Clear Choice Computer

I shut the system down last night at about 7:00 pm, I got tired of listening to the boot beep from the fake XP crash and restart. I turned it back on at about 1:00 pm today and it froze at the welcome screen, I reset it and it started. I tried to run Malware Bytes to see where I was at on my infected item count, but the mbam.exe is killed as soon as it starts…The infection is starting to protect itself. So I created a new user with Administrator rights and logged off my infected user and on to my new user, as soon as the desktop becomes visible I double click the Malware Bytes icon and it starts up…sweet…So I hit switch users and re log on to my infected user account double click Malware Bytes icon and it starts up.

I run the scan, not a whole lot of difference since when I shut it off last night the count has went up to 167 infected objects but I also acquired some new ones including:

Trojan.TDSS
Rootkit.Agent
Rogue.XPantivirus

Now if a customer would have shut down their computer and called me as soon as they noticed the pop ups, I could have had the problem cleaned in about 15 minutes and spent the rest of my one hour minimum updating and securing the system.

Last night at about 5:30 pm I made a clone of my infected virtual machine and started to clean it, I had about 1.25 hours time in cleaning all the infections off of it. As you can see It now takes me 5x as long to clean the computer after it has been infected for 48 hours. This does not include time it would take to update and secure the system. This could take anywhere from an additional 30 – 60 minutes. But the system is still able to be cleaned, and has been running fine since last night with aVast scanning non stop…so far no new items found.

Can’t wait to see how long it takes to clean this one after it hits 96 hours, and if I can actually clean it without destroying the windows install.

The term Malware is a generic term used to describe virus, trojan, spyware, rootkits, backdoors, key loggers, password stealers, and any other type of MALicious softWARE.

Now my infected computer has been running for about 48 hours and is nearly impossible to use by an average person. The screen has set itself to the smallest possible resolution, and a fake blue screen followed by a fake Windows XP startup screen repeats every few minutes. I’m seeing pop ups from Antivrus 2009, and Spyware Guard claiming I need to purchase them to remove the spyware on my computer. Internet Explorer is almost impossible to use to download any actual malware or antivirus program.

If I’m not a tech I would be looking for one by now.

Are you always clicking close to those annoying pop ups? Not really a big deal to just close them? Think again!

I currently have a test XP Home install running in VMware that I installed a Trojan dropper on 36 hours ago. After a few sessions in IE and clicking on the bogus your infected click here message I was infected with AV 2009.(which was my goal). Since then the number of infected items Malwarebytes finds seems to have tripled in the first 24 hours alone.

Started at

40 items 36 hours ago,
72 items 24 hours ago,
123 items 12 hours ago,
145 currently

Some of the items found include:

Adware.Agent
Adware.MyWay
Adware.MyWebSearch
Adware.SearchAccuracy
Malware.Trace
Rogue.Antivirus2009 – The infection I was after
Rogue.Antivirus2008
Rogue.Spyguard
Rogue.SpywareGuard
Trojan.Agent
Trojan.BHO
Trojan.Downloader
Trojan.Dropper – The original .exe I ran
Trojan.FakeAlert
Trojan.Vundo
Trojan.Vundo.H

All within 36 hours of becoming infected with the original virus. Still think closing a few pop ups is no big deal?

Stay Tuned!