May 18, 2008

Trojan attacked!

Posted in Uncategorized, Why is it like that? at 4:59 am by qballkubal

The creators of virus and trojan have been hinting on the growth of movie streaming and video uploading site recently. They spot these sites as new places to prove that they have genius in making us miserable by having our computer infected. My notebook got infected two weeks ago, when I was streaming one video. Apparently, there was a notification window suggested that the video is best viewed with blabla codec.msc. There I was, so foolishly and heedlessly agreed to download the codec. It was peculiar though, for in a split second the codec has successfully downloaded. I believe that my mind was not on the right place at that time, because without any hesitation I double clicked the suspicious file. What happened next was really shocked me to death. My wallpaper changed suddenly into bright blue (not blue screen though) with quite big yellow head box stated:

Warning! your computer has been infected by virus/spyware!

Please install an antivirus!

Damn! I was in the middle of finishing my last paper for this semester and suddenly my notebook was lagged because of the trojan. Apparently, this new trojan was able to use more than 70 percent of my CPU and RAM in less than one minute after it has successfully penetrated my notebook. To tell you the truth, I was really panicked. I ran the newest AVG 8 (free version) for more than three hours and the trojan was still there. After spending some time searching for any information, I found out that this trojan was recognized as trojan zlob. AVG 8 (free) can detect and remove them but somehow some of the trojans (yup, more than one. I think they could also cloned themselves once they were inside the system) could not removed and stay hacking the system.

I almost gave up and threw away the notebook to the trash, when my friend suggested me to try Kaspersky 7. He said it works even better than AVG Pro 8. It turned out he was right! With less time required to perform complete system scan than AVG 8 (Free), Kaspersky 7 was able to identify all the trojan and swept them away.

Only one problem remained, since the trojan was also smart enough to disable my windows task manager (the ctrl-alt-del feature) I had to fix it manually. It was fortunate that I still remembered how to access the registry editor, for I had been troubled before by a virus with the similar ability. Here is the way to access registry editor and enable the windows task manager (for XP) again (from amahdy):

-Open the windows registry [Run, type “regedit” then press enter]

-Open “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\” (HKCU is HKEY_CURRENT_USER)

-If there isn’t a subkey called “System” then you don’t have any configured administrative operation on the system section … ok let’s open the “gpedit.msc” again and disable the “Remove Task Manger” option … after a refresh you’ll be able to see this subkey “System” and contains a DWORD value called “DisableTaskMgr” , and its value is set to “0” …

-Actually the value “DisableTaskMgr” should not exists if “Remove Task Manger” is set to “Not Configured” … or if it has a value so “0” means “Disabled” and “1” means “Enabled” .

Make sure you don’t touch anything that you are not familiar with, for some registry entries are related to the core activity of the Windows.

Phew! What a day, spending about more than eight hours to figure out and fix the trouble. However, in the end I had to uninstall Kaspersky 7 since it crashed with Cambridge Advanced Learner’s Dictionary 2 (CALD 2). Apparently, it could not recognized the database in CALD 2 and thus, labeled it as a virus (every dictionary program under the SECURE-ROM database will experience the same problem with Kaspersky 7 as CALD 2 had).

Picture from istockphoto.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: