I’ve mentioned it lately, but I’m keeping busy chasing smarter viruses. Now I’ve seen “repeaters,” meaning the anti-malware/virus software did it’s job, but something in the background was watching over the process and did the ET “Phone home” thing, and in one case, within seconds, the malware was coming right back up as being detected. End result? I took a long look at the history in Microsoft Security Essentials (MSE) and then went chasing the indications on the net. The thing that caught my eye was a infection/hijacking of an add-in to FireFox, the main browser they used.
Response: Control panel>Uninstall FireFox. Then I went to the (windows Vista settings) user/application data> local and roaming directories and deleted the FieFox folders completely. Then downloading and installing a new copy of FireFox solved the problem. That was three days ago, and I’ve not been called back for subsequent fixes.
I have been chasing the Windows XP Anti-Virus 2012 and Firewall malware for about a week now, in a home with three computers, that don’t share data, but the malware seems to get taken off, then shows up on one of the other (or both) computer(s). a day later. The computers are all being used for separate uses, so common websites/files aren’t a condition. Best guess I can come to right now is the Internet Explorer * is compromised on one of the systems, since we can scan with several products, block with firewalls, and at some point, it’s either hammering to get in with great rapidity, or it reappears on the screen. Today I had them shift that computer to FireFox as the default browser and it’s been quiet on the phone since this morning. Haven’t gotten an email or call, so I suspect that’s the case. In a few days, barring a reinfection, I’ll have to figure out how to uninstall IE 8 and put it back in again.
Between all of these, I can’t figure a common thread of how it’s happening, but the result is not so good for the users. I have a suspicion one of the flash game websites, frequented by one user may be injecting scripts, but that’s still just speculation right now.
Be careful out there! Make sure any links you click are really good ones…..that will be the topic of another full featured post soon: How to validate links.