I run several defensive firewalls and like utilities on my computers and try to regularly update them. I don’t open many email attachments unless I am almost certain they are clean. I’m leery of loading CDs people give me and make every effort to keep my collection of apps and files, neat and trim. I’ve had very little trouble with my PC-based systems, despite all the news about their vulnerability, so I was surprised when a new-to-me insidious virus reared its head.
Earlier this week as I was browsing a friend’s profile at a popular political site, my computer suddenly rebooted without cause. There was no brownout or other loss of power to explain what happened. When the machine settled in to display the desktop, a Windows tray icon flashed and displayed a message in a balloon saying that the computer had been infected by spyware and to click the balloon to fix it. When I did, it opened a program called Anti-Virus 2009, which had Buy Now buttons in the window. Although it looked like a typical Microsoft application, something didn’t seem right, so I closed it. I then noticed that my Zone Alarm program hadn’t loaded at startup. The computer rebooted again for the second time. That’s when I knew I had some serious trouble.
Upon reopening, I clicked on my SpyBot program to scan my disk. SpyBot wouldn’t load, nada, nothing happened. I tried a few more times to no avail. I started getting a little panicky and tried my AdAware program. At least that one opened. AdAware found some of its usual suspects and I deleted them as usual. I tried SpyBot again, but no dice. And then, another reboot.
After the startup routine, I Googled for an answer. Why wasn’t SpyBot loading? Well, it seems that certain computer viruses can disable anti-virus programs, both the ones that load at startup and any that you try to load by clicking on them. I Googled some more and learned that sometimes when you rename applications it will help to bypass the trap that viruses use to keep them from running. I renamed SpyBot, double-clicked on it and held my breath. It worked! I let the program do its thing as it checked every file on my computer. After deleting the files that SpyBot found, something still wasn’t right. The computer seemed quite slow and unresponsive. A few more Google searches revealed a promising program called Malwarebytes which also scans for infected files. I downloaded, installed and ran it. Malwarebytes found some things that the other two programs didn’t, including brastke.exe (the suspected culprit) and after careful consideration I deleted them.
After rebooting once more, I saw that Zone Alarm loaded, the tray icons were back to normal and all seemed well. All in all, a waste of four hours but at least I was rid of the most insidious virus I have yet come across.
November 19, 2008 | Link to this entry