Subj : Re: Roundup: your malware infection stories To : Roger Nelson From : Marc Lewis Date : Fri Nov 24 2017 09:18:15 Hello Roger and All This is a REALLY late reply to this message I just ran across, Roger, but I think my response may prove helpful to some. In view of the fact that considerable time has elapsed since the original posting, I'm going to break protocol and top-post, leaving the original message intact. It may have scrolled off some folks systems by now. My message is a simple: Although Malwarebytes is a good anti-malware program, it is usually designed to work *along with* an anti-virus program and not interfere with that program. It's been considered a secondary, very effective line of defense. Kindest regards, Marc. RN> Posted: July 10, 2017 by Wendy Zamora RN> RN> You hear the cautionary tales all the time. So-and-so didn't have RN> an antivirus in place and was infected with malware. Such-and-such RN> business had limited cybersecurity infrastructure and was hit with RN> a ransomware attack. You think: Sure, but it probably won't happen RN> to me. I'm a safe surfer. I've got good computer hygiene. RN> RN> Turns out, it can happen to anyone-even those who follow RN> cybersecurity news. A couple months ago, we sent out a survey to RN> our newsletter subscribers with the following question: RN> RN> Have you been infected with malware or ransomware? Tell us your RN> story. How did it happen? How did you respond? What changes, if RN> any, did you make to your cybersecurity habits afterwards? RN> RN> We asked, and you answered. We want to thank all who participated RN> and agreed to share their malware infection stories. It takes guts RN> to come forward, but each of your contributions help better inform RN> all of us, whether that's by helping a newbie avoid a rookie RN> mistake or preventing a veteran IT professional from being ensnared RN> by cutting-edge criminal tactics. RN> RN> While there were so many interesting stories to choose from, we RN> decided to pick just a few to highlight infection methods past and RN> present, various types of malware, and different approaches to RN> solving the problem. [Editor's note: These responses have been RN> lightly edited for grammar and spelling.] Without further ado. RN> RN> Cleaning up a floppy mess RN> RN> This was a quite a few years back. A friend of mine worked for a RN> bank as a security officer and the bank gave me this small tower RN> computer for free. I had just started working on computers (had a RN> small floppy disk drive). I could not get it to boot up. I used all RN> my known floppy disks that worked in the past, but still could not RN> get it to boot. So I ran the usual antivirus programs (Norton and RN> McAfee), and lo and behold, they found the virus but could not RN> clean it. RN> After researching the Internet, I found another program called RN> Trend Micro and followed their instructions, making six boot disks RN> on another computer. I proceeded to boot the infected machine. RN> Well, it found and cleaned the virus, which turned out to be a boot RN> sector virus (memory resident). It infects your memory chips as RN> well as the BIOS. I have never come across another virus like this RN> since. And I hope to never have to deal with these new ransomware RN> infections. That is why I use and pay for Malwarebytes today and RN> the past few years. RN> RN> Special delivery: ransomware RN> RN> I was expecting a long-anticipated delivery from Federal Express RN> when a message, ostensibly from FedEx, appeared in my inbox, RN> telling me there was a problem with my delivery. Naturally, I RN> opened it and found that it included a couple attachments. The body RN> of the email informed me that additional information on the status RN> of my delivery would be available in the attachments. Even though RN> both attachments had unusual extensions, I fell for it and clicked RN> on one of the attachments. Too late. The virus encrypted a huge RN> number of files and tagged them with a label called Osiris. RN> Everything was backed up on the cloud so I didn't pay, but it took RN> days to restore my files. The next day, I purchased Malwarebytes RN> and wiped the virus off my system. I should have made the purchase RN> immediately because it takes hours and hours for the virus to work RN> its way through the computer, encrypting files as it goes. It's RN> kind of like cancer: If you start treatment early enough, you can RN> save yourself a lot of misery. RN> Total restore RN> RN> It started with getting a message every morning that I could not RN> send data. I started researching. My virus software was current and RN> not reflecting any problem. My CCleaner would no longer work, and RN> my computer was password protected. But I had virtually been locked RN> out of using my computer. I no longer could change any settings, RN> could not do a system restore, could not go into safe mode, the RN> computer would not defragment-nothing. I could not change network RN> settings; everything had been overridden, and I did not have RN> permission to change anything. Even my email accounts could not be RN> used. Many nights and weekends were spent [figuring it out]. I had RN> to disconnect the Internet so no one could access. RN> RN> Finally, Microsoft recommended Malwarebytes. I purchased and RN> downloaded it. It Immediately found severe Trojans and viruses. RN> Although it was able to contain and give me a little access to RN> things, after consulting with an IT professional, I ended up having RN> to restore my computer to factory condition. I had to purchase a RN> lot of new software, but thankfully I had an external drive which I RN> did not keep hooked up to the computer where I had saved all my RN> important documents and pictures. Malwarebytes got me back on the RN> road to recovery, so to speak, and I shared my story and RN> recommendations to others. RN> RN> Navy files for ransom RN> RN> I was infected with ransomware a number of years ago when I was the RN> national president of a US Navy organization. My whole computer was RN> corrupted, and they sent me a link with instructions on how to RN> recover my files. I notified the FAA about my problem, and they RN> said do not pay. I called Microsoft for help and they wanted my RN> desktop at their shop. They had it for 10 days. I had been backing RN> up my system weekly, but kept my external hard drive on. I lost the RN> files, but hope to recover them someday. I since backup weekly but RN> unplug and turn off my new hard drive. I also purchased RN> Malwarebytes on the recommendation of my computer guru, who has 35 RN> years of computer experience. BTW, the instructions were to RN> purchase bitcoins from Europe. RN> RN> Rage against the ransomware RN> RN> Roughly seven years ago, I got hit by ransomware. Everything, even RN> the restore files, refused to load. It was everywhere and was RN> demanding money. I had no idea what to do and neither did anyone RN> else, including a computer expert. It was completely hopeless. My RN> despair, grief, and rage over what had been done to me for no RN> reason was useless against it. My wife at the time had not been RN> hit, and she researched online to discover an answer recommending RN> Malwarebytes. We followed the steps, and Malwarebytes wiped it out RN> in less than one minute. Ever since, I have been a firm believer in RN> Malwarebytes, and every computer I have had since then has used it. RN> The peace of mind knowing I have the most powerful and, in my case, RN> proven cybersecurity money can buy means my computer is one thing I RN> do not have to worry about. RN> RN> Social media psych-out RN> RN> I was on Facebook watching video a friend posted. Then my screen RN> went to a Microsoft page and said you've been infected with the RN> Lazarus virus. At the same time, my phone rang. The web page asked RN> if I wanted to talk to specialist, and before I could click it, the RN> voice on phone said, "I'm from Microsoft, and we have taken over RN> your computer. Let us fix your problem." RN> RN> I shut down my Facebook and did a free Malwarebytes and Avast scan. RN> But it was too late: They had compromised my tower computer. I then RN> took it to my computer expert. He installed a new hard drive and RN> instructed me to buy Malwarebytes. He installed free Avast. I have RN> no idea how they got my phone number or name. No idea how all this RN> happened, but it wiped out all my sites and financials. RN> Roku scam RN> RN> I have a Roku device on one of my TVs, and I installed a second RN> device on the TV that my wife watches most of the time. I was RN> having problems with the installation. (My fault, as I had RN> mistakenly covered the sensor, and the unit was not responding to RN> the remote.) After changing batteries with no results, I decided to RN> call Roku. I got a number from Google on my cell phone, and hit RN> dial. Instead of dialing the number listed, another number was RN> dialed, and I got an operator (with a very hard to understand RN> accent). She directed me to go to my computer, as she said that the RN> problem was not with the Roku device but in my computer network. (I RN> should have known better). RN> RN> The operator then directed me to let her have control of my RN> computer to see what the problem was, and soon stated that the RN> computer was infected with ransomware. She showed me a screen that RN> supported her claim that ransomware was present. She then told me RN> that it would be $149 to fix the problem, and when I was hesitant, RN> she told me it would be over $1,000 to fix it if I let it go. I RN> hung up the phone and called a person who helps with IT problems, RN> and he told me that it was a scam, and that I needed to run my RN> Malwarebytes program to make sure that nothing was infecting my RN> computer. RN> RN> Fortunately, nothing was found. I also figured out my problem with RN> the Roku, and it is fine. However, this goes to show how dangerous RN> the environment is and how easily an unsuspecting person can be RN> fooled and taken in by one of the scams that are out there. RN> RN> Karma chameleon RN> RN> One time, I got one from an email. Now, I usually am safe from that RN> vector, but I had just installed WhatsApp earlier that day. The RN> email, from everything I could see, seemed to legit come from RN> WhatsApp. They were supposedly testing a new version of the app RN> with video calling, and when I looked through the news, rumors RN> abounded that they were actually doing that, and indeed as time has RN> shown, they were. So, it looked totally legit from every angle I RN> could find. I downloaded the file and installed it. Suddenly, my RN> default search provider changed in all my browsers (Chrome, RN> Firefox, Opera, IE, and Edge) to something I've never heard of RN> before or since. I tried to Google search the provider, but all RN> search engines other than them were now blocked. I looked them up RN> on my phone and found out it was part of a virus. Oh boy, what have RN> I done now? RN> Now the infection was in high gear, popping up error messages RN> through Windows itself, telling me each of the programs I had open RN> was allowing virus traffic through and closing them without my RN> choice. Then it stopped allowing me to open any program. This RN> included Malwarebytes. (Or so they thought.) RN> Eventually, it really went nuts and restarted the computer to RN> install a rootkit. I got it to start up in safe mode without RN> networking in case it was receiving instructions from somewhere RN> else. This did slow it down for sure. Then I pulled the trump card: RN> Malwarebytes Chameleon mode. It opened a help file instead of like RN> a program. It found the culprit, including the rootkit. It got the RN> whole infection in one go. I was almost back. This time when I RN> restarted, I did so in safe mode with networking. Then I opened all RN> browsers and removed the new homepage and search engine, setting RN> them back to how they were supposed to be. No trace left of that RN> malware. Thanks, Malwarebytes. You earned my money that day for RN> sure. You saved my bacon. RN> RN> RN> Regards, RN> RN> Roger --- timEd/2 1.10.y2k+ * Origin: Sursum Corda! BBS-Huntsville,AL-bbs.sursum-corda.com (1:396/45) .