Cautionary Tale: Computer Hijacking, Extortion, and Sh*tware

Many of you have seen my requests for computer help. I got a lot of help, and I thank you guys for that very much.

Something interesting happened. Have you heard the stories where hackers with custom viruses and worms disable your computer and you have to pay them a ransom to get them to un-f**k your computer? That happened.

I gave up on Greasy-Fast Pig (hereinafter "GFP"), by the way, swapped drives and loaded the OS on the good drive. As soon as I connected to the internet, odd things started to happen. First, I couldn't connect to Norton. Every time I tried to go to Norton or Ad-Aware or Malwarebytes for security programs, my browser dropped me and said it couldn't connect--yet I could connect to Drudge, etc., basically anything not security related. I got a download from the helpful people at Norton on OVERKILL, another computer. But once on GFP, Norton couldn't connect for verification and said my system was unsupported. Absurd. It is supported. So I googled for Norton help, and got a whole Google page of Norton results. Most, if not all, said I could call any time. So I called. The guy searched my computer and said he found a worm, Koobface, and that he was not authorized to fix it. He also said Norton couldn't stop it. He said I'd have to talk to a certified Microsoft Windows technician, and, guess what... they just happened to have one right there in the office.

That made me suspicious, and by then I'd already given them access to my machines. Anyway, for another $250 dollars, he could fix GFP. They had two other pricing plans that were even more. They put the hard sell on me for about 30 minutes. It was obviously a scam.

They are a sophisticated bunch. It turns out that entire page of Googled Norton search results I saw was fake.

Apparently the worm or virus is in my network. So I'm re-formatting and overwriting the drive on GFP. By the way, I told him that would kill any virus there. He said it wouldn't. I guess they get a lot of dumb people on the phone.

So here's what I'm doing: If it's in OVERKILL (and not really affecting it at all. btw), I have to do my work on GFP with OVERKILL off--and after resetting my router. Then, I can connect with GFP and avoid the redirects, etc., get my Norton up and running, and load the other security programs I want.

Here's the kicker. At one point I used a 15gb thumb drive to load Norton, Malwarebytes, and Ad-Aware. That worked, although I couldn't finalize and verify with Norton, as I've said. I've reformatted that thumb drive a dozen times. It takes about 4 seconds. This time I when I hit the button to remove the thumbdrive, I kept getting a warning I needed to reformat before pulling the drive out of GFP. That was odd. But I did. The "reformat" went on and on and on.... In other words, it seemed more like it was loading a program than it was reformatting.

So. I believe I have a copy of their shitware. I've contacted Norton. One would think some security firm would to be interested in that thumb drive.

What's the lesson? It's hard to say, because many of the programs I downloaded to fix GFP were from geek sites, and they were fantastic. Some apparently were not. On one of these downloads, I didn't read the fine print and downloaded something called AVP Secure Search (or something), a search thing you can use in place of Google and the others. But I started looking at what was downloaded. It was hellware. It was an Enormous amount of garbage that had nothing to do with browser searching. I plucked that stuff out by the roots in my registry, but I'm pretty sure I missed a .dll file or two.

Anyway. If you go looking for boot fix programs and the like, talk to someone and find out who is reputable. That's it. This Trojan rode in on one of these fixit programs, and now I have nothing but headaches. And it's exhausting trying to fix this stuff.

My last worry: I hope their worm doesn't have a way to load itself into some chip or something I can't clean with reformatting and overwriting.

Related: Never pay the ransom. Also, call the FBI. It says they're interested in cyber/computer crimes.

posted by rdbrewer at 06:47 PM

| Access Comments