This has been the week of malware.
I have not had to fix two systems, where somehting crawled in via the internet connection and took over the computer.
Case 1) Total Security 2009. You could not get to the Internet, the screen was resized down to 640×480 (making it difficult to redo things like screen size settings, as the buttons were now below the bottom of the page and you couldn’t pull them up any higher), Task Manager was corrupted (so you couldn’t shut down the offending program), and any anitvirus/antispyware/antimalware program would not run. Top it off with the program put up a whole screen message about every 5 seconds showing a list of all the spyware it found on your system.
The way around this? My first effort was to just start over the customer’s installation on a new dick drive, then come back and move the data over. Once things were under control, I found the easy answer, but it wasn’t apparent while you kept getting a screen up every 5 seconds, the program had put a shortcut to itself on the desktop. Using that marker of its presence, I found where the program had installed itself, and it was not in the Program Files directory. It had put itself in My Documents/Application Data (a hidden file to the normal user) and it didn’t use it’s name for the program, it was numbers only on the folder that held the program. I verified this by changing the folder’s name and rebooting. The program didn’t start up this time, but the Task Manager was still damaged to the point it did not work. I also then scanned the disk using CyberDefender and it found Total Security and labeled it as a Rogue MalWare program. running CyberDefender while the malware was running resulting in saying there were no problems.
Solution? Pay attention to what your firewall is asking you to allow. Oh, better yet: Make sure you have a good firewall installed and that you use it. I use the PCTools firewall. Free and effective.
Case 2) No Internet, and you can’t run any program. Now, it’s difficult to discern exactly what this is right now, but the user said it had been like this for about 3 months. He had another computer sitting off to the side, actually a better one, and I spent last night moving the data off the hard drive of the first drive (while attached as an external drive, not the boot drive). I haven’t had the time to run the actually problem to ground, but I’m leaving to deliver the other computer, with all the work files moved over, so they can get back to work.
There are those who will spend their days figuring out how to attack your computer across the net, and make your life frustration, and maybe even stop your business for at least a day, while someone like me gets you back to operating mode.
Unfortunately, you just have to come to grips with the fact these people are out there and you need to make sure you compute safely!