New
#1
Recovering from a Virus - some advice
Some people are really stupid. Take me for example. I let my OS (Windows 7 Pro) get infected with a Trojan. Or did I? I’ll let you decide after you read about my dilemma and recovery frustration.
To begin, my first clue that I had a problem was when strange things began to happen. Glitchy and slow operation, black screens before apps loaded, Google searches that went somewhere I hadn’t meant. But the real clue happened when I tried to open a doc and the response was “access denied”. WTF?! Some searching determined that all my folders were empty. WTF x 2. I did a dos attrib scan and discovered EVERY file was access denied! If you’ve ever had a true sinking feeling click on one of your important folders and see the message “folder empty” and you can’t open any file. Now, up until this point I naively thought I had a minor system problem because….my system was protected by one of the top internet security programs, Bitdefender Internet Security. It was installed on my desktop and three laptops and I slept well at night knowing I was protected. Or was I?
I won’t bore you with the details but suffice it to say that I have spent two weeks trying to recover from this tragedy. And what I want to share is some advice and some warnings – and I hope it benefits the Windows community.
I am not an “expert”, not even close. What I am is obdurate and relentless when it comes to a challenge. I’m also seventy-eight years old, so if I can recover from this so can all of you.
1. My first mistake was not recognizing the seriousness of a virus. We read every day about what a pain malware has become and the proliferation of “recovery” programs has lulled us into a state of complacency. Malware, including everything from phishing attempts to full blown Trojans can be anywhere from a pain in the behind to completely destroying your computer. ASSUME THE WORST and hope for the best!
2. My second mistake was not reacting quickly enough with the correct response. One big clue was that my C: drive was rapidly filling up, but how? I spent three days trying to find a “super-hidden” file that was maxing my HD out. Instead, I should have been taking every step possible trying to stop and eliminate whatever was causing the problem in the first place. I did invoke Bitdefenders “full system scan” and stupidly let it run for 5 ½ days before I stopped it. (Scanned three million files? Really?) It didn’t occur to me that a really dangerous Trojan can render your security system useless once it gets in. And it was definitely IN.
3. After a week of pulling my hair out I finally took one of the right steps. It was fortunate that I still had an internet connection (but no Email) and I had been posting on all the Windows forums for help. I was surprised how little advice I got, both good and useless…except the suggestion that I should do a clean install of the OS. That would require offloading all my personal files but what if they were infected? How would I clean them before I offloaded them? FINALLY, I downloaded Malwarebytes, ran their free scan and it found what I didn’t want it to find. The Trojan roraccoon. Wow! It also found a large number of PUP’s. I deleted everything. But my system was still a mess. I had determined that all my folders still contained the data, they were just “hidden”. I spent several more days un-hiding folders and taking ownership of my files and getting full access.
4. So, having used Malwarebytes I sort of assumed that my problems were over. I had found the Trojan and deleted it along with a bunch of other junk. At that point I decided to use CCleaner and see if it could help speed my system up. Wow again. It deleted a huge bunch of worthless registry junk and found a lot of other stuff but nothing really improved. Hmmm, what else could I do? Then I tried another free download, ESET. It found even more stuff that Malwarebytes hadn’t, virus’s like teslacrypt, cryxos, oroles, etc. The list was long and troubling. WTF x 3! So then I tried another freebie from Sofos and it turned up FakeAV!
5. Today I’m pretty sure my system is “clean” and I have downloaded all my personal files. Believe it or not my system has “recovered”. It’s as fast as ever, everything works as it should but I still intend to do a re-install of Windows 7.
Bottom line – and I hope I’ve got your attention here.
IF YOU ARE DEALING WITH A VIRUS FOLLOW THESE STEPS BEFORE GIVING UP! YOU MIGHT RECOVER!
1. Assume the worst! Can you really afford to lose everything?!
2. Your virus protection failed (see below). Deal with it later but now do multiple scans with Malwarebytes, ESET, Sofos – anything available. Keep scanning until you’re sure there is nothing else there! Then run CCleaner and scan again! Then recover your “empty folders” and “access denied” files if that happened to you.
3. Then download all your personal stuff to a clean (NEW) external HD. P.S. Don’t ever plug one in to your USB drive until AFTER you have cleaned the system!!!
4. Do a multiple-scan once a month and after everything is clean then back up all your files to the external HD. There are some good free backup apps out there.
Was I stupid? Maybe, maybe not (at least partially!). How did all this stuff get by Bitdefender? Thinking about it I think I have an answer and a WARNING – and a suggestion for all the internet security systems providers.
There are times when we turn our desktops off – vacation, extended down-time – and laptops especially are prone to being turned off for lengthy periods of time. In my case maybe two or three weeks at a time. The first thing I do when I return is turn the computer on, immediately check my emails and maybe browse the internet for some product or service or go to some interesting site I just heard about. Then…..almost as an afterthought, I click on my Bitdefender icon only to discover that my system is vulnerable because the last update was two weeks ago! Crap! I click on “update” and hope for the best after having been exposed to whatever for an hour. Big note!!! It's not just internet, it's email as well!!!
What’s missing – and I can only speak to Bitdefender but I also have experience with Kaspersky – is a flashing red alert that pops up immediately after the computer is turned on after having been off for maybe 24-48 hours, saying “ALERT. VIRUS PROTECTION NOT UPDATED. DO NOT OPEN BROWSER OR EMAIL UNTIL UPDATED. UPDATE IS BEGINNING.”
Anyway, hope all that is helpful.