Ive always had my computer up to date on AVG antivirus, windows service packs (XP) etc. Ive had infections pop up at odd times but always caught by avg or firewall.
Wednesday was different.
I was looking for an image for a presentation and did a google search for image web engines, I went to one and I got a popup from the windows firewall saying svchost.exe was trying to access the net, I denied it. A few seconds later my PC actually rebooted and installed a root kit. All my security settings were overridden also taking my firewall down (luckily I had disabled my internet connection through the reboot so no data was going to get off). AVG occasionally scanned and found something, but not consistantly. I had to go through my registry and get rid of it. The virus had installed itself and reboot my machine all through firefox!!!
I found this virus in beep.exe, in svchost.exe, in the registry. It also managed to infect my windows restore point archives way back through so any attempt at using restore would have just have resurected the virus. When running it happily re-installed files like beep.exe in front of me as I deleted them.
Windows Malicious Software removal tool seems to have finally got rid of it after two scans, but cannot be sure. AVG thinks the Windows tool is a virus too.
Its a nightmare, this is not a trivial thing regardless of what the Microsoft PR machine is saying.
I'm pretty good at this and its taken days of scans and manual intervention. And I had the thursday packs installed when I was still finding the virus.
If it pops up once more I will have to do a complete re-install. This dev machine will require at least a week of installations to bring it back to the state it was in before if I do that.
Not happy, not trivial, no ebanking will be going on from that machine for a while.
Wednesday was different.
I was looking for an image for a presentation and did a google search for image web engines, I went to one and I got a popup from the windows firewall saying svchost.exe was trying to access the net, I denied it. A few seconds later my PC actually rebooted and installed a root kit. All my security settings were overridden also taking my firewall down (luckily I had disabled my internet connection through the reboot so no data was going to get off). AVG occasionally scanned and found something, but not consistantly. I had to go through my registry and get rid of it. The virus had installed itself and reboot my machine all through firefox!!!
I found this virus in beep.exe, in svchost.exe, in the registry. It also managed to infect my windows restore point archives way back through so any attempt at using restore would have just have resurected the virus. When running it happily re-installed files like beep.exe in front of me as I deleted them.
Windows Malicious Software removal tool seems to have finally got rid of it after two scans, but cannot be sure. AVG thinks the Windows tool is a virus too.
Its a nightmare, this is not a trivial thing regardless of what the Microsoft PR machine is saying.
I'm pretty good at this and its taken days of scans and manual intervention. And I had the thursday packs installed when I was still finding the virus.
If it pops up once more I will have to do a complete re-install. This dev machine will require at least a week of installations to bring it back to the state it was in before if I do that.
Not happy, not trivial, no ebanking will be going on from that machine for a while.
Andy
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/845/2687#2687