Last night, I went to grab the day’s O&A show off the mininova torrent site. It’s not there, so I run off to the other site that usually has all the shock jock shows (O&A, Ron & Fez, etc) and I’m not sure if I picked up the bug here, or somewhere else; but the bloody computer sneezed…. *sigh* Time to start up the usual clean up and hack tools. Attempt to run hijackthis or MalwareBytes ; and got nothing…. this is gonna be a fun night.
In my task tray, there is a nice new icon, a red dot with an X. Any attempt to click on the bloody thing brings up an “XP antivirus pro 2009” program. This is a fake anti virus program. It hits the browsers, as searches through google, while they pull up legit links and addresses. clicking on them only redirects to some odd search pages – so nothing useful. It would also reboot. So my computer for all intents and purposes is dead in the water.
It is interesting that hijackthis and malwarebytes are not running. I pot up the task manager and watch the processes tab, and then click on hijackthis and malware again. Malwarebytes just runs, and is in limbo; while hijackthis is no where to be found. Acrord32info pops up however, since there are no adobe acrobat programs running, it looks like hijackthis is being restricted and run as acrord32info; how cute. I shut down and restart in safe mode.
Attempts to run the cleaner programs again result in nothing. I take a look in my /windows/system32 for new files created that day, and lo and behold, I find braskt.exe, karna.dat and a few other unsavory things. Deleted. A search for the two files on the machine are done and I remove all instances. Reboot, and the virus is back again. Next up, I rename the hijackthis executable and run it, it runs. Awesome, the bug actually has a redirect to restrict a list of programs from being run. With hijackthis up, I find the karna.dat problem and delete it, there isn’t the braskt executable so this is odd. Malwarebytes still refuses to run. I grab ccleaner and try ti install it. Nothing. I rename the setup file and it runs. Executing ccleaner, I find the braskt executable, but not the karna.dat. Damn, the little bug is pretty bloody savvy; I’m impressed.
It is a good thing I have a second computer as all my research and software downloads were done using the second computer. The desktop was just dead in the water. So in safe mode it stayed. After running ccleaner and hijackthis, the computer was restarted, and the red dot with the X was still there. Running hijackthis and ccleaner; braskt and karna returned. Oh goodie, there’s a rootkit too. And now it’s back to the drawing board.
Time to bring out the relief… SDfix was called up from the bullpen. Downloaded from my useable machine and then put onto the desktop, the program was run. Following the instructions from the above link, and once rebooted, the lovely red dot and X are now gone from the task tray. hijackthis and ccleaner are run, and nothing unusual or suspect is turned up. Malwarebytes is executable now, and set to scan.
All said and done, the little nasty buggers were removed and the computer is back to normal. It was a bit of a pain in the ass as the damn bugs are getting pretty impressive with a higher intellect. The battle between good and evil wages on; and balance is once again restored to the force.