«

Attack of the Virus

Keyboard_Smaller

In my professional capacity as an IT trouble-shooter, I am often brought in to fix a computer that has been infected by a virus.  Since I only see the virus once it has installed on the host computer, I have to rely on anecdotal accounts as to ‘how this happened’. The story always goes like this:  Someone was surfing a totally legitimate website when all of a sudden, they started getting virus warnings and “pop-ups” on their screen. Okay. Who am I to judge?

In these cases, I usually roll the system back to a previous restore point and check to make sure the virus is gone.  Most of the time this works.  Recently, I found a virus that would not be removed, having the undesirable effect of not allowing System Restore to work. So, after exhausting my other options, I formatted the hard drive and had to reinstall the entire system. It should be noted that this was on a Windows XP computer and had to remain so for the time-being.

After all that, I found myself writing a document and listening to streaming music when something extraordinary happened. I got a virus. It happened right in front of me and, as such, I was able to experience, for myself, what my clients have been describing for years.

My computer has several layers of protection, since it is running Windows 7.  It has both Windows Defender and Avast Antivirus running. As well, I often use PeerBlocker, to stop unwanted outgoing connections and a VPN anonymizer.  At the time, only Windows Defender and Avast! Antivirus were running. I was editing a document on my Google Drive and listening to music on a music streaming site I have used for years with no issue, Grooveshark.

Suddenly Chrome crashed and Windows Defender piped up, telling me it had found a threat and would now clean it. I immediately ran an AVAST! scan.  Although Windows Defender did find both the offending process and the Registry entries that it tried to add (and removed them) the threat persisted after the removal.  AVAST! did not find any viruses.  I am currently testing it.  We will see if it fares better in the future.

I restarted chrome and was greeted with a Pop-up ad window offering me training of some sort.  Since the threat was still present, I went to my go-to fix for such issues. I restored my system to two days previous using System Restore from within the OS itself.

It failed. I repeated the action using different Restore points but to no avail.  So here is my last ditch move for those of you in a similar situation and running either Windows Vista or Windows 7.

When you start Windows Vista or Windows 7 there is a moment before the OS loads where you have to opportunity to press the F8 button (above the 8 key). This is the moment right before you see the Windows splash screen as the computer boots up. Pressing F8 will open a menu offering different boot options. Previously, you would use this to launch Safe Mode, to try and remove the Trojan before it loads itself into the system memory, from which it can replicate itself. If you have Windows XP this is your best move. That and upgrading your OS to something written in the last ten years.

In Windows 7 there is the option to “Repair this computer”. Select that and Windows 7 will boot into a Repair Mode which offers several different options, including System Restore. As this Repair Mode is not infected with the pernicious Virus, the System Restore was able to complete successfully and my Computer was clean on reboot.

So, while fixing the issue was gratifying, I still want to know how it happened. I blame Grooveshark. So does this site.

The moral of this story is, even if you are running multiple programs to protect the computer, including Ad and Pop-up blockers on the browser itself, it is still possible to become infected by a malicious script.

Here, for those who need it, is my method, which should be your FIRST go-to procedure for removing a Virus if you know when it infected your system.

On a Computer running Windows 7 or Vista.

1. Shutdown the computer.

2. Start the computer and press the F8 key repeatedly after the initial POST splash screen and the Starting Windows splash screen. If it loads Windows you missed the opportunity and will have to restart the computer again.

3. When you see the screen asking if you want to Repair the Computer, along with other options, select Repair.

4. When it boots into the Repair Console the first option in the list will be System Restore. Select that option.

5. The suggested restore point should be fine but if you think the virus has been around for longer, pick a date preceding the infection.

6. Allow System Restore to run and, if successful, restart you computer.

7. Go back to your totally legitimate surfing.