If the freedom of speech is taken away then dumb and silent we may be led, like sheep to the slaughter.

- George Washington

Wednesday, 9 June 2010

Avast Ye!

Edited to remove superfluous and tedious detail.

I think I have been hijacked. My computer has been behaving strangely recently. Firefox, normally a superb bit of kit, has become unstable and crashes randomly. Today, I realised I had a full browser hijack on my plate. Google wouldn't let me search, as it detected my computer was sending automated messages, and every attempt to go to an anti-virus site resulted in a visit to a gambling den or travel agent.

I have wasted the entire day downloading various bits of software, sometimes using Anna's computer and a memory stick to get round the redirects, and then scouring the hard drive with electronic Brillo to get rid of the unpleasant stains. I think I have succeeded: Internet Explorer hasn't flashed up a window unbidden for hours now, and Google is Googling merrily away.

I'm still not sure what happened, but it looks as though downloading and running an anti-virus program called Avast has done the trick. AdAware, Spybot S&D, ZoneAlarm and CWShredder didn't find anything, but as soon as I ran a full scan with Avast (and it removed three files only) the abnormal behaviour stopped. And (touch wood) it has not restarted.

Update: I wrote the above and then went to eat my dinner, as we Northerners put it. I come back to the lapdog, and Google won't let me search any more, and my queries are being redirected to strange places. I wanted to print off my car insurance certificate and clicked on the Swiftcover link in Google (this was before it threw me out) and I ended up at somewhere called 'Getaquote.com'. Typing in the URL directly did the trick, so it seems only to affect Google clickthroughs.

Back to Avast for another thorough Brillo-pad-and-Domestos session, I think. See you later.

(Coda: Strange. I'm not a prude, but I am quite relaxed about all this as the sites I was being led to were all games, gambling, travel or other bland advertising. If they had been porn pages, I would have felt very differently, I think.)


  1. endemoniada_8810 June 2010 at 01:03

    If it's still giving you trouble, and the problem's managing to return or reinstall itself, I recommend:
    1. If you have a System Restore point that definitely predates this infection, consider returning your PC to that state (http://support.microsoft.com/kb/306084).
    2. If it's not already on, enabling the TeaTimer resident in SpyBot (from Advanced mode) and see if it produces any alerts.
    3. Disabling the Windows System Restore function in Control Panel/System, then rerunning Avast
    4. Seeing what the free Network Associates Stinger tool can find (http://vil.nai.com/vil/stinger) and
    5. Considering specialist help via either HijackThis (http://test.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) or ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). Both are designed to generate reports for submission to helpful forums, but if you're suitably confident, there are online instructions for using them to remove malware yourself.

    If you get back to a state of tranquility, re-enable System Restore and disable TeaTimer, if you so choose.

  2. Try this (http://www.techspot.com/vb/post541380-1.html)

  3. @Endo: many thanks for this detailed reply. I haven't had much success with Windows Restore Points in the past, which is why I didn't do that this time. Things seem to be calm here at the moment, but if the trouble arises again I will do that. TeaTimer has been active throughout. The Stinger and HijackThis will be kept in the locker for further action.

    @Voyager: that's a very helpful page, thank you. I have bookmarked it and will return to it in due course. Meantime, I am running Spybot and Avast alternately while I am elsewhere in the house, and things seem to be OK.

    Many thanks for the help, both of you. Much appreciated.


Comment is free, according to C P Scott, so go for it. Word verification is turned off for the time being. Play nicely.

Related Posts Plugin for WordPress, Blogger...