Stinker of a Computer Virus – or whatever that was

The following is an email I sent to a friend whose wife calls him The Professor because he knows a lot about a lot of things. He gives us computer advice and we had been communicating about a virus or some bit of malware we had on our computer. His son had one that mimicked his anti-virus program and wouldn’t let him uninstall the program or do a system recovery either. AdAware found the problem and removed it. I never found anything that would fix mine. I’m putting this on my blog in case someone else has Zone Alarm warnings about something that you think it shouldn’t warn you about – like your anti-virus program that is not new. Or, if you get a notice telling you your Microsoft firewall is turned off and you didn’t turn it off. Computers don’t just do things without a command from somewhere.  So, here’s the email:

Ricky did a system restore back to March 31, 2010, but he said it didn’t tell him some programs would be taken off, and others put back, and then reboot, like it should, so he didn’t think it worked right. He did that last night after – Yesterday it was on because he had been playing games. I walked in the room and there were two warnings from Zone Alarm telling me something wanted access and said they were new programs. It was part of Avira – according to the names of them – but we had Avira on there long enough that it shouldn’t come up as new. (That was our anti-virus, along with Panda Cloud after we took AVG off.) Anyway, I guess when the firewalls kicked in on this thing, it turned them off just like it did before when it also turned off Panda when it was saying AVG needed to reboot. I think it didn’t matter that I didn’t click OK because it just turned the firewalls off.

Anyway, there are 3 ways to take it back to “new” and Ricky said it wouldn’t do two of them. We’re glad it would do the third. Recovery Management wouldn’t come up so he could restore through the operating system and when he went to change the boot sequence so it would read the disk, it didn’t show the options it was supposed to show so he could do it. He said nothing would move. He had to do the hard drive recovery. He had to use the administrator password to do that. I guess the password is what kept the virus from messing with that option.

I don’t remember what all I ran trying to find this thing but nothing picked it up. If I knew how to tell when a file was not where it should be located I may have been able to get rid of it, but I bet it would have taken out a bunch of good files when it left. It was a real stinker!

We’re going to use Avast!, Panda Cloud, and Zone Alarm this time. I remember when I was working I used Avast! and it would stop a page from loading if I went to a website that wasn’t what it was supposed to be.

So, this is our saga. And I hope a couple of cowboys win the Amazing Race tonight!

Thanks for the info you sent.

ADDENDUM: Well, shoot! I thought that race ended tonight…