren't my computers Kevin. Like Rick I help friends with their computers all the time. At my work I am the IT guy even though that's not my title.

      The majority of people who got a virus did not have an anti-virus program installed. After I cleaned up their computer I always installed one.

      Delete
  6. Thanks for the invite to help your friend, Croft. It was one of the most interesting challenges I've had in quite some time. Darn those Russians! But, it was kind of fun seeing all that hi-jacking stuff. It was the worst I'd ever seen on a computer.

    You're right when you say I was just one step away from thinking we may have to re-format the HD and re-install Windows 7. That would have worked too but it would have taken much, much longer.

    ReplyDelete
  7. I have to use a Windows computer for a client and only ever use it for work. So the only time I go online with that machine is to get work-related stuff. The client pays for what I assume is a top notch antivirus application that is always kept up to date.

    A few months ago, the computer was terribly slow and after doing software updates and such, it still wasn't working right. The antivirus software hadn't picked up anything and I hadn't been anywhere I shouldn't have been.

    I was told by a friend to try an app called Malwarebytes and ran that. The computer was absolutely infested with malware! Looking at my browsing history, it was obvious that the malware came from the very popular Filezilla application!

    The lessons I learned were that there is no such thing as a safe destination on the web when you're on a PC, that antivirus software is not infallible, and that even being paid does not give me the patience to troubleshoot this kind of crap. I've got way better things to do with my life.

    Thank goodness for people like you who have the time and patience! I hope your neighbours showed appreciation for your effort!

    ReplyDelete
    Replies
    1. I have never seen hijacking like this. No matter what you typed in, it took you to a different site.

      Delete
    2. Some anti-virus programs are better than others. I used to run AVG Free all the time because, well, it was free. Then someone who was also running it got infected. I then switched to Avast.

      I've always found Kaspersky was the best at really nasty ones but as far as I can tell they don't have a free version and I really like free. I would be willing to pay but Avast free seems pretty good.

      Delete
    3. My client uses the ESET Nod32 antivirus. Didn't do me much good against Filezilla...

      I wouldn't be able to handle the daily stress of an attack like this happening to me. I'd have to have several backup computers and much more frequent than hourly backups to ensure that I never lose a minute of work to troubleshooting. At least, the client for whom I use the PC pays me for my troubleshooting time.

      Delete
  8. Running MALWAREBYTES as we speak. Already detected 410 - GRRRRRRRRRRRRRRRR!

    ReplyDelete
    Replies
    1. I just scanned both computers with Malwarebytes. Zero and zero!

      Delete