How I Got Hacked... And Why You MUST Have a Backup! - Comments Page 2

Once again an eye opening article. Few days ago I installed a free photo editing soft and later my Yahoo home page was changed to that photo software's website. I immediately uninstalled the soft, but when I checked the other browser
Firefox, its settings were changed too.

I ran antivirus soft, Norton tools and I am back to track but do not know if something is left on computer or not. This is a lesson for me. I should have backup to avoid sudden problems.

I got a question and hope someone will clear it. What does image backup means? if I do image backup of my computer will it consume a lot of disk space?
If computer is not working how come recovery disk works?

well, i am not sure about windows update. I am using windows 7 ultimate edition with updated avg internet security. Win7 UAC selected on maximum level (i think ms made this for those dangerous application which is not caught by antivirus) and also using autorun blocker registry file. Thats all protecting me for 2 years without formatting. I dont have ext.hdd so i am using c drives image to d drive with acronis for my laptop. Anyway thank Bob for telling us about that kind of virus.

I have the feeling that on my system that malware would have been easily blocked by either ad muncher, Comodo firewall, or OpenDNS!!.

Is there any way to test that?

Ouch!!! Wince!!! Shudder!!!

Praise be to God you had a recent backup!!!

(I don't do incrementals -- only a full image about every month or so; too little changes on our system to make that much difference. Works for us.) Interesting that you had to "go back to 2006" briefly -- any nostalgia there?     :)

When I accidentally get on an iffy site with pop ups, I don't try to close the pop ups. I close my browser instead and if that doesn't work, I log off. Clicking anywhere on the pop ups, even to close them leads to trouble.

Interesting Bob and exactly what happened to me 8/21. I just lost my C: partition on a Seagate 1 TB 7200 32 MB. The D: partition was untouched. What I do remember was CHKDSK running after turning on PC and basically stating many clusters were bad. After that -poof-.

Ran the Emergency Repair Disk. Did the bootrec/fixmbr and other functions. Created a new partition and set up shop there. The C: drive never showed up.

A friend in a federal agency runs the data recovery shop and wants to see the disk. Will advise what he finds. FWIW, had paid AVG running.

Question: Would Firefox using noscript prevented the drive-by downloads? I'm ultra paranoid-I use Malwarebytes Pro and Nod32 Antivirus real-time. That combo seems to work without any slowdowns.
NoScript is a pain as you need to allow certain sites to use javascript, but the protection outweighs the hassle.
GREAT article as computer security is a hobby of mine.

Hey Bob, I'm sure you're not going to post this but maybe if you're not smart enough to check it out in a virtual machine, 1)You shouldn't have a tech blog 2) You shouldn't be blogging about a dumb mistake in which you got what you deserved.

EDITOR'S NOTE: Alyssa, we all make mistakes. As for my smarts, I'll let my body of writing speak for itself, and others can decide. As for blogging about my mistake, I think there is great value in telling people what happened to me, so they can avoid the same problem. Please feel free to tell others how stupid I was! :-)

Did you consider running "Microsoft Standalone System Sweeper Beta"? It has help me with some hard to remove items.

A couple of things you might want to do is make a backup of your Boot Sector and Partition Table. These need to be kept on a read only media not on your HD.

You might want to really take a look at why you use RAID. It has caused me more trouble that it is worth. HD are so cheap now just double up on them.

When you hover over a link it is displayed in the lower left line of most browsers or mail managers. You should get in the habit of looking there before clicking. You will soon get used to re-thinking if you should click. If in doubt just sandbox your browser, and yes noscript is a pain, but worth it.

Last, you do not have a backup unless you have three copies, in two different medias, and stored in two separate locations.

On a typical machine, an antivirus / antispyware boot CD would usually do the trick to allow you to get rid of the main infection so that the system could be booted and run ComboFix (which, by the way, I always run in safe mode), but the author's system would not recognize drive C using one of these boot disks. That is because he has his system set in a RAID configuration, and these boot disks do not load the RAID drivers. BartPE might have worked for him had he loaded the RAID drivers when Bart asked. Also, some systems use ACHP for the SATA drives, and unless these drivers are loaded, boot CDs will not recognize their drive C either.

EDITOR'S NOTE: Good point about the RAID drivers. RAID adds a layer of complexity that's just not necessary for consumer-level computers like mine. Gateway gave me two 250GB drives and put them in a RAID config to make it look like a single 500GB drive. I've never used more than 80GB, so that wasn't the best option for me.

Try downloading Hirnens (14.1 latest ver). Run utility @ power on from DVD Drive or Flash Drive. Sort out the problem b/f loading Windows, if you can. Great HDD scanware and MBR repair utilities amongst many other progs. Remember. Back up regularly!

Thank you for this lesson about a typical drive-by infection-- currently one of the most damaging attacks possible, and increasingly prevalent. By now, most people have had first-hand contact with this type of virus, or know somebody who has.

As a computer support staffer, I can attest that everyone from physicians to PhDs has been hit, and they remain vulnerable even afterward. No matter how careful or professional the user, and no matter what real-time ("shield") protection is installed, this is malware written by professional criminals with world-class expertise, and very hard to defeat-- let alone prevent.

So, contrary to reader Alyssa (who keeps her pantaloons entirely too tight for her own good), there is little that can be done beyond running high-quality anti-malware real-time protection, and hope to avoid accidentally starting a malware installation.

Since this kind of malware is often made by professional coders for organized crime, it is sometimes called "extortionware". Typically, after extortionware comes on board, it displays a series of bogus messages claiming detection of infection. Next, the malware solicits a "repair" operation, and sends an endless stream of obtrusive reminders every minute. Eventually, all the messages take a toll of the user's composure, who may relent and click on a message panel in an attempt to remove the plague. Of course, that desperate measure does not work.

And now, the trap has been sprung. As the infected machine progressively loses its functions-- no anti-virus scans, no internet, and sometimes not even email-- the user is told the computer can be cleaned for a certain amount of money. The user is given no guarantees, but on offering the criminals a credit card number, the system may visibly improve. Unfortunately, from all field experience, the malware itself is not removed. Worse, the criminals have their objective, and quickly put the victim's credit card number on the black market.

Extortionware is always under rapid development to defeat commercial anti-malware protection, so users must make sure they use the very latest version of protection, and keep it updated daily.
For those users lucky enough to detect the symptoms of an infection-in-process, escape is sometimes possible. Extortionware is like a "booby trap"-- it needs a triggering action like a mouse click, the ENTER key or another key to install itself and do damage. Left alone, this type of malware can do nothing except display messages.

So, the remedy for malware can be simple-- when a message displays, ignore it and shut down the computer immediately. Above all, DO NOT CLICK on the message-- not even to close the message box, and no matter how authentic the message might seem.

Again, no damage can occur unless the user starts installation by clicking on the screen area and/or pressing a keyboard key to start installation of the malware payload to the hard drive.

To shutdown, go to START, click on TURN OFF COMPUTER, and wait for normal shutdown. If shutdown does not occur after about two minutes, press in and hold in the computer's POWER button until the computer turns off. After two minutes, simply restart the system normally, and the offending messages no longer should be visible.

Since extortionware is only a variant of this malware class, and new versions are constantly developed, behavior and results may vary.

Great article Bob, although I just removed to adspy viruses from a customers computer that came from the Uniblue registry booster so you made want to reconsider them as a sponsor here.

I was just curious if you had a Mac or a linux/unix machine running Ubuntu or RedHat? That is how I would have visited your friends website.

Whenever I get a complaint about a suspected virus attack or suspicious problem complaints, I just use one of my two computer Bulldogs, the Mac or the Linux PC, because you are 100% correct, there is no virus protection that is 100% accurate.

As for anyone confused about the mystery of my comment, 99.9999999% of all known virus are written for a windows machine and can't infect a Mac or linux/unix operating system.

Excellent article Bob. But surely it is only half the story? What happened to the friends computer?
Did she get it fixed? Surely there is a whole other blog right there!

Wow, when i first read this, I thought it had just happened, i am glad to see the date was last year. Anyway Sandboxie was mentioned a few times in the comments, and that is the program that I always use when visiting any new sites. I just wanted to comment on AVG, since I have had to fix several computers that were infected with AVG running ineffectively on these poor unfortunate boxes. After the last year, I have learned that AVG is no longer an effective antivirus, and now I recommend ESET, BitDefender, Bullguard, or Kaspersky. Check out the AV-Comparatives latest test results here: http://www.av-comparatives.org/images/docs/avc_prot_2012a_en.pdf

Bitdefender and Bullguard are Extremely Successful in preventing compromise, and I have always loved ESET, and along with Sandboxie, you can now keep infection to an absolute minimum. Of course, what happened to Bob can happen to anyone, so using Sandboxie is probably your best bet.

I try to be careful, but I'm human and slipped.
I changed my IP. The "OLD" had great protection. No problems that couldn't be fixed with a little help from friends. The "NEW" had no packaged protection. I KNEW THAT! Who was going after me and my PC? I'm from the old school and when I see the lights blink and I didn't ask them to, I get worried. I tried to take this thing on and nearly lost. By this time I had established proper PC protection but whatever was in there had the upper hand. The closer I got (removing stuff) the more destructive "IT" got. "It" shut down Windows Essential + Windows Firewall and my other security without me knowing that it happened. It seems that a portal was opened an unrelated malware popped out. I eventually had to do a complete re-install.

How long and what does it take to become as knowledgeable about all the technical jargon on here?

Is there a condensed book I can read?

I'm currently in school for Computer Programming, Software Development; but, I'm mostly working on the core classes. I've recently finished Intro to Computers (Microsoft focused) and Intro to Database (also, Microsoft focused).

Thanks to some nasty trojans that got past daily updated and constantly running, Microsoft Security Essentials and a regularly updated operating system, I'm recently out about $100 (on a low, fixed income).

In addition, I have an older computer that is now without sound due to not being able to replace an old multimedia driver.

On top of that, I endured a lot of stress and aggravation which was not good for my heart condition.

All this happened a couple weeks before my ONLINE college classes were finished. It took about a week to get my computer mostly recovered on my own after I had to buy an operating system disc. I have a used computer that did not come with a disc.

Excuse me for venting; but...

I think it is an absolute shame and slap in the face of the Almighty for anyone with the intelligence God gave them to use that intelligence for such heinous activities such as creating mal-ware.

If these same people would focus their intelligence on doing good, they could eliminate a lot of suffering in the world.

Why not take on some of society's problems like preventing some of the over 27,000 people who succumb to death daily from hunger, dirty water and lack of medical treatment; or the multitude of people living on the streets; or kids going to bed or school hungry (even in the U.S.); or the thousands of unwanted pets put to sleep daily; or any of the other items on the long list of wrongs that need to be righted?

Wake up offenders! You will someday be held accountable whether you believe in God or not. Call it Karma or whatever. What you put out there will come back to you in one form or another. FYI, you might try reading the ten commandments. Included in there is a warning of how punishment for your sins can come back to you, your kids, your grand-kids or your great grand-kids.

And, don't even think about giving an excuse of how you were wronged somewhere in your life. How absolutely insane and sociopathic to take out your hurt and frustration on someone totally unrelated to your past problem. That makes you no better than your offender.

Turn it around. Use your God given gifts for good. You can be blessed for doing so and you can use your talents to raise money to fix some of society's ills.

Then again, maybe you aren't man or woman enough to do that. Maybe you are a sociopath. If so, I pray you get the help you need very soon.

Hi, This is a great article. Thank you for all of the information contained, I feel this is very helpful to techs and everyday surfers alike.

Thank you again,

Lisa G

You constantly amaze me. I'd like to give you a virtual "Nana" hug for helping this person to such a degree with her problem and thank you for all the invaluable help you have given to so many of us.

I wonder if you would have been safer if you were web surfing in Linux. I'm sure no O/S is perfectly safe, but aren't the majority of malware Windows compatible only?