Remember meForgot password?
    Log in with Twitter
Blog Posted in avatar   Holly Goodwin's Blog

Introducing the "Windows XP Repair" virus and the "Google Redirect" virus

By Holly Goodwin
Posted Jun 27, 2011 in Internet
Last week I became the lucky new owner of "Windows XP Repair" virus and the "Google Redirect" virus! Oh joy.
I consider myself very computer literate. I've fought off trojan infections before and know all the best free anti-virus programs. I feel secure enough in roaming around in my registries and cutting out things that don't belong in there, but these two viruses were something else.
The very first word I can think of to describe these two viruses is "impressed." I was not mad or upset, but bemused by them. Let me explain:
Usually the worst I've seen is constant pop-ups or being unable to start Windows in normal mode. I've had scare-ware before -- that is, a virus pretending to be an anti-virus and telling you to buy its "anti-virus software" to remove itself. If you see an unfamiliar anti-virus pop-up and start scanning ctrl-alt-delete that thing to death and run scans from your own.
But this scare-ware went beyond that.
Perhaps the most amusing thing about it is how I got it. I've been so some pretty bad web-sites, I've even downloaded trojans on purpose just so I could get the tasty treats it promised (no, not that.) I'm young at heart, so last week I decided to relax and play on, which is a child oriented website where not even PG-13 language is tolerated. Since Viacom (MTV's owner company) bought it out I'd say their advertising tactics have been questionable, but I figured nothing to worry about as long as I kept ad-blocker up. Well, I was having problems on a part of the site so my boyfriend suggested to try it on Internet Explorer rather than Firefox. I stopped upgrading Internet Explorer since I never used it, but thought nothing of it.
Within thirty minutes my screen was spammed with critical errors of disk damage and my RAM overheating. I restarted it. When it came back up all my programs were gone, my wallpaper was pitch black, and my desktop had no icons. Those error messages kept spamming everywhere and I had no idea how to find my anti-virus since my programs had supposedly all been lost.
Then a box titled "Windows XP Repair" popped up (as seen here) promising to save my computer with a scan. I hit okay. It scanned and said there was numerous unrecoverable damage to my system, but if I bought the advanced version for $99 I might be able to save my machine. So then I thought to myself that there was no way Microsoft would put a program on the computer asking for money. Definitely scare-ware.
I grabbed Malwarebytes free anti-virus off my flash drive and stuck it into the C drive, which, SURPRISE, was working fine. Nothing had been damaged. It took multiple scans from Malewarebytes and some other free anti-viruses to clear it up. Afterwards I was left with a computer who's settings were all messed up to hide all of my desktop icons and whose programs were moved around into hidden spots to make it seem as if they were gone. It'd take some rearranging.
I went online to see if I should do anything else before calling it safe when to my surprise my internet browser was redirected to the yellowpages or other random websites other than the one that I clicked. This was the Google redirect virus, and it was a lot harder to get rid of. There was only one anti-virus that could detect it since it was buried into the deepest parts of the computer. That program was called TDSSKiller.exe, free for download, but whenever I tried to run it the virus disabled it. Even safe mode didn't work. I tried renaming the file, giving it new extensions, and all sorts of things but it couldn't run. Even a program used to disable viruses was in turn disabled by the virus.
I used to try and figure out a way to get this thing to run. I noticed that maybe 9/10ths of all the posts on their virus board was the exact same thing I had. Epidemic of a new virus that was unstoppable by virus protectors? It sounded like it. No one's anti-virus could get rid of, or catch it.
Finally my boyfriend figured out that the program I needed could be ran from a flash drive if it was renamed. It wiped out the two trojans causing all the problems.
Now my system is clean, albeit very messily organized. My restore points were all corrupted so I can't do a system restore to quickfix settings. I plan to reformat my computer anyway since its been several years since I last did it, plus some settings I haven't noticed yet may still be causing problems.
Morale of the story? Keep your browsers updated, because they may be the only thing between you and a virus that will wipe out your defenses. Some people from the forums also blamed the Java application for letting it in, which I also never updated. Not only do you have to update it, you must delete all old versions of it since for some ungodly reason the program doesn't do it itself once updated. Keep an eye out.