Tales of an Infected Laptop

Earlier this evening I was working on a few blog posts for my boss, minding my own business. I was in what I jokingly refer to as my zone. When I’m writing, it’s actually hard to distract me. You have to yell at me, or poke me repeatedly. I’ve gotten quite good at blocking things out when I’m writing. I’ve had to do that being a work-at-home Mom. It’s not easy to get anything done if you hear every sound coming out of your teenager’s bedroom!

As I sat there writing, my zone was shattered by the yells from my daughter. She was screaming for me to “Hurry! Help me!”. Thinking for sure something horrible had happened, I nearly killed myself getting out of my chair and into her room. I crossed the doorway to see her pointing at her laptop with a completely horrified look on her face. I look down, knowing already what I would see, and sighed heavily. You guessed it… popups… of the adult variety. Great. Just lovely!

As I began to take a look at the machine, the first thing I noticed is that there were not any protection programs running. Back up a moment… what? She’s been lectured for years now. She knows those programs have to be running at all times. Apparently, my oh-so-smart fourteen year old had decided those programs were a bother, and uninstalled them. Gee – wasn’t that wonderful of her? More grumbling comes from me as I download, install and update MBAM. The scan, of course, found and removed several things. I also ran ATF Cleaner, which removed nearly 400 MB of junk from her system. Good grief! Keep in mind, this install of XP is only about five months old!

After rebooting, I noticed that the address bar in Firefox wouldn’t work. Okay, fine… let’s uninstall and reinstall. Hooray! That fixed that issue. I lectured her once again, and installed Eset Security Suite on the laptop. I came back to my desk and muttered some more to other staff members in our IRC Channel.

One of the people present, Atribune, is one of my long-time heroes in the malware community. Dave owns and runs his own website, and has been one of our tool creators for years. He suggested that I run gmer, just to be on the safe side. Fine, fine, let’s do this! I download and run the tool… only to have some very strange results pop up. Atri looked at them via the text file I pasted him, and immediately asked me to let him connect to the machine remotely. *Gulp* This cannot be a good thing…

Thankfully, all was well, and the offending files ended up being harmless. However, as all this was going on I made my daughter watch what Dave was up to during the remote session. Her eyes bugged out and she started getting seriously worried that she would lose all of her pictures. This is a teenager like all other teenage girls – she adores taking pictures of herself (and others sometimes, as well). There are hundreds upon hundreds of photos on that laptop!!

Even though everything ended up clean and all of her files are safe, my daughter still learned a very good lesson today. Mom ended up being behind on her work by about three hours, and is getting sleepier and sleepier as the minutes drag by. I’m happy to report that all of the photos are safe and sound, and the laptop is once again protected. I have a very good feeling that it will STAY that way this time around.

What horror stories do you have when it comes to infected machines? I’m especially hearing about ones where a child or novice adult didn’t realize the perils of leaving your system unprotected. How did you deal with it? Did the person involved listen to your advice, and learn to keep their files and information safe?

  • Be glad at least you were able to save her computer. A neighbor who is not tech savvy and uses his computer mostly for Adult stuff managed to gee some how get his computer so badly infected I gave up, saved the pictures of his puppy while avoiding looking at the thumbnails of the other pictures (I'm straight, he's not, and I really have no desire or need to see that at all), and reinstalled his OS from scratch.

    And now I'm having basic connection issues on this stupid laptop.

  • Be glad at least you were able to save her computer. A neighbor who is not tech savvy and uses his computer mostly for Adult stuff managed to gee some how get his computer so badly infected I gave up, saved the pictures of his puppy while avoiding looking at the thumbnails of the other pictures (I'm straight, he's not, and I really have no desire or need to see that at all), and reinstalled his OS from scratch.

    And now I'm having basic connection issues on this stupid laptop.

  • Matt

    I work in a PC repair shop, so I see issues like this almost daily, but one incident in particular stuck out in my mind:

    I had a lady bring in her PC to have a virus removed. The only way she knew there was a virus on there was when she got a rogue anti-virus that told her "Your computer is infected!" During the check-in, she asked me what a specific error message that kept popping up meant. That error was the Windows Security Center's "Antivirus software is not installed". So, I explain to her that this is why her computer is infected. I was completely dumbfounded when I asked her if she'd like us to put some security software on her PC for her and she said no.

    After completing the removal, I called her up to let her know that it was ready to be picked up. Again, I asked her if she'd like some security software. Again, she said no because "she couldn't afford it." I wanted to scream when she called back after picking up the PC, asking how she could get rid of "this message that keeps popping up" (yes, it was the same "antivirus is not installed" message)...

  • Matt

    I work in a PC repair shop, so I see issues like this almost daily, but one incident in particular stuck out in my mind:

    I had a lady bring in her PC to have a virus removed. The only way she knew there was a virus on there was when she got a rogue anti-virus that told her "Your computer is infected!" During the check-in, she asked me what a specific error message that kept popping up meant. That error was the Windows Security Center's "Antivirus software is not installed". So, I explain to her that this is why her computer is infected. I was completely dumbfounded when I asked her if she'd like us to put some security software on her PC for her and she said no.

    After completing the removal, I called her up to let her know that it was ready to be picked up. Again, I asked her if she'd like some security software. Again, she said no because "she couldn't afford it." I wanted to scream when she called back after picking up the PC, asking how she could get rid of "this message that keeps popping up" (yes, it was the same "antivirus is not installed" message)...

  • David

    I had a really nasty Rogue AV on my PC once (Zlob, assorted Fakealerts, I think IEDefender too, and of course, a rootkit) and it got so bad I ended up just doing a reinstall of XP. Keep in mind I was probably 12 then, and I had absolutely no idea what an AV was for - I just figured it was something you had.

    I am a whole heck of a lot more careful about what links I click on now. Not to mention I actually decided to learn about computers and what programs are good.

    I actually used MBAM to clean a friends PC a few months ago, and I felt pretty proud of myself that I recognized that it was a rogue AV and I dealt with it.

  • David

    I had a really nasty Rogue AV on my PC once (Zlob, assorted Fakealerts, I think IEDefender too, and of course, a rootkit) and it got so bad I ended up just doing a reinstall of XP. Keep in mind I was probably 12 then, and I had absolutely no idea what an AV was for - I just figured it was something you had.

    I am a whole heck of a lot more careful about what links I click on now. Not to mention I actually decided to learn about computers and what programs are good.

    I actually used MBAM to clean a friends PC a few months ago, and I felt pretty proud of myself that I recognized that it was a rogue AV and I dealt with it.

  • Aoiffe

    I assist with a program at a library.One student used a pen drive with work for a class. However, after he left, the next user[me] got a popup that was unacceptable, i downloaded ThreatFire and that worked.

    The next time,the computer acted strange again. Adult material showed up then the computer turned off by itself.it was turned back on but Windows XP would not start up. Hortunately,someone persisted with F8 and got it working again. Then he downloaded something and the computer is working again. But such experience arescary because students young and old use the computer.While the older students may be able to cope, it is frightening to younger children who tend to go home and tell their parents.

  • Aoiffe

    I assist with a program at a library.One student used a pen drive with work for a class. However, after he left, the next user[me] got a popup that was unacceptable, i downloaded ThreatFire and that worked.

    The next time,the computer acted strange again. Adult material showed up then the computer turned off by itself.it was turned back on but Windows XP would not start up. Hortunately,someone persisted with F8 and got it working again. Then he downloaded something and the computer is working again. But such experience arescary because students young and old use the computer.While the older students may be able to cope, it is frightening to younger children who tend to go home and tell their parents.

  • Henrik

    Well my worst story, hmm cant say i know for sure there are alot of "adult" virus infections whether wanted or not i dont ask and dont care.

    However what i usually do the 2nd time somone asks me to help them get rid of virus? reinstall, not that i cant remove the virus 99% of the time it is possible its just that when i am done there is a 100% clean machine with AV/FW antispy- and now adays mbam, configured to update and run weekly.

    Hence they only way they can be reinfected is if they did not pay attention to the "THINGS NOT TO DO" list and then deleting everything they had usually reinforces the idea to stop doing stupid stuff.

    Mean ? yes absolutely but i got tirred of removing virus from the same 5 family members again and again.

  • Henrik

    Well my worst story, hmm cant say i know for sure there are alot of "adult" virus infections whether wanted or not i dont ask and dont care.

    However what i usually do the 2nd time somone asks me to help them get rid of virus? reinstall, not that i cant remove the virus 99% of the time it is possible its just that when i am done there is a 100% clean machine with AV/FW antispy- and now adays mbam, configured to update and run weekly.

    Hence they only way they can be reinfected is if they did not pay attention to the "THINGS NOT TO DO" list and then deleting everything they had usually reinforces the idea to stop doing stupid stuff.

    Mean ? yes absolutely but i got tirred of removing virus from the same 5 family members again and again.