Retarded viruses
- October 10th, 2007
- Posted in Fixes . Viruses
- Write comment
Twice in 24 hours I've come across "WinBudget" which is some garbage BHO (filename matrix.dll) that gets installed somehow. A few of our customers who don't even venture that deep into the internet (and I know for a fact they don't surf porn sites or download pirated software) got infected by it somehow. I'm guessing it might have been an Outlook/Outlook Express/Internet Explorer zero-day exploit or something.
That was ridiculously easy to remove using RogueRemover and Spybot, but neither were able to find the odd infection left behind:
If you search your drives for folders called 'bak' you may find backup copies of executables from several popular software packages such as Adobe (several products), Nero, Apple (iTunes and Quicktime), Incredimail, Realplayer, Java, and even Norton Antivirus. If you move the contents of each bak folder to its parent directory and overwrite, the infection is gone. Thanks, stupid virus, for making backup copies before infecting files.
The best way to find these folders is like this:
Start > Run > cmd.exe (to get a command prompt)
dir /a /b /s bak
You'll get a list of affected applications. Go into each 'bak' folder and move whatever is in there one level up.
cd bak
move *.* ..
(yes you want to overwrite)
Thanks, WinBudget, or whatever the fuck you are.
Edit: I also found out that WinBudget sticks one or more entries in Internet Explorer's trusted zone list. One is called whataboutadog (dot com) and one is whataboutarabit (sic) (dot com).
Yea, I've run across that one before I think. Quite a while ago. Such a nice thoughtful virus! It's interesting how little damage viruses/spyware do anymore other than spread themselves and send spam. The havoc that could be wrought is mind boggling. But there's no monetary gain in that (other than for fixit people like us).
How can you not like a polite malware author? It's almost like they feel guilty for jacking up your computer.
You know that conspiracy theory about PC repair shops creating viruses to stimulate business? I can honestly say that it isn't the case at our shop. I could totally do without another virus, ever again. There's plenty of other more interesting things that people break that I would prefer to fix.
Apparently WinBudget does create popup ads and hijack search results for monetary gain. One customer was in here explaining that Britney Spears appeared holding a rubber phallus.
Hi,
Next time try using SuperAntiSpyware which can be found here:
http://www.superantispyware.com/
If you not familiar with this package that give it a test drive. It seems to be very good at removing stubborn malware.
Regards
Simon Zerafa
Simon's PC Services
heh, just ran into this virus yesterday
another customer I know for a fact that doesn't surf on naughty sites
perhaps came from ads on an "OK" site
another reason i use firefox w/ adblock & noscript
also, does anyone know what this uniblue registry cleaner is? I have a customer that said kim commando said it was good (ya right…)
aren't all of these registry cleaners just junk anyways?
midas: My response regarding Uniblue RegistryBooster.
'You know that conspiracy theory about PC repair shops creating viruses to stimulate business?'
I heard the one that Microsoft intentionally created defective software so that they would encourage people to attack it with viruses. As a result they would sell more of their upgraded and patched versions of Windows…
"Never (automatically) attribute to malice that which can be adequately explained by stupidity."
I added "(automatically)" to make it more precise. Sometimes it really is malice, but not usually.
Honestly it would be such a waste of time to product viruses for local shops, and they wouldn't get past most firewalls unless you wasted hundreds of hours. Doesn't make sense, computer repair companies are busy enough with the regular viruses and malware floating around.
Computer Repair Lincoln Ne
Thank you for the helpful post. Especially liked the instructions on how to move a whole directory of files up a level. Never had to do this, so it was something new for me.