Antara Owners Club banner

A Cautionary Tale

918 Views 1 Reply 2 Participants Last post by  Lazarus
Having recently acquired a new phone, I was copying a few files from the old one to the new one. I noticed a video from the old one was in the .3Gpp format. I wanted to convert it to MP4 or WMV to make it easier to play on different devices.
I googled for video converters and download one that seemed to be coming from a normally reliable website. What a mistake I made.

After installing this converter, it immediately took over IE9 and Firefox and installed weird toolbars and started throwing up dialogue boxes offering to fix the problem if i gave them my details.

This is the first virus I've had in 15 years or more and neither of the AV progs I have detected it on the way in. After running full scans with both of them they still did not detect it. I ended up going through the Registry and deleteing every entry I could find associated with the virus. After many tries and rebooots I finally got back to the state where my browsers were once again clean and I could find no trace of the virus in the registry
Fortunately the computer in question is not my main office computer, so none of my more sensitive details could have been compromised. I am still a bit concerned the infected computer may still contain some hidden code, so I will not be using itfor any business that involves anything to do with financial transactions for the forseeable future.

A close call, but it could happen to any of us. Eternal vigilance is the price of security. It also helps if you are not an idiot and download some questionable software.
See less See more
1 - 2 of 2 Posts
Oh dear, it's a bummer when something like that happens. I downloaded a seemingly clean piece of software from 'CNET' which used to be a safe download site but, now they include advertising spyware in all of their legitimate downloads!

Once you have authorised the program to run, no AV software will flag anything as you have already given the installation program the go ahead by clicking OK or RUN.

It can be fixed but it takes a bit of time. You've already done a registry edit so now I'd take it a bit further.

Here is an example of one route that I recently took. You may have your own preferred methods of course!

Uninstall software using control panel.
Edit registry to find traces of software and delete.
Google symptoms to find any additional hints about affected registry keys/ folders and execute.
Check 'RUN' and 'RunOnce' registry keys to find what is called when Windows Starts.
Run MSCONFIG from the Command Line to check start-up sequence.
Use CCleaner to remove all Internet History and temporary files.
Enter Safe-Mode and run a full Anti-Spyware scan.
Roll back to last known safe point using system restore.
Anti-spyware scan using SPYWAREBLASTER and Norton in safe mode after restore.
Re-check registry.
Run windows normally.

There's a few hours of your life gone eh!?

See less See more
1 - 2 of 2 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.