Monday, September 1, 2014

Behind the Blogger: A Malware Infestation at Greenlee Gazette

I'm a computer guru. I'm not professionally trained, but I'm naturally inclined toward tweaking and poking around in computer settings and whatnot. I'm "that guy" you call when your computer is doing weird things or is on the fritz. 99% of the time, I can either fix it, or tell you what to do to fix it. I've been using Windows computers since they were MS-DOS computers. But what does the guru do when he's got a problem?

Every so often, even I get a problem. I can get complacent, trust something I ought not, accidentally clicked the wrong thing, or even have gotten suckered by a warning that looked real, but wasn't. Usually, I realize my error quickly, and reverse course. I know a lot of the tricks of the trade to restore things to normal without too much fuss.

Two things have plagued me that have no known source of infection, and one even happened both at home and at work. That first one was a very strange audio anomaly. Commercials would play over the speakers with no program running them. They would be both in English and in foreign languages, and they would eventually pile one on top of the other until it was an unintelligible cacophony. I could isolate the audio on my mixer settings and silence them, but eventually all of the processing power would be leached away. It was maddening. But, after running the proper tools (Malwarebytes), using the Googles to isolate the proper files in the registry, and slogging through the guts of the computer, I killed the problem. And again at home.

I still don't know what it was, or how I got it. And to be truthful, I'm not sure what the final thing was that worked. Funny how that goes, you try so many things, you can't remember the sequence. Anyway, though I slayed that beast, there is a new one plaguing me the last two days.

First, I should explain that I run dual monitors, and I am usually running Internet Explorer 11, Firefox and AOL at the same time (AOL?!? Yeah, I know. Shut up, it's how I work, okay?). And this new demon affects both AOL--and get this--FIREFOX. Not IE. It's working just fine. No, this one is throwing up random ads from Firefox and AOL, for both bogus and real products. Sometimes it's TuneUp Utilities, a program that used to be very helpful but bloomed into a nuisance, sometimes it's WIX.com. Other times it's for very shady programs that cause the very thing I'm trying to get rid of. And sometimes, it's bogus upgrade notices for video players I don't even have, to the point of attempting to start downloads of the programs.

It's driving me bananas. I've gone through my bag of tricks. I'm using Windows 8.1, so I've got Windows Defender already. I've run Malwarebytes several times. I installed and ran Avast! I've tried SUPERAntiSpyware. All of these programs found problems and allegedly cleaned them. And the problem remains exactly the same. No change. Presently, I'm going into my old bag of tricks, a program called SpyBot Search & Destroy, something I haven't used for years. But I'm desperate! I'm really not sure what to try next. At present, this problem doesn't seem particularly dangerous, it's just incredibly annoying.

So, I'm sending this out to the universe, in the hopes someone stumbles upon it via Google or Bing. Any help will be appreciated. And also, could someone please tell me what purpose this crap serves in the first place? It's garbagy, clunky, obviously crap stuff popping up. I can't imagine it fooling a neophyte. A lot of work must go into this kind of malware. But how in the world is it worth it? If their aim is simply to torment and annoy, then mission accomplished. But if the aim is leaching money from people, they really must be trolling for dummies. Because if I wasn't a guru? I'd throw my hands up and call "that guy" to just come fix it.

UPDATED: I should also say that whatever is going on, in both AOL and Firefox, ordinary ads that appear on websites have been replaced with really ugly, very cheesy "your computer is running slow," "Microsoft certified"-type ads with blinking "click here" and "PLAY"-type buttons. We're talking 90s-style, wouldn't-fool-an-idiot ads. These are very annoying also.

8 comments:

  1. Thing is, Nelson, I need Windows for my graphics software. I do have a MacBook Pro also, but it's not immune either. I just got two annoying popups on it this morning!

    ReplyDelete
  2. Well, that's the thing, there haven't been any downloads or installs at all, prior to the problem. And I have checked all extensions, and pop-up blockers and the like. I have run FIVE major malware/virus/adware checkers, and all say I'm clean! But this thing is unified on my AOL and Firefox. I'm getting identical redirects, but quite randomly.

    For instance, as I was typing this to you, THIS popped up (and I'm adding stars in there to deactivate the link): http://***www.pchealthboost***.com/repair/9/1***/speed-up-pc.php?click=***2078177666&sub=77856***

    ReplyDelete
  3. My most recent download was in the middle of August, a refresh of Adobe Reader. The problem started two days ago, max. And you want to hear something really weird? I've had odd popups on my MacBook Pro, my Other Half's computer AND my Android phone today. No idea if it's related, but it's freakin' weird.

    ReplyDelete
  4. Thank you, and ohhhhhhh I wish it were that simple! But I'm not actually infected with PC Health Boost. That's one of the many and varied popups that opens, that much is true. Along with something called Yet Another Cleaner, and then legit sites like Wix.com, and several mysterious "Setup.exe" files that attempt to get me to press "ok." Nothing is obviously running, nothing I can figure out anyway. I'm actually quite stumped.

    ReplyDelete
  5. Thanks again, Nelson, but that doesn't seem to be the problem. I've got something running that is generating multiple different popups, not just that one. I may have to nuke the entire site from orbit. It's the only way to be sure!

    ReplyDelete
  6. No, thanks for trying! My biggest mystery is why NONE of the programs I try has helped either.

    ReplyDelete
  7. Umm, George Bush did it? Or the CIA?
    I had the music problem about a year ago and ran malwarebytes and that worked.
    As far as the other problem, who do you get your Internet from?
    I had Cox and when I was having similar problems like your 2nd problem, they helped me out and downloaded some software to clean up the problem. I think it cost a couple of bucks but it was worth it. Maybe your Internet provider can help out the same way.

    ReplyDelete
  8. Well, I'm down to the point where I'm willing to pay for a solution. Nothing, nothing, nothing has worked. And the problem seems to be affecting all of our computers and devices (though it's remotely possible that it's a coincidence). I don't even know what can do that. And this is my gig!

    Thanks, Obama.

    ReplyDelete

Have something to say to us? Post it here!

Related Posts Plugin for WordPress, Blogger...