When I was first getting acclimated to being online a couple of decades ago, everyone used to say that the place to go for downloading things was CNet. Back in the day, even PC World used to always send you there to download many of the things they found that they thought were great free programs for all of us to use.
Even though PC World still does this sometimes, they’re a lot less likely to do so these days, and there’s a major reason why. At least from my perspective, it seems like every file one downloads from there is loaded with bloat ware and, dare I say, a lot of malware, to the extent that if you’re not paying attention to what you’re loading onto your computer, the next thing you know you’ve added toolbars, coupon and sales software, and who knows what else.
It’s gotten so bad that I refuse to download anything else from them. Unfortunately, my friends haven’t learned their lessons yet, so who keeps getting the calls because something’s gone wonky with their systems? You guessed it; sigh. Thing is, it’s hard to tell someone not to download things from a site that’s so highly ranked and well known. What happened to CNet?
I’m not the first one to talk about this, and it’s not really all that new. Back in December 2011 the Inquirer talked about it in relation to a forum poster of some significance who was irked with the process. In Early 2013 botcrawl.com confirmed the malware coming through CNet’s new download site, correctly called Download.com (nope, not giving them a link).
What’s funny is many of their bigger accounts put out warnings to their potential customers saying that consumers need to make sure they’re clicking on the correct button when downloading products because it could lead to other problems if you’re not downloading the right thing. You think?
If you can, find another place to download your stuff, paid or free. Otherwise, unless you’re technically savvy, you’ll find yourself awash in ads and unable to get out from under it. That is, unless you have a friend like me who lives close enough to fix it for you.
Some days ago one of my web clients calls and leaves and interesting message on my phone. He says that his hard drive has crashed and he’s lost everything that was on his C drive. The message asked me to call him as soon as possible.
by Tara Hunt via Flickr
Of course by the time I got that message it was late, and I knew he went to bed early. I called him the next morning and throughout the day, as it was Saturday, and never reached him. So I sent him an email, which I knew he’d get on his phone, and told him to reach me Sunday. He did, we talked, and he brought his computer over and left it with me.
The first thing I did was to hook his computer to my monitor and other stuff. Then I disconnected my wife’s computer from the network and booted his up because I wanted to see what it would do. It booted up just fine, and when it was loading suddenly I saw this message saying the C drive had been compromised, and that he could buy some product to help fix the problem.
I’m assuming most people reading this blog know this already, but he had malware on his computer. The reason I disconnected my wife’s computer from the network up front is because I was betting he had malware. There’s no such message ever telling anyone that their C drive has crashed; it just doesn’t work that way. If it had crashed the computer wouldn’t boot up, instead emitting these little beeps that drive someone like me crazy because of their pitch.
How did he get the malware? I have no clue, and neither did he, but often I see this type of thing when someone goes to a website that’s been compromised, they get an initial warning saying something might be wrong with their computer and to “click here” to check it out, and there you go. The uninitiated will fall for it almost every time, and my client would truly be considered one of the uninitiated.
The trick then is to get rid of the malware. His computer couldn’t access the internet, as figures, so I went to my laptop and downloaded a copy of ComboFix, which works wonders with XP computers; there’s no equivalent yet for Vista or Win 7so I’d have had to do a search on how to get rid of it for his particular issue, but for XP ComboFix is the way to go. I loaded it, then it went online to look for updates and it was ready to go.
What you’ll sometimes see is it saying you have some kind of scanner or virus program running. In this case it said he was running Microsoft Essentials, but I know I’d turned it off and I’d also disabled it under msconfig, and rebooted before running the program, so I knew it wasn’t running. ComboFix will still run, but it’ll tell you that it might not work as well; so be it. The program will create a restore point, then do its job, which could take awhile or it might work fairly fast. In this case it took about 25 minutes, but it killed the malware.
The next thing I did was install CCleaner, which a few people mentioned in my post on clearing out browser history, and ran it in both ways. By that I mean I first ran it to look through all the browsers on his computer to clean things out. Good thing I did because it discovered two dormant viruses that it took care of. Then I ran a registry check and it found over 1,300 bad entries, which I cleared up and then ran it again to fix whatever was left.
After that I added an antivirusand a firewall. Thing is I thought I’d added it to his computer last year when I repaired it, then remembered that this was actually a new computer of only a few months that I hadn’t seen before.
What are the lessons here? One, if you get a warning on your computer and it’s not from a program you know you’re running, don’t click on it. Two, if the message belies the action, such as a message telling you that your hard drive has crashed and yet you’re computer is still running, it’s malware. Three, at the very least disconnect your computer from the internet (if you’re running cable like I am) to help keep things under control. Four, make sure your computer has antivirus and firewall protection.
Oh yeah, a number five; if you go through something like this and have to ask someone else to fix it for you, ask them to clean things out while they’re in there and don’t gripe about the price, since you should have asked up front what it might cost. Even though I didn’t just sit there watching stuff running, it did end up taking me 3 1/2 hours to clean out all the junk on his computer, including all these programs that were automatically running because they’d inserted themselves into his start up files, large temp files from software loads, etc. When he got his computer back that sucker was once again humming like it was new.
You’ve got to protect your hardware; you probably need your computer more than you think you do.
I have spent the better part of the last 24 hours trying to repair a friend’s computer. Actually, not quite a repair; seems he got a few viruses and malware on the computer while downloading shared music through Limewire. Suddenly he was getting all sorts of popups, then it wouldn’t let him open any programs except the one offered to fix everything; if you’re computer savvy you know where this one’s going.
Since it’s still on XP I went and pulled out trustly ol’ Combofix, which has never failed me in the past. And this time… it failed me! It wouldn’t load, consistently saying some file had crashed and asking if I wanted to send it to Microsoft for review. Sometimes I do that, sometimes I don’t, but this seemed somewhat suspicious. So I looked it up on my computer and found that if I’d clicked on it more malware and nasty stuff would have been allowed onto the computer; ick.
I went through a litany of things; after all, I had just cleaned and fixed this computer about 2 months ago. Nothing was working, including going through the registry trying to track down this one particular virus. There were some programs that said they’d fix it for a price, but I wasn’t having it, especially for someone else’s computer.
Finally, I decided it was time to go back to square one. Okay, maybe not quite square one, since I didn’t start with that, but it was time to go to the WABAC Machine for this particular computer; it was time for System Restore.
System Restore is a program on your computer that allows you to reset your computer to a time and place before you added something new to your computer. If you’d downloaded songs and the like it won’t touch those, but if you’d loaded any programs whatsoever it would eliminate anything you’d done that affected the registry since the last time your computer had a system restore point. There are some folks who recommend turning this off to speed up your computer performance but trust me, it’s worth a slight decrease in speed to keep this sucker open.
I opened the program and went back about 4 weeks, which I figured was a safe enough period of time where this computer was running better, and I loaded it. The sucker took almost 30 minutes, but that’s okay because I knew when it was done almost everything would be fine.
And I was right. When it had completed its task all his icons were back, his wallpaper was back, and I opened a few programs just to make sure they were back as well; they were. I could have said I was done at that point, but nope, it was time to add more stuff.
There was no antivirus on the sucker, so I downloaded and added AVG, which is not only free but looks for a few other things than just viruses. Then I added a firewall, Zone Alarm, which still works great on XP computers. I ran a full scan on his system and found some minor virus that must have been residing there some time ago, and got rid of that. Otherwise the computer was now totally clean and, after telling tons of things that he and his wife had starting up automatically and sitting in the background to beat it, loading much faster.
System Restore just might be your best friend; whew!
While talking to one of my best friends Monday night, she mentioned that her computer had suddenly just crashed and wouldn’t work anymore. I had sent her a message earlier in the day through Facebook letting her know that I thought she might have a virus on her computer because I’d received two emails from her email address that had a link going back to Germany, and saying nothing else. I knew she didn’t send them, so I figured it had to be coming from her computer.
She told me that she had also been unable to get the computer to reboot, even to safe mode, and that she kept getting the Blue Screen of Death (BSOD). I’m sure everyone who’s ever been on XP has had to deal with it at some point; I dealt with it often before getting this new computer. But not being able to boot into safe mode; that was something new. I told her to bring it over and that I’d see what I can do; I love challenges.
I got the computer this evening, hooked it up, and turned it on. She was correct, that bad boy just wasn’t going to boot up at all. I knew that to get into the computer I was going to have to pull out my old XP disc and boot it up with the CD. I pulled up an old bootleg CD and it booted just fine; I did have to go into the BIOS to tell it to look for the CD option first.
I decided to go into the Recovery Console option, which many folks will tell you not to do unless you know what you’re doing, and I figured I did, even though it’s been about 10 months since I’d been into a computer with XP on it. I tried to run “bootcfg” in some fashion, but nothing would work initially. I finally got it to give me a message saying I had to run “chkdsk” first, which I tried, but nothing would happen.
I decided to try it again to see if maybe it had corrected itself; nope. But I also knew that the bootleg wasn’t going to get it done. So I pulled out my genuine copy, put that CD in, and booted the computer up again. I went back into Recovery Console and tried to do chkdsk again. This time it did what it was supposed to do, finding some errors along the way and fixing them. I was going to try to run bootcfg /rebuild and create the boot.ini file again, but I decided to see if the computer would boot up since chkdsk worked.
This time it booted up perfectly, and all was right with the world; well, at least the bootup was. I hooked my cable to her computer and tried to open a browser; wasn’t happening. I knew that something was in her computer messing things up, and that I had to run some checks on it.
The first thing I did was go to my wife’s computer and download the latest version of Stinger.exe from McAfee. The new version checks for more than 1,300 viruses, as opposed to the 600 or so it used to check for. That bad boy took about 40 minutes, and when it was done it found nothing. I knew I couldn’t stop there. So I ran Combofix, which some of you might remember I had to run on a different friend’s computer’s in June. It did its thing, taking about 25 minutes again, but it found malware that it cleared out of the computer, though a couple of times some kind of thing popped up, trying to fight its way back into play. While it’s doing its thing, at some point it will reboot itself, and when the computer comes back up runs chkdsk again and does some other things before it’s finally completed its work.
Her computer is running okay once more. I say that because they’re over capacity on the hard drive, and it’s going to run slow until her husband moves over most of his music and video files to the new external hard drive he purchased. But this is a good lesson for everyone else, I figure, which is why I’m sharing it with you. I hope it doesn’t happen to you, but if it does, hopefully it’ll give you an idea of what you can try.