Going Closed Source Day 4 - And a Virus!
Posted by: Quintin in GoingClosedSource, Software, Tech, Windows, tags: Fourdaysandavirus, IE8 Addons, whywhywhy, Win7If (Windows Lockup due to Antivirus scan - more on that later) you have not followed this series from day one start here: DAY ONE
My First Virus Alert
And now on to the reason for the title to this post. Last night, just before starting to play scrabble with the family, I decided to install some kind of Adblocking software for IE.
Off I go to the microsoft ieaddons.com to get a download from MS.
ieaddons.com is a portal that allows you to get a stack of addons for Internet Explorer, but beware - tharr be trojans about!
I downloaded Adscleaner, and the moment I clicked “Yes” to install Bitdefender manfully stood up and protected me from being infected. By three files.
- The first Infected File: Adware.Generic.9560
- The second Infected File: Trojan.Generic.677070
- The third Infected File: another copy of Trojan.Generic.677070
Adscleaner comes in two parts, and the first part had two infected files included, and the second part had one.
And it is a “Trial Version”
Nice.
Addblock pro for Firefox is FREE and where Adscleaner was 3.something MB for the installer and who knows how much more MB’s that the installer downloaded - Addblock weighs in at under a meg for FF.
Also Adscleaner is now an installed program instead of just an IE addon.
About This Mornings Windows Lockup
This one I do not blame on Win7. This is Bitdefender doing it’s best to protect me from Viruses by doing a system scan every morning at 2am, but because I suspend my machine it needs to start/continue whenever I log in.
Yesterday was fine, but today it caused me to need to put down my laptop and wait fifteen minutes before I could use my mouse again.
I wonder if it is a combination of my laptop coming out out of sleep and BD running that has caused this? Probably.
The last time I had a lockup like this was in Linux while I installed Win7 in Virtualbox.
Maybe I should start logging lost productivity time due to things like this…
Those IE problems
Right, a friendly user pointed me to skype as a possible culprit for my constant IE lockup problems (fifty two yesterday) but the only addon I had until then wasBitDefender.
I will investigate this further today.
07:56
The BitDefender Scan finished, and again those two trojans showed up. Here is an excerpt from my scan log:
Overall scan summary
Scanned items : 65173
Infected items : 4
Suspicious items : 0
Resolved items : 4
Unresolved items : 8
Password-protected items : 8
Individual viruses found : 3
Scanned directories : 29700
Scanned boot sectors : 11
Scanned archives : 3
Input-output errors : 93
Scan time : 08:34:47
Files per second : 2
Object Name Threat Name Final Status [System]=]C:\Users\Quintin\AppData\Roaming\Microsoft\Windows\Cookies\quintin@afrigator[1].txt Cookie.Gator Deleted [System]=]C:\Users\Quintin\AppData\Roaming\Microsoft\Windows\Cookies\quintin@statcounter[1].txt Cookie.Statcounter Deleted C:\Windows\SysWOW64\ci0-SiKernel.dll Trojan.Generic.677070 Deleted C:\Windows\SysWOW64\SiKernel.dll Trojan.Generic.677070 Deleted
Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0×4a5bca42Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0×4a5be02b
Exception code: 0xc0000374
Fault offset: 0×00000000000c6cd2
Faulting process id: 0×82c
Faulting application start time: 0×01ca44cbf7217a0f
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 85a53bdf-b0bf-11de-9e06-001377e3a18f
And
Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0×4a5bca42Faulting module name: BTCommon.dll, version: 12.0.11.29, time stamp: 0×49146a48Exception code: 0xc0000005Fault offset: 0×0000000000006f2f
Faulting process id: 0×82c
Faulting application start time: 0×01ca44cbf7217a0f
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Program Files\BitDefender\BitDefender 2009\BTCommon.dll
Report Id: 856fac26-b0bf-11de-9e06-001377e3a18f
If I take the report from the second error it seems that BitDefender is the culprit here. Hmm…
Tooling through the system logs I find that BitDefender has caused severral problems. Kudos to those of you who suggested BD could be the issue! How to fix it? I could uninstall BD, but that would leave me without AV etc, so I will first look to update it. More on how that went later.
So I started planting flowers in the garden with my daughter and did not blog again for today. Reag on for DAY FIVE
Stumble It!
Entries (RSS)
[...] Closed Source Day 2 Going Closed Source Day 4 - And a Virus! » Oct 03 [...]
I would say get rid of IE, but a more useful advice would be: contact their support, they’re very nice and willing to help; I once had a trojan and although it took a while and they sent me some stuff, it is now completely out of my system.
nice blog!
Caroline
Hi Caroline
I mailed our contact with Bitdefender support, let’s see what his solution is…
It took you four days to contract a virus? I think my record is “during install” (haven’t even had a chance to install AV yet - it died approximately 5 seconds after entering the network details before first reboot - ie: AS SOON AS IT BROUGHT UP THE NETWORK). Install without a network connection you say - domain controller says I. How do I know it was a virus? Well, clamav after attaching the drive to a Linux machine (seeing that the Windows wouldn’t boot).
Regarding IE vs FF … I agree with Caroline, just get rid of IE. Oh wait, you can’t use FF since that’s OSS. Crap dude, seriously, I try and munch off my wrists after just being in Windows for ~5 minutes. I really don’t know how you intend to survive 7 days.
Hey Jaco.
I made it past 7 Days! And I am on day 9 and still going strong…