Do you know theres a brand new computer virus that can get into your computer without you knowing even if you have AntiVirus and AntiSpyware installed? And when you try to get rid of it, it totally wrecks your system?
I didnt know until a few days ago. On Thursday, the 25th of November (Thanksgiving), my computer was infected by a virus that literally took control of my web browser and wrecked my machine when I tried to get rid of it.
Let me tell you what happened…
After we were all done with our Thanksgiving dinner, I went online to do some quick research for my next article. But instead, I stayed up all night battling a virus from hell!
Shortly after I got online, my Norton Antivirus and my adware/spyware removal software Spyware Doctor, started going wild with notifications of a virus presence in my computer.
I immediately stopped doing what I was doing and got Spyware Doctor to scan my hard drive. Before long, it gave me a report about 196 infected files with Trojan and some other types of adware/spyware virus residing on my hard drive!
I was shocked when I saw that. Just the day before the computer was fine!
So then, I spent hours going through the whole procedure of removing the virus from my hard drive and soon it was clean. Or so I thought…
Heres what the virus was doing:
Everything looked normal. If you dont know much about website development, you may never notice that something was wrong. And thats really dangerous, because anything can happen once your system is infected!
As I continued with my research, I noticed something very strange. Many of the links that I clicked on, led me to one particular website that was filled with hundreds of different affiliate programs and products.
Regardless of what website I would look at, every single website had these links placed on specific key words and phrases, such as: money, internet marketing, data, webhost, home based business, business opportunity, work, and others. And all of the links would take me to this website with the hundreds of products. That was very unusual.
But when I looked at my website, much to my surprise I saw the same links on my site!
I couldnt believe it! The links did not exist in my html. But where were these links coming from?
Its my website. I wrote those webpages! I didnt put those links there. And yet when I looked at the website the links were there.
I called my sister and I asked her if she was seeing the same thing on her computer as I was seeing on my computer. She looked at my website and told me that she wasnt seeing any of those additional links, other than my usual links.
That made me realize that something was wrong with my computer. I saved the file that I was typing for my next article so I could devote my attention to finding a solution for this problem. A strange thing happened as soon as I hit the save button. The file reformatted itself. Hyperlinks were placed on all of the key words (as I already mentioned some) that were found in the file. But who placed those links?
When I clicked on the link, it took me to the same page with the hundreds of products. I got very scared because I felt like I was losing control of my computer. From my previous experience (but not as extreme), Ive learned that the virus always stays in touch with the hackers server, constantly transferring information about my activities gathered from the registry.
This looked like a very serious virus. So I immediately unplugged my Internet connection. This way, the hacker was no longer going to be able to pull information from my registry, and I was going to face the virus without any additional input by the hacker.
But regardless. I lost the battle. For THREE FULL DAYS I tried to remove the virus, but without any luck..
The Spyware Doctor narrowed it down to one trouble file, which was a type of Trojan that existed in my System32 directory. The Trojan was renaming itself every few seconds by randomly selected names.
Norton Antivirus said that this type of Trojan gave no visual indication that my computer had been infected. It was dropping a copy of itself with a randomly named executable file.
Every time the Spyware Doctor would find the Trojan, it was unable to locate it and it couldnt remove it. Thats because the Trojan already had a different name.
Also, what I found out was that I was never looking at my Internet Explorer browser. I thought I was, but I wasnt. I found a Java Script that was taking the source code from any website that I would go to, reformat it by adding the links to the selected key words and then display the new code in another window that was being generated by a remote server.
My original browser window was getting killed and I was looking at a cloned window with inserted links. That was happening with such speed that I didnt even notice it because of my fast Internet connection (cable modem).
After I unplugged the Internet connection, my computer was no longer functioning properly. I couldnt access my windows explorer window any more, I couldnt open my Internet Explorer window and I lost control over many other functions.
But each time I would turn the Internet modem back on, my computer would start to work fine. Only, the Spyware Doctor would give me a notification that over 40 dangerous files were immediately being downloaded into my hard drive.
The Trojan virus that I couldnt remove because of its re-naming capability was probably staying in touch with the hackers server. So I switched the Internet connection off for the last time and I shut down the computer.
Right now as Im writing this, I dont have a computer at home because I gave it to a technician to reformat the hard drive and try to save as many files as possible. Im writing this from another computer and I’m really worried that none of my files will be saved… that will mean months of work down the drain!
I have since learned that my antivirus and anti-spyware software would not protect me against the Trojan threat. I needed a firewall to protect me, and make sure my computer was invisible online.
Please, don’t let this happen to you! Install a firewall on your computer so you can make your IP address invisible to hackers.
As I’m finishing this article two weeks after the virus attack, my Norton Firewall is working at full force. Every time a hacker tries to send Trojan files to my hard drive behind my back, a window in the bottom right corner pops us notifying me of the dangerous executable files being blocked from entering my hard drive.
I lost over 90% of my files but I’ve learned my lesson the hard way.
© Steve Dimeck
You have permission to publish this article electronically or in print, free of charge, as long as the copyright and the source box are included. A courtesy copy of your publication would be appreciated.
Courtesy of: http://www.thesuccessmaze.com