The short story of how I managed to get a friend out of troubles in fours days of battle against one of the most dangerous Internet threats of the moment: Internet Security 2010, a malicious software that takes control of your PC pretending to defend it and then forces you to reveal your credit card data.

Sometime people get into troubles they can’t get out by themselves and it is always a pleasure to be able to help them when you have the specialized knowledge to do it. These are the times when you fully appreciate the value of what you know and give it back.

As I mentioned in a previous post, a friend of mine was attacked last week by a program that would not let use her computer any more unless she provided her credit card information that was then going to be transferred over the Internet to some fraud organization. Windows was completely locked and she was not able to even open a program or access any file.

No way or removing the offender with conventional means also because she had let sit on her computer for two or three days and in the situation had gotten worse every minute that went by after the first infection.

She was in a horrible situation since she had just arrived to Clearwater from Italy and was planning to stay her for several weeks and needed her computer to stay in touch with Italy and run her business from here. Most of her data were in the computer and she couldn’t just buy a new one: she needed the Italian version of Windows and also all of her data.

Call in the expert

A common friend referred her to me since she knew I have an extensive background in writing about computers, so she in came in my office and I immediately understood it was not going to be easy: the machine was completely inaccessible. She was desperate: her business was going to stop and she was also afraid that some private vital information had been stolen and sent over the Internet somewhere.

I immediately got to my computer and started browsing for a free antivirus that would allow me to clean her computer without loading her own operating system, since the infection had gotten to Windows itself.

I found a collection of them in this page: http://www.techmixer.com/ and downloaded the four of them and proceeded to create on my computer four DVD, each containing one of the antiviruses. It took me a while because the programs I was using to burn the DVD were not behaving correctly. Finally I found a free copy of Nero 9 and that did the trick: I got my four DVD’s.

So I placed the first one in the computer and had to fight a little bit to get the machine start from the DVD instead than from its own hard drive. The viruses had gone deep enough that would even prevent me from doing that: every time I was trying to boot from the DVD, they would send redirect me toward the network as if I was going to load my computer from the Internet instead.

A quick trick: I went into the BIOS of the computer (the program that controls how the computer works inside and that is accessible as soon as the machine starts) and disabled the network connection all together. Now the DVD worked and I could load the first antivirus, Bit Defender. The scan took 5 hours to complete and removed 59 separate viruses; actually they were not viruses per se but rather trojan horses, that is programs that let other bad programs in your computer, and spyware, that is programs that steal your personal information and send it to some fraud organization.

Day two, the computer is still dead

All pepped up because the first scan had been so fruitful, I restarted the computer and noticed that there was still some odd behavior. My friend calls me over the phone inquiring about her computer: I tell her about the successful scan, but I tell her the war is not over. She is concerned, but hopeful.

So I go back to the battle, shut down her computer and loaded it with the next DVD: F-Secure. This was also Linux based antivirus DVD, like Bit Defender’s, therefore I was sure I could dig deep into any remaining infection. New scan and 8 hours later 4 more malware programs had been eradicated from the computer, for a total of 63.

But this time I knew better and before restarting Windows I loaded the computer with yet another antivirus DVD: Karspersky, it is manufactured in Russia and I know that the majority of malware comes from there so it was the surest approach. New scan: 7 hours later Karspersky has found and killed another 40 malware programs!

This poor lady, in just three days after the first infection by Internet Security 2010, had managed to collect 103 individual malware programs. No wonder the machine was shot. I get her on the phone and she can’t believe the situation could be so bad, now she is really depending on me for the bail out.

Day three, Windows is now fully dead

I do another couple of scans with Bit Defender and Karspersky just to make sure the epidemic is now eradicated. It is, we are on safe ground now, but the infection had gotten so deep that many of the infected files that were canceled belonged to Windows itself and now the computer doesn’t start anymore.

This is a computer running with Windows XP and I happen to still have an original installation copy of Windows XP in Italian so I use it to load her computer from my DVD again and use the Windows Recovery Console. It is a special “fix-up” program you can use to repair Windows when it goes bad on another computer.

The Console loads and fortunately all the data are intact on the original PC, but there is no way to rescue the original Windows: so a new installation is in order, but before doing that we need to backup all the data.

Again the Internet comes to my rescue: Acronis Backup and Recovery provides a tool to recover data from another PC by using their own CD to boot the machine. I load the Acronis CD, connect an external hard disk to the previously dead computer and the back-up works fine. I call my friend and tell her I have saved her data and I am going to reinstall it all, she is now hopeful.

Day four, recovering it all

Now we are ready to bring the original machine to life: I use my own copy of Windows XP to reinstall Windows and when I am done all the content of the original hard disk is intact except for the “Documents” folder which gets erased during the installation..

I copy its original content from the back-up I had done the day before and now everything works fine.

My friend has come to my office this time and we agree that we will install a new complete and authentic Internet Security Suite. I chose Computer Associate Security Suite because I happen to have a free license in my office and we replace her original free antivirus (Avast) that didn’t manage to filter out the offenders because it was missing some key ingredients like the firewall and the anty-spyware module.

One last scan with the antivirus and antispyware we have just installed and Computer Associates finds 11 additional minor threats. They belong to some regular programs that she had loaded before for sharing musing and video over the Internet. We get rid of them and now the machine is fully clean an protected, she recovered all of her data and she will now be protected from major threats. She is extremely happy and I am very proud of the product: it took over 56 hours of scanning and repairing, but everything worked out fine in the end, and now she is also educated about what she should not do.

Here is the lesson I got from this and that applied to any area of business, not just computers.

1. Never feel protected if you have just one protection system, always try to have multiple safety nets.
2.Always test your protection systems to make sure it is adequate.
3.As soon as a possible threat shows up, act immediately as if the the worst is going to happen. Never underestimate a potential danger when it shows up.
4.Find experts that can bail you out of trouble by leveraging your friends. Not only will you save a lot of money and aggravation but you will also learn the mistakes you have made so that you will not repeat them again.

Have a safe continuation of you life travel.

Roberto Mazzoni