Friday, November 30, 2007

SmitFruad Schanden

It's been a trying few days. On Saturday our trusty home PC got a bit of nasty stuck in it's craw. Somehow during her normal internet activities Mando opened up the door for a nasty virus to come on in and make itself to home. Admittedly, I had let my anti virus protection slip, my McAfee subscription was up sometime this summer, and I wasn't terribly surprised that we were being invaded. What I didn't expect was how annoying it could be to solve the problem. At first I haphazardly uninstalled programs whose function I did not know or whose names looking more like a Jumble then a title "ucqiluvp.exe" is just suspicious enough that it gets a prejudged uninstall. When that didn't work I went to Plan B I fought against the constant pop-ups and installed AdAware 2007 then babysat the scan all the while I was ending the numerous processes that were spawning to slow my computer to a dead stop. Install completed and updates installed time to scan. The first scan through AdAware found 700 some odd problems and was able to remove about 600 of them. Unfortunately whatever problems it took care of weren't the worst ones because I still had 95% of the symptoms.
Crying I gave up.
John versus The Virus- Day Two:
Armed with advice from my good buddies on Google Chat I sat down determined to kick this BUGger in the butt. Thinking that Internet Explorer had been comprimised I download Firefox (I know I should have been using it all along but it is a memory hog and my machine was never the top of the line) then set to uninstall IE7, the uninstall runs, the program leaves the all programs list BUT IE7 keeps opening on the accord of every drug selling, spyware faking advertiser on the planet. GRRRR. Plan C: System Restore- We don't keep to many documents on or PC as it is, our pictures are all on Flickr (Flickr Pro the modern solution for photo packrat-ism), so I'm not worried about losing anything more then my World of Warcraft UI Mods and I know where to go to get them back anyways. Unfortunately my hard drive is so small that it only archives three days worth of restor points and none of them are from before my problems started... Those of you keeping Score thats Virus 3- John 0
John versus Virus- Round 4, Day 3
After spending the day shopping for a replacement machine, I go home with one last thing to try, Spybot. After another marathon of scan sitting, closing pop ups and fake system warnings and more unsolicited instances of IE7 (unistall.... what) we find another about 340 problems and we're able to eliminate most of them only 14 remain. Things look good for John now. I feel like Rocky Balboa after taking a face bloodying, disfiguring beating I have found the strength to over come and now the big Russian is about to get the pounding he deserves. FOR APOLLO!!! I yell as I reboot one last time after granting Spybot permission to scan on start-up. This scan is a refreshing change to the last three days, no pop-ups, IE7 never opens. A scan that had taken 35 minutes now only takes 20 and this time we're able to remove all but one problem. No more symptoms, we're cooking with gas again, yet for some reason I'm not relieved. I had given up on the machine and was ready to buy a new one and now I have no excuse to support the purchase of a new system. Oh well maybe next time I won't try so hard to win...

-----------------------------------------------

Okay, so I hadn't won after all. Last night when I got home our computers symptoms were back in full force. I once again ran Spybot and thought that would take care of my problems but it did not. This time however I took note of the problem it could not clean, SmitFruad C-Core.exe. With some advice from my good friend Josh (http://www.usefulconcept.com/index.cfm) I searched around until I found a solution.Thanks to Grinler on the BleepingComputer forums for your very helpful response.

At http://www.bleepingcomputer.com/forums/topic17258.html Grinler explains:

"SmitFraud has become a term to mean an infection where fake security alerts appear in your task bar stating that you are infected. These alerts tend to be accompanied by a rogue anti-spyware program installed on your computer without your consent. Clicking on one of these fake security alerts will either bring you to a home page where you can purchase other fraudulent software or will install automatically, without your permission, one of these software".

Following Grinlers advice I successfully removed another malicious program and restarted my machine, only to find that I was still getting some pop-ups including multiple windows of the previously unistalled IE7. Discouraged but undeterred I began Google searching each process running on my computer (Thank-you for the internet Al). I found that I had two .exe (winshow.exe and io4something-or-other) malicous processes running fortunately get rid of them was as easy as ending the process and deleting them from the Windows folder in my computer. Last night this worked well enough that could log onto World of Warcraft and put in some time raiding with my guild. Hopefully today when I get home everything we still be in working order.

Get these helpful free programs:
Spybot-S&D!
Ad-Aware 2007


-----------------------------------------------------
"Keep passing the open windows" - John Irving