Connected: Rogue software hid user settings
Share with others:
Over the years, I've been in a position to give helpful advice to friends, associates and readers about what to do when malware strikes -- and I've been giving a lot of it out lately. But it has been many years since my own computers have been infected (to my knowledge) by malware -- until two weeks ago.
While searching the web, I ended up on a website that was infected by a rogue anti-spyware program. If it seems counter-intuitive to you that somebody can be attacked by anti-spyware, it is; but this was a rogue program masquerading as anti-spyware. As soon as it happened, I knew it. On my screen, an unfamiliar window popped up telling me I was infected by a specific virus, and that I needed to clean it from my computer. But the screen did not have the markings of my installed anti-virus software; so it had to be fake. Trying to get it off my screen led me to a website that wanted to sell me anti-virus software. Talk about deceptive sales practices! First they infect; then they sell an antidote.
My first move, of course, was to run my standard anti-virus software -- in this case, it was Microsoft Security Essentials (MSE) -- and MSE found two infections, which it immediately removed. Well, that's immediate considering how long it takes to scan a 300 GByte disk -- that is a few hours. When it was complete, the malware was removed and I had my system back -- sort of.
The problem is that while MSE removed the problem files, it did not restore the system to the same state as it was in before the infection.
The rogue software had made it look like I was a different user -- removing my desktop photos and settings, eliminating my programs from my start menu and generally making the system unusable because I couldn't easily reach any of my applications or files.
Being in the middle of a stretch of longer-than-usual workdays, I decided to use my laptop until I could allocate several hours to fixing my desktop system from this mess.
Two weeks later, when I finally got the time to dig into the system, I started by making calculated guesses as to what could be causing the ongoing problem -- from being logged in as the wrong user (which is what it was made to look like) to trying to see if there was something different about the files and applications that were missing.
After a while, I figured it out -- the files and applications were hidden. But the solution to making them visible to me and usable was a bit more difficult. So for the next hour, I painstakingly found the missing files, figured out how to unhide each one and get them where they needed to be.
The good news: it worked. The bad news: it was slow and tedious and far from complete.
On a whim, I Googled for answers to my problem, and found a wonderful program called Unhide at a website called bleepingcomputer.com. After checking out to make sure bleepingcomputer.com was legitimate, I downloaded it and ran it. Twenty minutes later, my system was almost to my original state. Unhide had found and restored 406 shortcuts and desktop items that I had missed.
If only I had known about Unhide earlier, I could have saved several hours and a lot of anguish. For such a simple free program, it offers a great deal of impact for somebody who has been infected like me or who has inadvertently hidden files that he really wants to see.
First Published July 8, 2012 12:00 am