I don’t know how I managed to get infected with malware, let alone this little beast (details about Antivirus 2008).
Some crazy things it managed to do to Windows XP:
1) Open itself up with a window that looked like a cross between a Microsoft product and Spybot Search and Destroy (a program I use to manage malware infections). It appeared to “scan” the hard drive for “infections” and proceeded to find 800+ infections (yeah right).
2) Remain open/active despite repeated efforts to close
3) Add gross desktop shortcut icons to porn-themed “applications” and then warn me about the “legal” implications of having them on my hard drive. God, I’d hate to be a n00b right about now.
4) Use the balloon window to inform me about “viruses found” (ala above screenshot)
5) Literally take over IE, in that any time I’d open it, I was confronted with several pop-ups prompting me to purchase “Antivirus 2008” to save my computer (blackmail anyone?)
6) Changed the desktop background to a warning message that says “Virus Detected!”. I liked my desktop background. This is pissing me off.
7) DISABLED THE TASK MANAGER! Why in god’s name would windows permit such an action, but somehow CTL-ALT-DEL resulted in a window with a disabled Task Manager button.
8) Unlink Explorer action: Somehow they managed to prevent Explorer from handling the directories – a double-click on the C drive resulted in a “How would you like to open this file?” dialog. For a freakin directory. And of course you can’t assign “always open this with explorer”. So each time I wanted to open a new window I’d have to call Explorer directly and type in the location. Sigh. This is not looking good.
9) Disable the Tools->Folder Options->View preferences screen in that “Show Hidden Files and Folders” was permanently disabled and unchangable. Presumably to hide its internals.
10) It changed the freakin “AM/PM” somewhere in the Windows language files to read “VIRUS DETECTED!!!”, so the taskbar time read “3:30 VIRUS DETECTED!!!”, and all the timestamps on my files as well. WTF? Why on earth can an application in XP possibly do this?
11) Bonus Round! It was horrible, but I had tools dammit! I managed to open Spybot, did a scan, and removed some items it found. Some couldn’t be removed, so it restarted to run on startup. The startup scan was interrupted by a Blue Screen of Death. Holy shit! We’re losing the battle, men! I’m beginning to think this sucker will force me to reinstall. So I forced the machine to hard-restart.
On next boot, good ol Spybot started scanning again, and sent me to a BSOD again. Crap! However, this time I waited a few minutes (to pout a little I guess) and the BSOD disappeared. WTF?? The freakin malware/virus actually EMULATED A BLUE SCREEN OF DEATH in an attempt to force me to restart in the middle of the scan (presumably by some background process that invokes the faux BSOD to get me to hard-reset the computer and therefore stop any scan that was delaying boot-up!!)
I wish I could say that I was successful in killing off this monster. I was eventually able to cut off its head by removing its main DLLs (thanks to Spybot and a tool called Unlocker), but I couldn’t seem to undo some of the underlying damage it did (like the annoying AM/PM change). So I just did what we’ve all become too accustomed to doing: reinstall XP.
To this day I can’t figure out how I got infected. I’m usually very careful about these things, don’t open attachments, and keep up to date on my Spybot checks. The only oddity was that I had JUST uninstalled “Avast! Antivirus”, a free antivirus program. Though the timing was suspicious, I hesitate to implicate them, as no one else has mentioned this and they come highly recommended, but I don’t plan on using that product again, just in case! A more likely case was that it was on my memory card when I returned from Peru, because I’d used it in an internet cafe there.
But I ask again: How did this little program possibly obtain enough permissions to make such fundamental and extreme changes to the OS and settings? Yeah, I’m planning on moving on to OS X someday soon to avoid this chaos in the future. But aren’t we all?