Saturday, January 8, 2011

Hijacked--All Clear

(NOTE added @ 11 am: It's all OK now--we did a 90-minute full system scan and everything's clean again. Whew!)  Here's the original blog post: I am just now beginning to recover and regain some composure.  My nausea and shaking is subsiding.  My computer was hijacked this morning by a malware virus.  It basically took control of this computer and prevented me from opening my security software.  The affect was very simple--I had a useless computer.  Luckily, there was only one program that still functioned--my Firefox browser.  And, luckily, the designers of this virus actually revealed its real name when it popped up on my screen.

I was able to ask Google's search engine how to help remove the virus.  Most all of the online instructions were very obtuse and complex and somehow smacked of promoting various malware removal tools, each of which seemed suspicious in their own way.  I went to Microsoft's malware removal site and downloaded a 12-meg file but the virus prevented me from opening anything with a ".exe" so I was out of luck.

Finally, I stumbled on some instructions which hinted at the use of System Restore through what's called "Safe Mode with Networking."  Unfortunately, the virus wouldn't let me get to safe mode via the normal route with the F8 key during reboot.  That's when I remember to do a crash close down of my system.  To do this, you simply hold the power button down until the screen goes black.

Then when you press the power button to turn it back on it goes automatically into safe mode.  I selected Safe Mode with Networking and then went into the Control Panel and checked various options until I was able to turn back time and restore the computer to what it was a few days ago.  In affect, System Restore wiped the slate clean of anything that had happened between then and now.
If that sounds hopelessly complex, trust me, it is.

Once System Restore worked its inscrutable magic, I was then able to open up and run my System Security software and do an immediate Quick Scan.  So far, so good.  I am now running the time consuming full system scan.  So far, so good.  I've changed my important passwords and will spend the morning off-loading all of our important files and folders.  I won't be comfortable with this machine for awhile.

This blog and our email are independent of this computer so there's no worry reading the blog or receiving an email from us.  For the time being, we will not send any attachments in any of our emails.  If you receive an email from me with an attachment do not open it unless I state specifically in my email that it has been scanned, checked and verified to be OK.

This is one of the most difficult episodes I've experienced in a long time in Computer World.  I think my blood pressure is coming back down to normal now and writing this description has helped me calm down.  I have absolutely no idea how all of this happened.  I had just clicked on what appeared to be a legit website for AARP and then to a site on Forbes detailing America's 10 Most Affordable Cities.  Somewhere on either the AARP or Forbes website, I picked up the offending virus.  Go figure.

Well, that's the story so far.  Stay tuned.  Cheers, jp

3 comments:

Maggie said...

Crazy but I follow what you said completely. Had to do this at work. Reboot in safe mode. We had this happen to two computers at work recently. I think we wound up removing a spyware program. Anyway, I can only imagine your blood pressure and feel that tightening in your chest!

Maggie said...

Crazy but I follow what you said completely. Had to do this at work. Reboot in safe mode. We had this happen to two computers at work recently. I think we wound up removing a spyware program. Anyway, I can only imagine your blood pressure and feel that tightening in your chest!

Marti Spudboater said...

John, I had an odd thing happen today with my blog. I received a note from someone via facebook who had read a comment I put on the Frugal Traveller and this person wondered if I had blogged about my travels in Croatia. I considered sending him the blog link, and when I embedded it into my draft it looked to have been hijacked by some religious diatribe. So I promptly deleted my draft message to him. I went to my blog and it looks fine to me. Maybe you can check it and see if it shows anything odd to you and let me know. Thanks. And glad you are up and running. And I'm glad I have a Mac now. Haven't had a virus or a cold on it thus far.