Dealing with Sneaky, Slimy Malware

By Forrest Stroud, | Posted February 25, 2004

I have no idea how it happened, but for some reason my Web browser now defaults to a strange search engine that I've never seen before (blazefind.com). I don't recall making the change myself, and I can't imagine why it would have happened. It's also had a tendency to mess up the auto-complete part of my address bar, making it a pain to enter in addresses.

Worse, I can't seem to get rid of whatever's causing these problems or find a way to return to the default search engine. As a matter of fact, I can't even get to MSN anymore. Do you have any ideas why this might be happening and how I can go about restoring everything to the way it was before?

Unfortunately, I do have a pretty good idea how this may have happened. However, I'm not sure if you're going to be able to easily correct it. My brother recently had a very similar problem to yours. I spent a few hours diagnosing his system and discovered that his PC had somehow become infected with the TROJEN.DIGITS virus.

According to the information on Symantec's SecurityResponse Web site, when the TROJEN.DIGITS virus is executed, it creates the file Excel10.dll and registers it has a Browser Helper Object, which means that the component receives information regarding all the actions inside Internet Explorer. It also modifies the HOSTS file to point to a number of different web sites specified by the Trojan's creator. In addition, it deletes a bunch of files from your system and makes extensive changes to your registry.

My guess is that the virus was likely inadvertently downloaded to the machine via a piece of freeware or shareware. A word of advice — you should be very careful about what software you install on your system. Be sure to carefully read the end user license agreement (EULA) for any piece of shareware or file sharing package (such as KaZaA). These types of applications are often littered with adware and spyware programs that insiduously install themselves on your machine. How do you think these freeware/shareware utilities get the funding needed to allow you to use them for free or next to nothing?

Making matters worse, some sites will even automatically download components onto your system if you're not careful (like modem dialers, browser plug-ins, search bars, etc.). Adware.IGetNet, Adware.MainSearch, Adware.Winshow, Adware.ILookup, Adware.AdultLinks, and Adware.SearchCounter are just a few of the many examples that you may have the misfortune of coming across. This index page from Symantec will give you an idea of just how many of these malware programs are out there — it lists over a hundred more adware viruses alone.

Before moving on, I'll stress one more time the importance of reviewing the entire EULA for all software you download, as the fine print is the only thing keeping such malware legal (of course, just how ethical these programs are is an entirely different matter).

Diagnosing and Removing the Problem
Back to the problem at hand — Norton indicated that the virus on my brother's computer should have been easy to remove. Well, they were wrong — very wrong. I literally spent hours removing the infected files from the system and cleaning out the Windows Registry. Just when I thought I had removed every possible component of the virus from the system, it resurfaced. This happened at least three times. It finally got to the point where I had no other option but to erase the hard drive and reinstall the operating system.

Now I don't know if you have the exact same virus I had (again, there are many, many varieties out there), but I think it's safe to say that you're definitely suffering from malware malaise. I recommend you first get your hands on a good anti-virus package, which will hopefully be able to find, identify, and remove the virus from your PC, or at very least, diagnose and point you in the right direction on the long and frustrating path of cleaning your system and getting it back to "normal."

Personally, I recommend using either Norton Anti-Virus 2004 or McAfee VirusScan. Both of these are excellent packages and should be helpful in ridding your machine of its infection.

If, however, you're in need of a more immediate solution, I would suggest checking out Symantec's Online Security Check site. On this site you'll find tools that are capable of detecting your PC's vulnerability to external attacks and, more importantly, can even scan your system for viruses and Trojan horses. Once Norton identifies your virus, it will hopefully be able to remove it for you.

However, because viruses like these often make modifications to key system files like the windows HOSTS file, they often can't just be automatically removed. Instead, the files will need to be edited and/or restored manually. In these situations, Norton's online Virus Encyclopedia can give you a complete profile on the virus that infected your system, including detailed information on what changes it made and how to go about removing it. Hopefully, you'll have better luck then I did.

Something else I should point out — when I had previously scanned my brother's PC in search of the virus, it had reported multiple times that the system was virus free. However, when I started the computer in Safe Mode and rescanned it, it found four (4) copies of the offending virus. Bottom-line, don't make just one pass and assume that everything is OK if it doesn't find anything. Perform at least one scan in Safe Mode to be sure.

Go to Page 2: Installing Safeguards to Prevent Future Infestations >


Page 1 of 2

 
1 2
Next Page

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date