March 2009
February 2009
My aunt is technologically illiterate (no offense to her). As a result, she calls on me whenever she has a computer problem that she can't figure out. Also, she got her daughter (my cousin) a laptop for Christmas, so of course one would expect the number of computer issues to rise. Well, tonight was one of those nights.
The laptop would start, but then it wouldn't load the taskbar and desktop. I immediately expected malware, and so agreed to go take a look. When I got there, I was confronted with a window that called itself "Windows Privacy Tools", along with a billion error dialogs about memory access. What's more, I couldn't interact with the window in any way, Ctrl+Alt+Delete did nothing, and even Ctrl+Shift+Esc did nothing. I had no choice but to reboot. The windows login screen popped up innocently enough, but when I clicked the Log In button, a strange voice came on saying that something was detected. The "Windows Privacy Tools" window then popped up again, and began to scan (or one would think). Again, I could not interact with the computer in any way, other than the power button. However, I examined the window this time, and red flags began popping up in my head. The program seemed too insistent on updating, exclamation points were suspiciously frequent, and the program stated it was associated with Microsoft (even gave a link to http://microsoft.com/privacy). I used my computer to search for the name of this program, and no results even close to Microsoft came up (one would expect Microsoft results to be near the top). Realizing that this program was indeed malicious, and that it hijacked the startup, I rebooted into safe mode. Booting into safe mode, the same window still popped up. However, I was able to access Task Manager, and kill the process. Using Task Manager, I started Windows Explorer, and began my diagnosis.
I started by using their installed Norton 360 to run a full system scan, while i continued manual diagnostics. I used HijackThis to scan the computer, and the useful HijackThis log analyzer at hijackthis.de to analyze the log file. The scanner found 15 malicious files and registry entries. After I looked through the analysis results, determining if unknown entries were legit, I checked Norton and it was done. It had detected a tracking cookie.
Let me recap the results for you:
- HijackThis and hijackthis.de: 15 malicious files, including MyWebSearch, toolbar adware, and a trojan/keylogger of Chinese origin
- Norton 360: 1 tracking cookie
Luckily, I knew from hijackthis.de what exactly i was facing, so Google was my friend, and I was able to remove all of the malicious software (as well as a few legit but unnecessary IE toolbars) using a trusty tool, Revo Uninstaller.
P.S. FYI, I intentionally linked every mention of HijackThis and hijackthis.de. (Hint hint, Symantec
)Now for the sad story...
I'm in a Calculus 3 class, I have a lot of homework to do, and the teacher can't even help us because she doesn't even remember the stuff... (short story, huh?)
