4th April 2012 - Web based Virus Infection
Last night I was attacked by a virus. All I was doing was browsing the web on programming sites and stumbled across a site which must have been a hack site. I was running IE9 and before I could react, an ActiveX app ran and the computer went haywire. Background went black, all my desktop icons disappeared. The task bar changed and all these alerts popped up stating I had a corrupted hard drive and here is a program that will fix it. The thing that saved me as it was trying to run a program that needed Admin rights and I thought running c:/users/xxx/temp/UAC.EXE didn't seem right.
Lucky I had Microsoft Security Essentials running which picked up that my computer was infected by Win32/FakeSysdef.
From http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3aWin32%2fFakeSysdef&threatid=2147639286
Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter".
Once I did a couple of virus scans, a couple more reboots, and ran the port scanner I found a few weeks ago, I was happy the computer was again clean. Unfortunately, it modified the registry and made a mess, so I just created a new user and copied all my data files across to it and seems to be ok.
Pretty close call. It has been years since I've been affected by a virus, and is interesting because I've only started using Internet Explorer again a few months ago. Perhaps I should rethink the way I browse the internet.
Lucky I had Microsoft Security Essentials running which picked up that my computer was infected by Win32/FakeSysdef.
From http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3aWin32%2fFakeSysdef&threatid=2147639286
Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter".
Once I did a couple of virus scans, a couple more reboots, and ran the port scanner I found a few weeks ago, I was happy the computer was again clean. Unfortunately, it modified the registry and made a mess, so I just created a new user and copied all my data files across to it and seems to be ok.
Pretty close call. It has been years since I've been affected by a virus, and is interesting because I've only started using Internet Explorer again a few months ago. Perhaps I should rethink the way I browse the internet.
Comments
Post a Comment