After Alexa's HP desktop computer got a brand new power supply, I suspected the computer to be a happy piece of machinery for a long time to come. (Ref. The tale of the HP Pavilion, below) But I was wrong. Last Friday I got another phone call from Alexa, and she could tell that the computer had got a bad virus and it was now impossible to use. I offered to help once again, and went over to her house last Saturday.
I have always run some sort of anti virus software on my computers, everything from expensive (and overpriced?) Norton, to good freeware like AVG and Avast. This has probably saved me from ever having to deal with any really bad virus infections. But Alexa definitely had a virus or some bad malware running. Pop-ups telling me that the computer was infected kept popping up, and if I clicked them, an interface popped up and told me that the computer was being scanned, and recommended me to buy some kind of software. This was of course fake alerts generated by the virus, so I never clicked the link. I don't know what you could actually find there, but probably nothing that could solve this problem. IE also kept popping up from time to time, telling me where to find and buy adult entertainment. Nice..
The fake antivirus popups seemed to come from a little icon on the notification area, so there was obviously some process going on. I tried to find out more about it, but no matter what I tried to run, MRT (Malicious Software Removal Tool), taskmanager, search, etc, I just gor error messages telling me that the process was infected and could not be executed.
I suspect that there had been no working anti virus software on the computer, so after getting the virus, Alexa had bought and downloaded some software. But the install was corrupted, probably because of the virus, and the application would not start. So I went round and round with the anti virus software and different anti malware software for a while, both in safe mode and normal mode. Some of them could not be installed in safe mode, while others could be installed but would not perform scans in safe mode. Back in normal mode, the applications were corrupt and would not start. At last I managed to install Malware Bytes, and perform a full scan, but it didn't find anything.
So I took the HP back home, and started looking carefully into it. Without network it took a while for the virus to start, so I got task manager opened, and took notes of the processes running. After the virus started sending pop ups, I discovered a process named "xydisftav". I didn't find any information online, but both Jenn and I agreed that this seemed suspicious, so we stopped the process. That seemed to halt the virus , so I did a file search, and found the file xydisftav.exe under C:\Documents and Settings\user\Application Data. The file got deleted, and I was happy to see that the pop ups didn't show up again. The virus was gone!
I decided to put some kind of basic anti virus on the computer, but the AVG download process caused me two BSODs and I don't like the Avast user interface, so I decided to go with Avira Antivir. A lightweight free anti virus application that has a decent interface and does a good job according to online sources. For the next days, I let the computer run day and night, performing various virus and malware scans. In the end nothing more was found, and a happy Alexa could stop by and pick up her computer again. The poor HP has had some unfortunate experiences lately, but I hope life will treat it better now, and that I won't have to see it again for a while.
Bjørn Sveigdalen
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment