Tuesday, December 28, 2010

Infiltration Alert Virus attacked my notebook

My notebook is running Windows 7 Home Premium 64bit.

It was infected by a series Trojan viruses that displayed 4 symptoms:

  1. Outlook 2003 stopped showing non-embedded images
    (This was because the trojan had turned on Internet Explorer’s Proxy settings and was directing all Internet traffic to itself. I use FireFox so I didn’t notice)
  2. Some hours later, I started to get popup windows that warned of an infiltration alert while running a fake anti-virus scanner.
    1. I found each of these using task manager, killed the process and deleted the offending EXE which was usually within my User Application Data folders
    2. Variations of this virus kept reappearing
    3. each variation offered to fix my problem by installing an anti-virus package
  3. The virus then started up IE and directed me to porn sites or displayed pages that told me my computer was infected and directed me to sites that would fix my problem
  4. The viruses became more aggressive and started deleting processes
    1. sometimes the virus warned that the EXE had become infected and again offered to install the solution
    2. I could not start task manager or my anti-virus software.

Eventually I rebooted in safe mode (see here to see how) and tried various free anti-virus scanners:

  1. "AVG Anti-Virus Free” found nothing (and was the solution being used when the PC became infected)
  2. McAfee VirusScan” and “Microsoft Security Essentials” each found and deleted some viruses
  3. http://www.malwarebytes.org/ found and deleted the offending trojans

Here is an incomplete list of anti-virus solutions that does not include malwarebytes.

This tutorial gives some background.

I am currently running belt and braces:

Here is the Malwarebytes log file:

Malwarebytes' Anti-Malware 1.50.1.1100



www.malwarebytes.org



 



Database version: 5402



 



Windows 6.1.7600 (Safe Mode)



Internet Explorer 8.0.7600.16385



 



27/12/2010 9:43:28 PM



mbam-log-2010-12-27 (21-43-28).txt



 



Scan type: Quick scan



Objects scanned: 156278



Time elapsed: 2 minute(s), 31 second(s)



 



Memory Processes Infected: 0



Memory Modules Infected: 0



Registry Keys Infected: 0



Registry Values Infected: 5



Registry Data Items Infected: 0



Folders Infected: 0



Files Infected: 3



 



Memory Processes Infected:



(No malicious items detected)



 



Memory Modules Infected:



(No malicious items detected)



 



Registry Keys Infected:



(No malicious items detected)



 



Registry Values Infected:



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mbbloqvs (Trojan.FakeAlert) -> Value: mbbloqvs -> Quarantined and deleted successfully.



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysMap.NET (Trojan.Agent) -> Value: SysMap.NET -> Quarantined and deleted successfully.



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\abhqgrhe (Trojan.FakeAlert.Gen) -> Value: abhqgrhe -> Quarantined and deleted successfully.



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lcdgdvcm (Trojan.FakeAlert.Gen) -> Value: lcdgdvcm -> Quarantined and deleted successfully.



 



Registry Data Items Infected:



(No malicious items detected)



 



Folders Infected:



(No malicious items detected)



 



Files Infected:



c:\Users\John\AppData\Local\Temp\pqnwiwvmd\sydyluulajb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



c:\Users\John\AppData\Local\Temp\0.9150089036818203.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



c:\Users\John\AppData\Local\Wdcfg3xx\sysmap.net.dll (Trojan.Agent) -> Quarantined and deleted successfully.




Monday, July 5, 2010

Sync your Outlook Calendar between PC, notebook and workplace

 

imageAll you need is:

  1. a Gmail or Google Apps account with an active Calendar
  2. Google Calendar Sync installed on each computer that you need to have a synchronised calendar

Basically you:

  1. Install the software
  2. You will be prompted to enter you calendar account
    calendar_89955a_en[1]
  3. You will notice a new icon in your sytem tray
    calendar_89955a_en[1]
    It shows arrows when it is actively syncing
  4. Right click to change options or to force an immediate sync
    calendar_89955a_en[1]

Detailed instructions and download details can be found here.

Tuesday, February 23, 2010

NetBeans: Retrieve “Local History” archive from old installation

I recently upgraded from Windows 7 RC to Windows 7.

I also installed the latest version of NetBeans IDE (6.8).

I wanted to bring the “Local History” archive to the new installation.

I found the files on the old installation at:

D:\Users\John\.netbeans\6.7\var\filehistory

I copied all the files to:

C:\Users\John\.netbeans\6.8\var\filehistory

Everything seems to be fine. Just change the base path in the above example.