I hope I haven't bricked my computer

[carbonel]

No, not this one. I'm typing this from my laptop.

Last night, as I was browsing the web on my desktop machine, my toolbar popped up with a message that my firewall wasn't on, and showed the usual Microsoft screen to turn on said firewall. I don't know where that came from or how it managed to load, but that (as subsequent events showed) was obviously a spoof that I got fooled by. Shortly thereafter, I got a toolbar message saying my computer was at risk, and an antivirus screen popped up showing that I was completely invaded by spyware and viruses. Except that this time I recognized that it wasn't real, because a) it wasn't the right screen for my antivirus software, and b) it was visibly a graphic rather than text -- just that little bit fuzzy.

I tried to shut it down, but it kept popping up, and I finally closed down the computer over its objections. When I tried to reboot the computer, I twice got various blue screens of death, and it wouldn't go into Safe Mode.

This morning it's going to the Geek Squad to see if I still have my files -- and to disinfect the computer, of course. The rest is merely annoying and expensive, but if it trashed my files, I shall be exceedingly unhappy.

I'm incredibly annoyed with myself for falling for this, though I partially blame Windows, with its helpful (real) popup screens.

ETA: The guy at the Geek Squad recognized my description, and said it's not a destructive virus. So it's money and aggravation, but not a disaster. Also that it's a fairly new class of webpage-based malware. So beware of Windows popups while browsing the Web.

Comments

[aedifica]

Good luck! That sounds like a nasty one.

[minnehaha.livejournal.com]

Yeesh.

K.

[yarram.livejournal.com]

Unfortunately, not that new. I've been seeing that family of viruses ripping off Microsoft's logos and trademarks for at least a year now. But so far, none of them are terribly destructive, they're just bandwidth hogs and a pain to get rid of (short of saving data and reinstalling the OS).

[carbonel]

How does one get rid of such a thing, short of reinstalling the OS, given that I was left in a situation where I couldn't boot the computer?

Is the fix to boot from a CD and then manually yank out the malware, or is there something more elegant? I'm religious about making rescue disks for laptops, but I hadn't thought I'd needed one for my desktop machine.

If I get caught again (not that I have any intention of doing so), I'd like to know how to deal with it myself. And how to fix it for someone else, for that matter. Don't want to pay for this more than once.

[spacecrab.livejournal.com]

Generally, what I do is take the hard disk out of the computer and temporarily attach it to a second computer to run an AV program. (There are a number of cheap hardware devices that make it easy to plug a hard disk into a USB port on a second computer. Here's one (http://accessories.us.dell.com/sna/products/External_Hard_Drives/productdetail.aspx?c=us&l=en&s=bsd&cs=04&sku=A1164717).)

If you think it's less trouble to keep the disk in the computer and try to fix the operating system from there, that's sometimes possible, but it can get even geekier. This (http://www.nu2.nu/pebuilder/) is a utility that lets you make a Live CD version of Windows, which you can boot and run an AV program from. I'm guessing you might find it easier to pay someone or find a geek friend to temporarily lift the hard disk out of the desktop computer.

Doing an upgrade in place over the existing Windows OS (or installing a second minimal version of Windows) on the infected disk are iffier propositions. If the virus is clever, it may quickly knock out the new version you install, and more stuff can get corrupted. FWIW, if you want to geek out, I gave pecunium some tips that might be useful, last year, in an ML thread (http://nielsenhayden.com/makinglight/archives/010900.html).