It’s a normal part of computer life. Some day you WILL get a virus or malware. Stuff happens. This will be just a quick overview of something that happened to me.
Yup, I got a virus
I noticed a strange thing every time I booted my laptop lately. There was a message that “powershell could not execute the command” error. This would repeat about 3 or 4 times before I could get it to go away.
(Powershell is a command line tool [think DOS prompt / type written commands] that can execute other functions.)
Annoying mostly, still I knew something wasn’t right.
I scanned my system with the usual cleaners and found a couple of annoying issues, nothing major. This error kept happening.
Today at lunch time when I went to write my blog post for the day the issue popped up a bit different and Microsoft defender caught “something” and quarantined it. Yes, the free Microsoft security product.. 🙂
I immediately fired up an in depth scan tool that looks for root kits (things that hide wayyy deep in the systems) and today it caught the little bugger. A root kit typically hides in the system files and when a product like Security Essentials, Windows Defender, Symantec finds and removes the infection, on next boot it gets re-installed.
These are real tough to find and remove. Many times it is easier to just rebuild the system – easier and a LOT quicker.
After I removed the root kit, I rescanned with 3 other products to clean it up. Each one of the scans found other issues. Malware, tracking cookies, etc. All in all a whole lot of crap I didn’t need.
How did it happen?
I am pretty good about not downloading stuff that I am unsure of and I hardly ever click on links in emails, still there are ways to get infected.
From what I can gather this infection comes from a video conversion utility that I downloaded for FREE. Oh yeah, this neat little FREE utility had something hidden inside of it. Two things could have happened.
- It was set to trigger on a specific date and that would have been November 5th or 6th. I don’t remember exactly when I first detected the issues, I did scan the machine on Thursday.
- The scanners I use are just learning about this virus now.
Huh? Just learning about it now?
Yes. You see, when someone writes and releases a virus, it takes time for people to realize something is wrong, find the files, submit them to the virus software companies, then get the virus definitions updated. This process can take days to weeks, sometimes even longer.
When a hacker writes a virus or an exploit that is not known it is called a zero day exploit. These are things that can cause havoc, install other malicious software, setup your system as a “bot” (zombie ready to be controlled) all without anyone knowing. There is a few stories I will share at a later date that goes into more detail. One of the stories will tell of a guy who was arrested and when the confiscated and checked his laptop he had 22 zero day exploits on his machine. Ready to go out and infect people.
Very nasty stuff.
Here is a list of things I used to clean my system. A few are free some are not (version dependent). If you choose to download and use be very careful. If you do a search, some of the returned results will be links to software with the same name but contain the bad stuff.
- Kaspersky TDSS Killer – this is a root kit remover. Run this first, then the others
- Spybot Search & Destroy
- Spy Hunter – very intrusive, very deep inspection, I use this one last.
Well, that’s about it. A day of chasing virus out of my system. I will be rebuilding soon too!
As always, Truly Blessed!
P.S. Please do not think Macs are immune.. 🙂