Infected by a Trojan Horse

I used to work for a multinational computer antivirus company several years ago. So, I’m quite knowledgeable when it came to computer viruses and trojan horses. I know how they operate and I kind of know what to expect if my computer ever gets infected by them. Or so I thought. I unfortunately didn’t realise how cunning a virus could be nowadays.

Although I have an antivirus software installed on my PC, it’s not exactly top of the line. It was one of the two popular freebie antivirus software available on the Web today. Still, I was pretty confident that it would catch almost any virus that would try to infect my machine. It just turned out that it didn’t catch a trojan horse called Vundo or a variant of it.

At the time I didn’t know what it was. All I know is that I double-clicked on the installer of a trial-ware program I downloaded from the Web and then nothing. I looked at the folder where the program should be and it wasn’t there. Uh-oh, I thought. I then scanned my hard disk for viruses as a precaution but the antivirus software found nothing. I didn’t believe the results then but what if the AV was right? I carried on as normal for that evening.

The next night when I opened up Firefox, a pop-up window appeared instead of Firefox.

Now, I’m computer savvy enough to know that this pop-up dialog box wasn’t generated by the system. It was likely to be a javascript run from my web browser. What concerned me was that it run by itself even before I did anything. That could only mean that a virus or something has installed itself on to my PC and added this code so that this pop-up dialog would come out when I use my browser. After further investigation on the Web, I found a Wikipedia entry on WinFixer.

Every now and then, my current AV would alert me to the presence of a trojan on my PC. Apparently, it could catch some variants of the trojan horse but not all of it. The trojan horse variant I may have accidentally run was a polymorphic type. Meaning, it changes its own code so that AV scanners would have a tougher time matching the correct virus signature to the virus. So, I decided to downloaded three more AV programs to see if any of them could find all traces of the trojan on my PC and remove them.

The different AV scanners I used found variants of the Vundo trojan horse and removed them with no problem. However, I must have a newer version of it that the current AV programs can’t properly remove it all because after rebooting my PC, I still get the WinFixer problem when I use Firefox or Internet Explorer.

Well, according to the information I’ve read regarding the trojan, the risk and destructiveness ratings are on the low end. But, I couldn’t allow a trojan or virus living in my PC to be left unremoved. Sure, it doesn’t seem so dangerous now but from how I understand how it works, it may be possible that the trojan could install a more threatening hidden script on my web browser at a future time. I was more concerned that it would track down my usernames and passwords and send them to the maker of the trojan.

And so, I spent most of my spare time trying to get rid of the stupid trojan. All the AV scanners I’ve installed kept telling me that there are no more viruses on my machine yet the WinFixer dialog keeps popping up when I use Firefox. It just wasn’t acceptable to me. I continued my search on the Web on how I could possibly remove the trojan manually.

I came upon Symantec’s dedicated Trojan.Vundo Removal Tool. Exactly what I needed, I thought. And so, I foolishly followed the instructions on Symantec’s website including the part where I should turn off my Windows XP System Restore feature! I sure regretted that move.

I tried the tool and it didn’t find any Vundo trojans in my system. Yet, I still get the symptoms of the same trojan: uninitiated pop-up windows and the intermittent Vundo virus alerts from my AV. It was only after all that that I found a suggestion that I could maybe just use the System Restore to go back to a Restore Point when I haven’t run the trojan for the first time.

I could’ve tried that except all my old Restore Points were all gone now because I turned off the feature earlier. That was the last straw for me. It was then I decided that I’ll just reformat my PC and start over from scratch. It was going to be a long process but I’ve already wasted a lot of time trying to remove the persistent trojan in my PC. And I predicted that I was going to waste a lot more of my precious spare time cleaning it up by following detailed manual instructions like this: WinAntiVirus – FixVundo Solution.

I haven’t actually finished installing all the software I had before but at least I have now the peace of mind of knowing that my system is free of viruses and trojans. The only real hassle I’ve encountered so far was that Firefox (understandably) doesn’t remember the username and passwords I’ve saved for the websites I frequented. On the plus side, I got rid of all the unnecessary software that was installed with my PC when I bought it from Dell.

Now, I really feel good about reinstalling my PC and starting up from scratch again. I should’ve done it earlier.

If you haven’t been infected with a virus or trojan yet, read this: How to protect yourself from malware!

If you already got infected with a virus or trojan, read this:
READ & RUN ME FIRST post from MajorGeeks.com.

And if you are infected with a virus or trojan that requires special removal procedures, read this: Special Removal Procedures – TitanShield, Virtumonde, Qoologic, SpyAxe, Look2ME, etc.

Advertisements
Published in: on October 16, 2006 at 12:37 am  Comments (2)