You Got Me Babe … and other Trojans that go bump in the night

As a seasoned IT professional (in a past life) I consider myself well versed in the ins and outs of malware.  I have up to date virus protection software on every computer in the house.  My husband manages our home firewall and wireless routers with the same eye to detail that he did when he was the CIO at one of the top engineering campuses in the country (in a past life).  And I teach my kids how to spot scam-spam in their email and social networking browsing.  All in all, we are one computer lit syndicate.   Which makes it all the more surprising when I found myself in deep with a trojan tonight!

I noticed for the last couple of days that Firefox was opening up new tabs from sites like FaceBook or SlickDeals.  At first I convinced myself that I must have moused over an ad.  But last night I took it one step further and decided to look up some of the offending domains to see if they were on any virus alert websites.  Sure enough … the popups and redirects were all listed as known offenders.

I double checked my local anti-virus program with no luck, then opted to run one of the free webscans on the web.  Last night I picked MicroTrend’s HouseCalls.  It’s a nice little package that I had experience with during my technical career.  So when it came up saying I was clean, I let my suspicions subside.

Until tonight.  Without warning I found myself bombarded by virus detection alerts and warnings of gloom and doom.  But these weren’t coming from my local anti-virus program, they weren’t even coming from HouseCalls that I installed the night before.  These apocalypse forecasts were coming from a Trojan house that was mimicking an anti-virus software program.  Pop-up alerts were coming faster than I could close the windows announcing that I was infected and insisting that I purchase the $69.99 removal tool immediately.

My particular variant of the worm was called Data Protection.  This malware edits your registry, disable’s any other virus protection you have running and prohibits you from launching several security features in your own control panel.

“On infiltrating a system, Data Protection will create a start-up registry entry and attempt to disable any legitimate security applications running on the infected system. Then Data Protection will generate fake scan reports, security alerts and pop-up warnings. Users should not believe any of the security notifications displayed by Data Protection because they are all part of a scam to scare users into purchasing its non-existent full version.”

http://www.enigmasoftware.com/dataprotection-removal/

What’s tricky of course in removing any rogue system is that you can’t quite know which removal tool to trust.  The developers know how to seed Google with more scam tools that claim they can fix the problem.

Checking out reviews on CNET and confirming with places like McAfee’s siteadvisor that the domain claiming a cure is free from further spyware infection, I came across several sites that claimed MalwareBytes could help.   It was a challenge to find a solution while the rogue application had control of my machine, so I also phoned my husband who was on his laptop downstairs in his office.  As I was running the MalwareBytes scan he was reading me tidbits about how the application takes a strangle hold on your computer.

“It says here it installs porn short cuts on your desktop.”  He said.

I quickly minimized my open windows and sure enough he was right!  I had a slew of new porn links on my desktop!  In truth, I suspect these weren’t actually porn links at all, but more bait to reel in the unsuspecting randy enduser.  Aaah, the irony of trojans and porn.

MalwareBytes did an excellent job of shutting down the applications even while my computer was under a live attack.  It deleted the porn shortcuts on the desktop and most of the other files, except for three .exe’s that were rendered harmless and that I deleted manually.

So now at the end of the day, having defeated the dragon or at least curbed the worm, I can relax once again with my social networking peeps, reply to a few email tweets and decide for myself if I want to peruse any porn sites.