Guy's Ezine 164 - Is Internet Altruism Dead?
My battle with a browser redirect virus led me to ask the question, 'Is altruism on the internet
a thing of the past? Alternatively, has the concept of mutual help just moved to social sites such as Facebook, Twitter, MySpace or Bebo?'
I found myself needing help from the internet community. I needed
assistance to deal with a virus which
redirected the Internet Explorer from the intended URL to a blatantly commercial
site. During my research for a solution I found a sorry state of
affairs; the forums were full of people reporting even worse browser
redirect problems than I was experiencing. All that I saw in the way
of help was lots of aggressive anti-virus sellers flogging snake-oil that just did not
remove this virus. I admit that after a few hours of grappling with this Back door.generic virus, I happily paid $50 for program that promised to cure
this specifically browser redirect problem - it lied. Back to square
1.
What I really wanted was an explanation of how to cure this virus
manually. In the old altruistic days of the internet, once a virus
outbreak occurred you could soon find posts listing the file name responsible, a registry entry controlling the dastardly deed, and the
name of the Task Manager process that was delivering the grief.
Now it's possible that nobody, or very few, know the answers to
troubleshooting this particular malware. But I just get the feeling
that three factors are conspiring to thwart the idea of an altruistic
internet in general, and help for people trying to fight malware problems in
particular.
- Malware writers are getting cleverer. Darwin's theory of evolution
would predict that rogue programmers will learn new adaptations which defeat
anti-virus definitions. Furthermore, in matters of computing the current
generation always manages to outsmart their parents, and unfortunately
this also applies to the hacking fraternity.
- The internet is being dominated by those wishing to make money,
therefore
altruistic articles are more difficult to unearth because they are on
page 5 of search results, the first 4 being populated by anti-virus
software. Perhaps I am living in the past expecting to be able to
nail down a virus to a filename, registry entry, or a Task Manager
process.
- Gifted amateurs are less likely to post their findings
on the internet. Guy just does not know if they post in
Twitter instead, or is that a vehicle for a different sort of social interaction?
Yet
if they did publish wouldn't all those blogs be indexed by the search
engines?
What is insidious about this particular browser malware is that it's so difficult
to describe. Firstly, should it be called a Trojan virus, adware or
spyware? This is not just a matter of semantics, but precise
information you need to research the problem. Let me move on to the
symptoms of this particular infection.
Say you search for a topic in Google just as you have done many times
before; except this time when you click on a url in the results
pane it takes you, not to the site listed, but to a site selling say books,
perfume or other stuff. Here is an example, suppose you search for
'Lawn Mowers', now lawnmowerfacts.com/ duly appears in the result list. When
you click on its link the virus intercepts and takes you to the 'wrong' site, e.g. kdirectory, ask, or
bbebbo. Incidentally, there is a slight suggestion that the problem is more
likely to occur if you have been to the site before, lawnmowerfacts.com in
this example.
- The problem machine was XP SP3. I wondered if Vista / Server
2008 / Windows 7 were immune from the browser redirect virus.
- The browser was IE7. I installed IE8, but the URL hi-jacks continued unabated.
- Mozilla Firefox was good, clean, no problem. Mozilla was a
work-around for this particular malware hi-jack.
However, I read of other people with a similar problem that targeted
Mozilla.
- I wish that I had checked to see if the problem occurred when using Yahoo
or Live Search as well as Google.
Simple measures such as deleting the temporary files and the cookies had
no effect, the browser redirect persisted. This machine already had
licensed AVG anti-virus software installed, so I ran a scan. It claimed to find
zillions of virus, most relatively innocuous like Alexa toolbar,
unfortunately it did not locate the malware causing this IE redirect
problem.
I tried Microsoft's Malicious Software Removal Tool, but it did not find
any malware. Microsoft Defender was also silent on the subject of
spyware or adware. Another strategy would be to contact Microsoft
Support, partly out of fascination to see if they would take on such a
project.
Next, I returned to basics and used the classic troubleshooting tactic of examining
each processes
running in Task Manager. For this I went to the command line, typed:
'process' and then copied the resulting list to notepad. After that I researched
the names of all the processes that I did
not recognise. For this I trawled the internet, but from an uninfected
machine! The results were all negative, Task Manager's process list
did not yield the answer, perhaps the virus was hiding in the well-known
svchost process.
Firstly for those who have read my articles on not installing anti-virus
software, the problem was not on my Server 2008 machine, but someone
else's XP desktop. Since it was not my own machine, I was reluctant to try ComboFix
just in case the cure was worse than the sickness.
Secondly, I must tell the truth, I can take no credit for the solution.
It's ironic, but what cured the problem was the AVG anti-virus software that this user was
already running. I was distracted by my troubleshooting, thus I only half
paid attention when up came an AVG message saying that its latest definition
update had just dealt with a Trojan virus. Annoyingly, I did not write down
the precise malware name, but it was something like 'back.door.generic trojan'.
In conclusion, I give full credit to AVG for curing this particular virus
problem, nevertheless, my primary question remains, 'Is internet altruism
dead?'
This ezine attracted many more responses than usual. All were
positive and each adds another brick to the argument that internet altruism
is not dead. These are the readers own views, I am pretty certain that
they don't have any connection with the products that they recommend.
Karl S:
Two golden rules:
1. Always keep your OS up to date,
2. Always keep
your AV software up to date.
Whenever anyone describes problems, etc. to me, these are the very 1st
two actions to be taken.
Other aids:
Secunia PSI (Personal Software Inspector),
Belarc
Security Advisor,
F-Secure Online Virus Check,
F-Secure Blacklight
Rootkit Eliminator
SysInternals Autoruns.exe (makes msconfig look like a
toy),
SysInternals ProcessMonitor and ProcessExplorer to spot really
tricky malware
Ron L
The problem now days is that there are too many infections and they are
manipulated and evolve daily so it is nearly impossible to document every
one and how to remove them. Using Combofix potentially could be worse than
the cure as some Malware detects it's there and circumvents it and using it
to wipe entire folder structures. So best not to use such a tool on your own
without advice as to when and how to use it.
There are dedicated sites that will assist anyone for FREE with removal
of such Malware.
You can go here and we will help you completely free.
If you want to buy the program to add live protection that's great, but you
don't have to and we'll still help you for free.
http://www.malwarebytes.org/index.php
http://www.malwarebytes.org/forums/
Jacob S
You are not alone. I have dealt with 4 such infected machines in the last
8 months, and we have a suite of McAfee corporate products on every machine
(McAfee detected the problem but was not able to remove it permanently).
On the first two, I tried the same things you did. Then I consulted with
McAfee support staff, which helped me eliminate the Trojan/Virus, but the
damage to drivers and registry made the systems nearly unusable. I rescued
any local files, wiped the disks and did fresh OS installs.
On the second two, I proceeded directly to rescuing files, scrubbing and
reloading from scratch. This goes against my nature, but pragmatism beat me
down.
Paul D
All in all, the most secure "peace of mind" resolve is to reformat drive
and install a fresh OS and patches. With Conflicker looming, I wouldn't take
any chances that it .. or some Rootkit .. now lives on the machine.
Judith G
We have seen great success cleaning all kinds of malware with
Malwarebytes Anti-Malware. It has a full-featured free trial, a kind of
altruism in itself.
Ken W
Reminded my of Microsoft's Malicious Software Removal Tool. He also
says: I don't think I will ever buy another AV tool, with the possible
exception of Kaspersky.
Robert
The product that has served me well is Vipre - from sunbeltsoftware.com.
There is a safe-mode/command prompt version that acts as a rescue for
machines that just cannot be started normally, of course the normal,
properly installed version, and they periodically create specific removal
tools for things like the recently hyped conficker. The best part is that
these are truly free, with updates, for 15 days - plenty of time to sort out
any PC I have worked on up to now.
Guy Recommends: Tools4ever's UMRA
Tired of writing scripts? The User Management Resource Administrator solution
by Tools4ever offers an alternative to time-consuming manual processes.
It
features 100% auto provisioning, Helpdesk Delegation, Connectors to more than
130 systems/applications, Workflow Management, Self Service and many other
benefits. Click on the link for more information on
UMRA.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
Will and Guy's Humour
Will and Guy have articles on our humour site to suit all moods. Here
is a feature on the serious topic of
Earth Day we
seek not to preach but just to encourage you to mull over the future of our
planet for one day of the year.
Earth Day
See more interesting Internet Explorer articles
• E 185 Joongel •
E 164 IE Virus •
E 162 IE 8 • E 160 Antivirus
• E 151 Google Chrome •
E 140 IE 8 •
Free VM to Cloud •
Litmus Test Ezines
• E 120 Website •
E 96 IE Stats •
E 88 IE 7 •
E 85 RSS • E
81 Build Website •
Wake-on-Lan
|
