Thursday 15 July 2010

Auntie Virus

Here is some news. I have just spent fourteen hours attempting to remove a virus. An Internet Explorer use of a webpage used many times before (why IE - well because of how it stores in its cache) and suddenly I had a virus that acted as an anti-virus software, and producing a statement of a meaningless set of errors that was just as way of getting you to hand over credit card details. It stopped any program running after a few seconds of booting up, and it put out repetitive notices of a virus attack speculating what it might be. What is was was ehciuygtssd.exe and some registry changes.

The file had come in without a murmur from my anti-virus software and.

One way I tried to stop it was to run Linux Puppy, for the first time ever as well. I knew where it had infected files, so I went to remove them. I've no idea if removing them on Linux Puppy was actually to remove them, even with laborious erasing of files on a folder of which I'd never heard. All that was probably a waste of time, but I was trying to avoid going on the Internet.

I did go on the Internet, because Spybot set up demanded a download. I ran Spybot, as indeed I did my own anti-virus software, just as a reboot happened - constantly having to restart Windows to run any program. Once a program was running, it kept running, unless there was a change of operation external to itself. At one point I ran a system scan with the anti-virus software that gave a clean bill of health (after hours before a long scan had found one infected file - but an infected file is not the same thing as the cause and I removed that in Puppy) at the same time as Spybot, once it had those files. Spybot found the culprit, and erased the program and the registry fiddles. It wasn't just in my Application Data, but Local Settings\Application Data, which are half hidden folders.

The virus package was identified as Fraud.Sysguard, Fraud.ASecuritySuite, Autorun settings, the Program file, other autorun settings, and a Registry change.

Read and be warned.

3 comments:

Doorman-Priest said...

Nightmare. I've just lost my e-mail address book. I hate technology!

June Butler said...

Dear me. I hope my computer doesn't catch the virus.

My son's computer was infected in a similar way, and he had to get expert help to clean it up. I remember how annoying it was to try to use the damned thing.

What you do seems to require IE, but I've been much better off since I left it behind.

Erika Baker said...

Malwarebytes will clear that up but you have to run it in Safe Mode.