I suppose I could be/should be embarrassed. I do, after all teach seminars on malware. But even I am not immune, and on Monday I found myself with a sinking feeling I have not encountered in a good 20 years. My computer had a serious bout of malware; a virus called Security Scan. The purpose of the virus is to get you to buy a worthless piece of “security” software. The version I had caused not only the initial virus, but numerous trojans and other types of malware on my computer. The critical services.exe file became infected. My computer would not operate properly at all.
Failure
My normal sources for malware removal failed me. My malware checker didn’t catch the virus until after my computer was infected. The malware itself interfered with my efforts to install better software to remove it. And any efforts to disable the virus temporarily so I could turn the virus off completely failed. I had to leave for a short trip on Tuesday morning, so all I could do was get the virus to stop interfering with computer operation before I had to focus on other items. That alone took quite a bit of effort.
More Failure
Upon my return Wednesday evening I continued my efforts to remove the malware. Every piece of advice failed me. My usual resources, malwarebytes, spybot search and destroy, and so on, all failed. Every time I ran a new scan, the services.exe file remained infected. Every time I removed one piece of malware, more showed up. The usually helpful forums on TechGuy and Bleeping Computer had posts on the subject. Their directions didn’t work.
Now What?
At this point, I had a couple of choices. I could have gone back to Bleeping Computer or TechGuy and asked for help. But I knew that would take a lot of time, require installation of trouble shooting software, and analysis of that software by the kind volunteers at those sites. I also knew that with such a serious piece of malware there was always a risk that I would be (a) unable to remove it and (b) uncertain if my computer would ever be secure again. So I made what many would consider a drastic decision. I decided to wipe my computer and start over.
Wipe Your Computer??!!!
To many people, wiping a computer is a terrible thing. It means restoring an image backup (if you have one) or reinstalling the operating system and all of the software. As it happens I don’t have an image backup of my computer, so in my case I had to reinstall the operating system and software. But the computer I own came with a system for an easy factory reset, so this was not particularly difficult. Some people find the idea of reinstalling software to be upsetting, I don’t. I also have the cds or access to all of the software I own along with the necessary codes. All of this means installation didn’t take particularly long. I think it took me less than an hour. I guess I had also better get on that whole image backup thing.
But What about Your Files?
I have mentioned several times that I use SpiderOak to backup my files. There are a couple of ways to restore files from SpiderOak, but they all essentially involve downloading the files and dragging them to whatever location you desire. This can take a little while due to the size of the backup; in my case about 70 gigs. But aside from the time it takes to do the download, SpiderOak was reliable and my files were safe and sound.
What about Email?
I use Office 365, this means my email, calendar, and contacts are all in the cloud. All I had to do, after I reinstalled Office 2010, was to download a setup program from Office 365. The setup program had my email running in moments. Within a few minutes all of my email, calendar, contacts, tasks, down to the folder set up and rules were back on my computer.
Entire Process?
Aside from the time it took to download my files from SpiderOak, the entire process of setting up my computer took me less than 90 minutes. Had I continued to battle with the malware I would have been at it for hours with no guarantee of success.
Conclusion
In the past when I had to take a computer from 0 to go it normally took a full day (or more.) Having access to all of my software in combination with cloud-based backup of documents and email made a complete reset of my computer easy and painless. I now have proof that my advice on backups works. Thank goodness I follow my own advice.