I normally don’t get infected with malware, spyware or viruses. I shouldn’t – I make my living keeping people’s computers and networks operating properly. However, there are exceptions to every rule.
Like DEA Agent Lee Paige, who shot himself in the foot while telling a class full of students how he was the only one in the room professional enough to handle a gun, I became the victim of my own overconfidence yesterday. We use Trend Micro’s OfficeScan corporate anti virus protection in our environment.
Anyhow, the long story short is that part of my job entails checking up on what our employees are doing on the Internet. I receive reports containing links every time someone attempts to surf somewhere our monitoring software thinks they shouldn’t be. Yesterday I clicked one of the links provided in the report and almost immediately realized I was in trouble. My computer began spewing popups left and right. I use Mozilla Firefox, which is generally not affected by spyware and malware, but in this case, both Internet Explorer and Mozilla Firefox were infected and hijacked. The popups were kind enough to inform me that my PC was infected and came with an entreaty to click various links where I would be able to install software to remove the infection – for a price. What sort of twisted human being writes code that blackmails a computer user? I’d love an opportunity to code that coder’s ass.
My first attempt to remedy the situation involved running a full virus scan using Trend Micro. Unfortunately, although Trend was able to detect several infected files, it was wholly inadequate at fixing the issue. Several reboots later, and after having also run the “grayware” detection provided by Trend, I decided I needed to bring in additional firepower.
Since my two main browsers were both incapacitated I used Apple’s Safari browser to begin Googling for a solution. I downloaded PC Tools Spyware Doctor and installed it. The full scan found several hundred nasties that all propagated from the single short sighted link click. After another several reboots, my browsers were no longer spewing popups at the rate of several hundred per hour. The spyware was still partially active on my system though. The Google toolbar in both Internet Explorer and Mozilla Firefox was disabled and IE was crashing repeatedly on launch.
Time to call in the big guns. Enter SmitFraudFix and Combofix. Both of these free products will remove spyware but they come with risks and are not as simple to use as commercially available tools. Combofix can potentially make a PC operating system unbootable and should be run as a last resort. In my case, it was the tool that made the difference – restoring my ability to use search features in both Mozilla Firefox and Internet Explorer 7.
Moving forward, I will be clicking those links in a virtual operating just in case. We’ll also be reassessing our use of Trend Micro’s products and looking for possible alternatives.