Life in the Trenches – Never Assume Anything When it Comes to Computer Security

Guest writer, Mister Reiner, takes us through his experience of being the “on call tech” for a friend. There are some good lessons here.

image A friend of mine called me in a panic last week about a Windows home computer problem. His browser was hijacked with some type of “virus” that constantly redirected him to anti-virus/spyware sites, and he wanted some help to remove it from his computer. He’s a pretty smart guy, but he’s not a computer guy.

“Are you using anti-virus software?” I asked.

“Of course,” he answered, “What do you think I am, stupid?”

“No.You know I don’t think you’re stupid. Is it up to date?”

“Yes,” he responded impatiently.

“Do me a favor. Open up Internet Explorer, go to the menu and select Windows Update.”

“You’ve got to be kidding me.”

“No, I’m not kidding you. Just do it.”

After quite a bit of silence, I started to think we were disconnected. “You still there?” I asked.

“Just a sec,” he responded. “Ah… I think I have a problem here. It says I have 71 critical updates. Let me call you back.”

He called me back a few minutes later and told me that even after all the patches were applied, he was still having problems with browser redirection. I gave him instructions on how to download and run a free product called “HouseCall” from Trend Micro.

Sure enough, his computer was infected with a Trojan. We selected the removal option, restarted his computer and the Trojan was gone.

There are a few takeaways from this experience that are worth mentioning.

First, as many of you know, anti-virus software doesn’t catch everything. My friend is using Symantec Endpoint Protection and in this situation, it failed to detect the Trojan that infected his computer.

If you think your computer is infected with something that your anti-virus software didn’t catch, you’ll have to download and try several different anti-spyware programs to see what each can detect. Each anti-spyware program works differently, and some are better at detecting certain types of malware than others.

Second, never assume that the Automatic Windows Update feature is working properly. You should periodically go to the Windows Update website to make sure that it’s not detecting any updates that should have been applied by the Automatic Windows Update feature.

And lastly, removing malware only removes the malware. You never know what type of additional software gets installed, or what type of configuration changes malware makes while on your computer.

It may change security settings, install undesirable browser or operating system add-ons, swap out legitimate utility software with Trojanized versions, or install an undetectable sleeper Trojan that will awaken sometime in the future to install some other malware.

I always reformat the hard drive. Some people consider this extreme, but I disagree. You can never be certain of anything when it comes to dealing with malware.

I went over to my friend’s house that evening to help him backup his data, reformat his hard drive, reinstall the operating system and reinstall all the software. He thanked me on the way out the door and apologized for being short with me over the phone. I told him that it wasn’t a big deal and if he ever needed help again, to give me a call.

Mister Reiner is a computer professional with over 20 years of experience, and a Bachelor of Science degree in Computer Science. He is author of a new eBook – OWNED: Why hacking continues to be a problem.

Drop by Mister Reiner’s WordPress site – you’ll be glad you did.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, Guest Writers, Internet Safety, Malware Removal, Software, System Security, trojans, Viruses, Windows Tips and Tools

20 responses to “Life in the Trenches – Never Assume Anything When it Comes to Computer Security

  1. Liam O' Moulain

    Bill/Mister Reiner,

    I’m always grateful for my techie friend. He’s bailed me out more than once.

    Liam

  2. kingpin

    Hi Bill,
    Well the lesson to be learned here is that everyone should always keep their OS,Antiviruses and all other application up to date.Common sense and right knowledge are the ones that going save our skin from predators on the net.Sometimes even un-proper layered security could even cause conflicts and become a huge security issue,just like my friend who got hit by a fake AV-Antivirus Demo 2009!Thankfully MBAM cleaned it up for him.

  3. Great article, updating Windows is the first thing I do when cleaning a computer. I’m seeing more and more AV’s essentially doing nothing during an infection, and I’m not just talking about big Mc…
    Going to the command line and typing MRT will launch the Microsoft Malicious Software Removal Tool. It’s part of the operating system and runs every month after update Tuesdays when its definitions are updated. It has been effective in removing many varieties of fraudware out there.
    Mark
    Mark

    • Bill Mullins

      Hi Mark,

      As usual, a very astute comment. Great reminder on Microsoft Malicious Software Removal Tool, so much so, that I just finished I just finished running it.

      Best,

      Bill

  4. Jerry Chance

    Hi there Bill

    Don’t know where to put this message, so I’ll stick it here. I am absolutely full of admiration for the quality and content on your website. I visit you first every day and am astounded by all the new nuggets of information on such a wide variety of issues that you are able to provide.

    Congratulations and well done Bill and long may you continue!

    Love, Light and Peace
    JC

    • Bill Mullins

      Hi Jerry,

      Good to hear from you, and thank you for your encouragement. Your comment certainly put a different spin on my day – much appreciated.

      Best,

      Bill

  5. Pingback: Anonymous

  6. Pingback: Anonymous

  7. Pingback: Anonymous

  8. Ramblinrick

    Bill,

    I love the “real life” stories… Nice job on this article. I have to agree with the “reformat” on the hard drives when infection occurs (to be absolutely sure).

    Rick

    • Bill Mullins

      Hi Rick,

      I agree – personal stories can be highly effective as a teaching aid.

      Totally agree that a wipe and a reformat after an infection (given the type of malware we now have to deal with), is the best choice. How many times have you seen system files, or boot loaders, destroyed by malware removal? Lots, I’ll wager.

      Thanks for dropping in.

      Bill

  9. Pingback: Anonymous

  10. As usual in a very interesting article Bill.
    True words.
    Greetings. 🙂

  11. Hi Reiner,

    Well! I have to thank you for that tool. I’m still a learner and possible always a learner too. This issue reminds me a friend who consider himself a geek or techie but he don’t have much care on updating latest patches of OS. He thought antivirus is enough and one day he find himself similar situation where your friend was. I suggested him the same procedure. However, in place of ‘HouseCall’ I suggest him ‘Malwarebyte’ and it works fine. We should do basic thing and don’t try to be over smart in any field. Thanks for this insightful article.

    Arafat

  12. P.S. Thank you Bill for reminding the scanner House Call Trend Micro.
    I wanted to try it once (last year), but I did not know that I have a corrupt master boot record and would not work.
    So now, I downloaded it a very interesting alternative.
    All the best.

  13. Hey Bill.
    I ran twice the House Call and it worked, but at the end of the scan in full mode displays an error displayed to the inability of the page scan web.Results of scan is very good.
    Why?
    I have everything in order.
    The next time you try to run the program no longer appears on the computer screen.
    Strange.

  14. Pingback: Geek Squeaks’ of the Week (#60) « What's On My PC