I don't know who to put on this Shit List for the episode below other than myself.

I have learned a ton-load of information on this forum and I have prided myself on keeping my computer as clean as it can be. I have visited some pretty strange places and, by acting with due caution, the closest I ever came to being invaded by spyware or a virus was being stuffed with a cookie. CCleaner kept that up to snuff, too.

Well, I was doing a White Hat project. A small one to get my feet wet. It was based on a keyword that had about 250 searches a day, about 2,500 sites only, and reasonably high-priced products. Looked like a no-brainer. So off I went to analyze some of the sites that use this phrase.

Some of them were cool, but one (a blog) looked like nothing but a keyword list with each keyword being an anchor text. There was some decoration, but it was sparse. I found my phrase and clicked. Up popped a new screen offering to show a video about the phrase.

The way it was laid out looked kinda weird. It looked like a frame within a frame or something odd like that. Still, who cares? I was doing White Hat stuff, right? Nothing could happen to me, right? I knew my shit, right? I was a badass who hung out on Black Hat World, right? I DIDN'T NEED TO THINK, RIGHT?

So I clicked on the video to download it (duh!) and all hell broke loose.

Fuck me!

I got a face-full of trojans and viruses like I have never seen. One of them disabled my task manager and installed a so-called XP antispyware that started grinding and grinding, except you couldn't turn it off. It was obviously sending shit from my hard disk out to the net, so I pulled the plug on the Internet connection after about a minute of trying to find a way to turn the program off. That was the only smart thing I did up to that point.

I will not bore you with the gory details except to say that I took almost 3 days in hell of only doing that to kill well over a hundred trojans (including some really nasty ones) and viruses. The only virus I kinda hated to see go was a rather benign one that had a bunch of virtual cockroaches crawling all over my screen and taking bites (with resulting chunks missing) out of icons and task bars.

I zapped all those trojans and viruses, though, every stinking one of them. But what a mess.

I use Firefox, not Internet Explorer. But IE has to be present on the computer, otherwise some Microsoft things don't work well. And even though I was using Firefox, well over half of my woes came from installing themselves in IE, especially some damn Active X controls that installed themselves automatically when I wasn't looking.

Believe it or not, the latest version of AVG (the free version) got the very last problem. After going through several programs—cleanup, antivirus, anti-spyware, registry cleaners, etc., even some manual deletes—there was still one nagging sumbitch that popped-up legitimate IExplorer and DrWatson messages (but for the wrong reasons) and jammed the computer if you fiddled with them, so I couldn't kill them or turn them off. I had been using AVG version 7.5 and upgraded to 8 just to see if that would do anything. Surprise, surprise, it got the last little fucker. Whew!)

Boy was that a lesson learned. Here I am a tuna swimming among sharks and nothing bad has happened. The moment I got out into the open sea with nothing around, I got blindsided by a goddam killer whale.

Fuck me twice!

I am on the shit list with me. It's going to be a while before I let me out of the doghouse.

Next time I will pay fucking attention. No. That's not exact. I will pay fucking attention all the fucking time from fucking now on.

Damn bro.... Sorry you got hit so hard. What were you using as your primary AV?

AVG 7.5 (but now 8 point something or other)

I think my problem was that I use IDM for downloads and it tends to override a lot of things.

I still use IDM (I would be lost without it), but it is no longer integrated with Firefox.

http://www.superantispyware.com + AVG is a killer combo that anyone can get for free.

I recommend you download Superantispyware and run a full system scan, it will get anything that AVG missed.

Superantispyware is very good.. It has one of the better alert and detection services Ive used.. Get the full version though.. Cnet has a trial that you can crack w/ keygen.. AVG imo is only good for cookies. Have had too many false detections w/ it. Would recommend a firewall as well, ZA Pro and Outpost are pretty good. Just keep ZA on high otherwise stuff still slips through..

Test out SaS in safemode and clean out your regedit to see if anything was left behind. Can never be too safe.

In general I agree with the combination of Superantispyware and AVG.

I have Superantispyware. In fact, it found the first 81 infestations. I also used Prevx, which caught another half-dozen Superantispyware missed. I uninstalled Internet Explorer, deleted a bunch of stuff by hand and reinstalled it from a fresh installation file, and did a few more things (like SpyBot at the very beginning of the problem, which caught a dozen or so and disable system restore during all of this).

The only major thing I did not do, which I still think I should, is make a log from a Hijackthis scan and post it on a techy forum for advice. I have the feeling that a lot of the crap on the IE browser is neutralized by the programs I ran, not deleted from the browser. In other words, if something happens to the programs, these issues could arise again. And I want them killed dead, finit, not breathing, croaked and deceased.

I am happy now, though. I have a clean machine and it is purring.

why do u guys use free antiviruses, yes they are good, but not perfect... nod32 or kaspersky should be one everyones computer. i havent had a trojan/virus/spyware/anything since i learned what the internet was because ive been using kaspersky or nod32 on my computers. nod32 has the best heuristics ive seen - it catches homemade viruses better than piece of crap norton or mcafee.
of course this coupled with not opening random things should keep you safe.

if you had Deep Freeze, you would need just restart your machine and all would be fresh.

btw - In my last post, it sounded like I am now happy with me.

Nope.

I am still very much pissed at me.

Get some ice cream? It helps.

N

I have nod32 and it's overrated.

As far as HiJackthis goes.. It's good for picking up the exe and dll files, but thats basically it.. Half the time it don't even delete them 100%.. I have had a dll~file missing(was a keylogger) and deleted it numerous times.. It keeps replacing itself. It was in the registry somewhere. Best bet for that is SnD(keep it on high alert where you can accept/deny registry).

Ive heard good things about Kasperspy too, but gl getting keys that are not blacklisted.. Rarely ever see a good patch for it.

im lucky, using a key thats been working for the past few months

If anyone browses USAwarez.. They got some fresh keys lasting well into 09. I want to try it, but don't want to get rid of what I got now firewall wise.. Guess if it's not broke don't fix it.

Stumickel, Thank you for this post. I found myself in a similar position today --- searching the competition and sizing things up when suddenly, I got that Keith Sweat feeling ("Something, something just aint right"). Remembering what you wrote here, I backed the hell up out of there and did some ggling to find out that Yep, I'd narrowly avoided something really ugly.

Whew!