June 2011
Recently one of our staff PCs got hit by a particularly nasty Trojan horse. We have good, up to date antivirus on all our computers, but this virus came from a Google search. Best I can tell, it happened like this – did a Google search for some topic, got back a bunch of results and clicked on one of the links. Up popped a screen that said there was a problem with the computer, do you want to fix, blah, blah – the wrong thing was clicked and off this thing went. All sorts of awful things happened before this was all resolved, the most irritating being the “re-direct” Trojan, which redirects all Google searches to unrelated commercial sites.
Every fight with a virus goes a little differently, but here are some basic steps:
Before you get a virus, check on these steps monthly or quarterly–>
- Make sure your anti-virus is doing the best job it can. This means that it is running the latest version, and the virus definition database is regularly updated. This can be set to update automatically. Also check your setting to make sure that your anti-virus is scanning everything
- Download a few free tools to USB flash drive (aka thumb drive), including Malwarebytes, Windows Malicious Software Removal Tool and some free anti-virus programs like Clamwin or AVG (as backup if your usual anti-virus is not removing a problem). Keep these updated, and practice using them.
- Make sure you are backing up your data and you know how to retrieve it. Take the time to learn how to restore your computers, know where the passwords and licenses are.
- Purchase one of these cool gadgets. These are USB 2.0 to SATA/IDE adapter, and I will explain how to use one in a bit. They cost $20-$40 — This is a fancy one, but a cheap one is fine too.
When you get a virus, take a deep breath and calmly–>
- Disconnect the offending computer from the internet by taking out the network cable. If this is a wireless laptop, turn off the wireless.
- Boot in Safe Mode (F8). To get into Safe Mode, shut down your computer and wait to about the count of 5. As you turn the computer back on, start pressing the F8 repeatedly until you get an indication that the computer is booting in Safe Mode. Select “Safe Mode” without networking.
- Log in with the local administrator login for this computer.
- Run a full scan while in Safe Mode and logged in as administrator. This may take an hour or more.
Test the computer, and if the virus is still there–>
- Still in safe mode and with the network cable not connected, try the tools on your USB drive, such as Malwarebytes and different antivirus. BTW, be sure to run antivirus scans on your USB drive too, as it could infect computers.
- This is what finally solved the problem I was having with the staff computer here at CTLS:
Turn off the nasty computer. Unplug it, disconnect the keyboard, monitor, mouse, everything. Put it up on a table and open it up. Be careful about static – before you touch the inside of the computer, touch something metal to discharge any static. Touch metal every time you move your feet, and ideally don’t work on a computer while standing on carpet. Disconnect the power and cable from the hard drive, and connect the 2.0 to SATA/IDE adapter to the hard drive. Don’t bother to take out the hard drive. Now use the USB part of the adapter to connect to another computer or laptop that is not infected and is running good, updated antivirus. Once the drive is connected to second computer, start it up and scan the nasty drive. Do a full scan. This method finds hidden viruses because the drive is not active, and so the virus is not hidden or active.
Sources and more information here:
CTLS Technology pages
Great virus removal info from Discount Electronics
Make Use of page about Trojans
Make Use of page about avoiding viruses
For more security information, check out the Tech Soup Security discussion forum here:
http://forums.techsoup.org/cs/forums/29.aspx