Guy recommends:
Free SolarWinds
VM Console
A free desktop tool that monitors, or restarts, your VMware virtual machines. Download your free VM Console
Guy’s Ezine 164 – Is Internet Altruism Dead?
- Is Internet Altruism Dead?
- The Browser Redirect Problem
- What I Tried to Track Down the Malware
- Two Confessions And a Surprising Twist to the Saga
- Readers’ Comments on This Ezine
Is Internet Altruism Dead?
My battle with a browser redirect virus led me to ask the question, ‘Is altruism on the internet a thing of the past? Alternatively, has the concept of mutual help just moved to social sites such as Facebook, Twitter, MySpace or Bebo?’
I found myself needing help from the internet community. I needed assistance to deal with a virus which redirected the Internet Explorer from the intended URL to a blatantly commercial site. During my research for a solution I found a sorry state of affairs; the forums were full of people reporting even worse browser redirect problems than I was experiencing. All that I saw in the way of help was lots of aggressive anti-virus sellers flogging snake-oil that just did not remove this virus. I admit that after a few hours of grappling with this Back door.generic virus, I happily paid $50 for program that promised to cure this specifically browser redirect problem – it lied. Back to square 1.
What I really wanted was an explanation of how to cure this virus manually. In the old altruistic days of the internet, once a virus outbreak occurred you could soon find posts listing the file name responsible, a registry entry controlling the dastardly deed, and the name of the Task Manager process that was delivering the grief.
Now it’s possible that nobody, or very few, know the answers to troubleshooting this particular malware. But I just get the feeling that three factors are conspiring to thwart the idea of an altruistic internet in general, and help for people trying to fight malware problems in particular.
- Malware writers are getting cleverer. Darwin’s theory of evolution would predict that rogue programmers will learn new adaptations which defeat anti-virus definitions. Furthermore, in matters of computing the current generation always manages to outsmart their parents, and unfortunately this also applies to the hacking fraternity.
- The internet is being dominated by those wishing to make money, therefore altruistic articles are more difficult to unearth because they are on page 5 of search results, the first 4 being populated by anti-virus software. Perhaps I am living in the past expecting to be able to nail down a virus to a filename, registry entry, or a Task Manager process.
- Gifted amateurs are less likely to post their findings on the internet. Guy just does not know if they post in Twitter instead, or is that a vehicle for a different sort of social interaction? Yet if they did publish wouldn’t all those blogs be indexed by the search engines?
The Browser Redirect Problem
What is insidious about this particular browser malware is that it’s so difficult to describe. Firstly, should it be called a Trojan virus, adware or spyware? This is not just a matter of semantics, but precise information you need to research the problem. Let me move on to the symptoms of this particular infection. Say you search for a topic in Google just as you have done many times before; except this time when you click on a url in the results pane it takes you, not to the site listed, but to a site selling say books, perfume or other stuff. Here is an example, suppose you search for ‘Lawn Mowers’, now lawnmowerfacts.com/ duly appears in the result list. When you click on its link the virus intercepts and takes you to the ‘wrong’ site, e.g. kdirectory, ask, or bbebbo. Incidentally, there is a slight suggestion that the problem is more likely to occur if you have been to the site before, lawnmowerfacts.com in this example.
- The problem machine was XP SP3. I wondered if Vista / Server 2008 / Windows 7 were immune from the browser redirect virus.
- The browser was IE7. I installed IE8, but the URL hi-jacks continued unabated.
- Mozilla Firefox was good, clean, no problem. Mozilla was a work-around for this particular malware hi-jack. However, I read of other people with a similar problem that targeted Mozilla.
- I wish that I had checked to see if the problem occurred when using Yahoo or Live Search as well as Google.
What I Tried to Track Down the Malware
Simple measures such as deleting the temporary files and the cookies had no effect, the browser redirect persisted. This machine already had licensed AVG anti-virus software installed, so I ran a scan. It claimed to find zillions of virus, most relatively innocuous like Alexa toolbar, unfortunately it did not locate the malware causing this IE redirect problem.
I tried Microsoft’s Malicious Software Removal Tool, but it did not find any malware. Microsoft Defender was also silent on the subject of spyware or adware. Another strategy would be to contact Microsoft Support, partly out of fascination to see if they would take on such a project.
Next, I returned to basics and used the classic troubleshooting tactic of examining each processes running in Task Manager. For this I went to the command line, typed: ‘process’ and then copied the resulting list to notepad. After that I researched the names of all the processes that I did not recognise. For this I trawled the internet, but from an uninfected machine! The results were all negative, Task Manager’s process list did not yield the answer, perhaps the virus was hiding in the well-known svchost process.
Two Confessions And a Surprising Twist to the Saga
Firstly for those who have read my articles on not installing anti-virus software, the problem was not on my Server 2008 machine, but someone else’s XP desktop. Since it was not my own machine, I was reluctant to try ComboFix just in case the cure was worse than the sickness.
Secondly, I must tell the truth, I can take no credit for the solution. It’s ironic, but what cured the problem was the AVG anti-virus software that this user was already running. I was distracted by my troubleshooting, thus I only half paid attention when up came an AVG message saying that its latest definition update had just dealt with a Trojan virus. Annoyingly, I did not write down the precise malware name, but it was something like ‘back.door.generic trojan’.
In conclusion, I give full credit to AVG for curing this particular virus problem, nevertheless, my primary question remains, ‘Is internet altruism dead?’
Guy Recommends: The Free IP Address Tracker (IPAT) 
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges.
For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker
Readers’ Comments on This Ezine
This ezine attracted many more responses than usual. All were positive and each adds another brick to the argument that internet altruism is not dead. These are the readers own views, I am pretty certain that they don’t have any connection with the products that they recommend.
Karl S:
Two golden rules:
1. Always keep your OS up to date,
2. Always keep your AV software up to date.
Whenever anyone describes problems, etc. to me, these are the very 1st two actions to be taken.
Other aids:
Secunia PSI (Personal Software Inspector),
Belarc Security Advisor,
F-Secure Online Virus Check,
F-Secure Blacklight Rootkit Eliminator
SysInternals Autoruns.exe (makes msconfig look like a toy),
SysInternals ProcessMonitor and ProcessExplorer to spot really tricky malware
Ron L
The problem now days is that there are too many infections and they are manipulated and evolve daily so it is nearly impossible to document every one and how to remove them. Using Combofix potentially could be worse than the cure as some Malware detects it’s there and circumvents it and using it to wipe entire folder structures. So best not to use such a tool on your own without advice as to when and how to use it.
There are dedicated sites that will assist anyone for FREE with removal of such Malware.
You can go here and we will help you completely free. If you want to buy the program to add live protection that’s great, but you don’t have to and we’ll still help you for free.
http://www.malwarebytes.org/index.php
http://www.malwarebytes.org/forums/
Jacob S
You are not alone. I have dealt with 4 such infected machines in the last 8 months, and we have a suite of McAfee corporate products on every machine (McAfee detected the problem but was not able to remove it permanently).
On the first two, I tried the same things you did. Then I consulted with McAfee support staff, which helped me eliminate the Trojan/Virus, but the damage to drivers and registry made the systems nearly unusable. I rescued any local files, wiped the disks and did fresh OS installs.
On the second two, I proceeded directly to rescuing files, scrubbing and reloading from scratch. This goes against my nature, but pragmatism beat me down.
Paul D
All in all, the most secure "peace of mind" resolve is to reformat drive and install a fresh OS and patches. With Conflicker looming, I wouldn’t take any chances that it .. or some Rootkit .. now lives on the machine.
Judith G
We have seen great success cleaning all kinds of malware with Malwarebytes Anti-Malware. It has a full-featured free trial, a kind of altruism in itself.
Ken W
Reminded my of Microsoft’s Malicious Software Removal Tool. He also says: I don’t think I will ever buy another AV tool, with the possible exception of Kaspersky.
Robert
The product that has served me well is Vipre – from sunbeltsoftware.com. There is a safe-mode/command prompt version that acts as a rescue for machines that just cannot be started normally, of course the normal, properly installed version, and they periodically create specific removal tools for things like the recently hyped conficker. The best part is that these are truly free, with updates, for 15 days – plenty of time to sort out any PC I have worked on up to now.
See how to disable the annoying IE ESC in Windows Server 2012
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
Will and Guy’s Humour
Will and Guy have articles on our humour site to suit all moods. Here is a feature on the serious topic ofEarth Day we seek not to preach but just to encourage you to mull over the future of our planet for one day of the year. Earth Day
See more interesting Internet Explorer articles
• E 185 Joongel •E 164 IE Virus •E 162 IE 8 • E 160 Antivirus
• E 151 Google Chrome •E 140 IE 8 •Free VM to Cloud • Litmus Test Ezines
• E 120 Website • E 96 IE Stats •E 88 IE 7 •E 85 RSS • E 81 Build Website •Wake-on-Lan
