Picked up a nasty trojan yesterday. Just from surfing the web. Symptons were those fake alerts - “Your hard disk has failed click here to install pro verson and fix” yeah, right
Hundreds of these messages. Explorer showed half of C drive missing. MacaFee reported a trojan detected and quarantine but the fake error messages kept reappearing and Macafee kept saying it fixed it. Couldn’t read the drive from a command prompt to delete the offender.
I backup once a week to an external USB using Acronis True Image Home 2010. Time to see if the rescue cd actually works? After some fumbling and panic that the usb disk wasn’t found I figured it out. Don’t use the wizard just use the standard recovery. I have two drives in the system and back them as two separate disk files. Took a chance and only restored the system disk left the data disk alone.
Started the restore went to bed. It worked! Yay!
I actually noticed this happening a couple of times last week from different sites. In each case Macafee said a new program wants net access. I blocked it, found it, and deleted it. These were all in c:/user/me/appdata/local/temp and came as a pair of exes, one in appdata/local and one in appdata/local/temp. I was able to delete them. But this one installed to C:/Programdata and obfuscated the drive directory so I couldn’t get to it.
I use Win 7 x64 sp1 uptodate and IE9 up to date so apparently the wonderful hacker community has figured out a way to install evil payloads just by visiting a site and clicking on an innocuous video link - at least that’s what I think is going on. MS needs to close the hole and Macafee needs to up their detection and quarantine.