RE Blog Lab (Me) Sidetracked

It wasn’t actually the Lab that was sidetracked, it was me.   The Lab is secure and has been since the beginning.   But late last week I downloaded a web based FTP client I needed for a project and I wasn’t careful in finding it.   I did a google search, clicked on the first available link and downloaded a file.

Confession Of a Very Lucky Man

Malwarebytes main screen (I added the flowers)

Malwarebytes main screen (I added the flowers)

I’ve never to my knowledge had spyware or malware that wasn’t trapped by Trend Micro or removed during a scan.   Till now.   I don’t surf the web much, I use it for my purposes and don’t find myself in risky or “bad” neighborhoods except for a wrong turn or a link that has been hijacked, which I usually am able to shut down or pull a cable fast enough to prevent anything from happening.   I’ve never had to do battle with a virus, spyware or malware, like I said till now.

After battleing for three days and a lot of reboots, in and out of safe mode and the purchase of serveral pieces of software claiming to remove the offending bug (none of which did, by the way)   I put out a call for help to a friend of mine that lives on the edge and is always reformating his hard drive and re-installing Windows.   At the same time I sent a cc to my son-in-law in Iowa who is a geek, a real geek, not a dial-up geek like me.

Both sources said to get malwarebytes.   It took only a single google search to find it and get it installed.   But it didn’t do the trick the first time through.

The solution I came up with which worked very well after three sleepless nights.

  • After it is installed boot in safe mode (F8) on bootup
  • Run the program and when it says it needs you to reboot to catch the ones in memory do so but into safe mode again.
  • Run the program again, this time it caught 5 bad files but didn’t need a reboot once it was done removing them
  • Reboot normally and run it again as a (Verification Scan)   if you get “0   files found” you should be clear and ready to go on with your life.

I think the specific bug was Trojan(dot)BHO, but I’m not certain of that.   Trend Micro caught most of the attempts to open other sites.   The url blocked always started with the same string url(dot)adtrgt(dot)com   and it was popping up so often I couldn’t get anything done.

Now we hopefully return some sense of normalcy.   I can’t recommend malwarebytes enough.   It is a great tool to have in our tool bag should you find yourself inviting in a stranger that loots your computer and keeps changing addresses in your computer’s memory.

Comments

  1. Ouch! Glad you’re back posting though.

  2. glad it worked. you can save time and energy with realtime protection (either get spybot s&d, which is free, or shell for Malwarebytes Anti-malware full version – you can save on it using a coupon from http://news.dtcdeals.com/malwarebytes-coupon-code).