(And they’re a refreshing counterpoint to the irritating call-center interruptions from Dish Network…)

I knew something was wrong when I went into my Yahoo email account a couple of days ago. The list of emails in my inbox looked fine, but when I clicked on one entitled  ”Meeting next week?” instead of the expected note from my friend, it was spam. I presumed it was a Yahoo glitch, and carried on.

But when I went to Google, it was clear this wasn’t just any little glitch. The same thing was happening with my Google searches. They were getting hijacked to evil sites like “Ta*zinga” and “add*edsuccess” (The asterisks are mine. Just to be safe.)

So I ran a full scan with Microsoft Security Essentials. A couple of hours later it came up with the culprit: a Trojan called Tracur.Gen!B — which it said it had removed.

It hadn’t. My Searches were still being hijacked, and another full scan gave me the exact same result: Trojan:JS/Tracur.Gen!B

TIME TO CALL MICROSOFT

This time, I knew to go directly to Microsoft’s Security people for help. (I couldn’t get to the forums in any case, with all my searches being redirected.) They’d been winners the last time, the young people in Chennai. I emailed, got my support case number and the phone number to call. The last time, I’d gotten through almost instantly. Not now. Instead, I got put on endless hold of music and commercial messages. I gave up. Night- time would be better.

Around 10 p.m. I got through much faster, to “Jason”  who was possibly Jaisingh or Janak, I don’t know. (Or may even actually be  Jason. ) I explained the problem, then told him that the last time, it had been Kaspersky’s tdsskiller that fixed the problem.

“This is more powerful than Kaspersky,” Jason told me. I visualized a videogame screen, Tracur and Kaspersky battling it out in armor with swords. My best bet, he thought, would be to run MRT (Microsoft’s Malware Removal Tool) and then call them back. It would take several hours, he said. So I ran it, and it took several hours, at the end of which it showed… nothing. But my searches were still being hijacked.

RAHUL TO THE RESCUE

I called them back, and this time Rahul answered the phone and took my case number. He cut to the chase, sharing my computer, running some searches for and with Bing (I have Google as my home page), and noting how those got redirected. Then he ran Kaspersky. It showed… nothing, again nothing. But searches were still being hijacked. So Jason was right. I pictured Tracur standing with a victorious foot on fallen Kaspersky’s chest.

“How come Microsoft Security Essentials didn’t block this?” I asked, annoyed.  If this problem didn’t get fixed, this machine was doomed to spend its remaining days as an isolated super-typewriter with no internet access.

At this point, Rahul (who still controlled my computer) removed my existing Internet Explorer. “You’ll lose all your cookies and saved passwords and settings,” he said apologetically before he started.

“Go for it,” I said. Who cared about cookies when the searches were being stolen? “Is it a browser problem? I just got rid of Firefox because it seemed to be lodged there, but that didn’t fix it.”

“Sometimes,” he said, a bit doubtfully. Then he downloaded the latest version of Explorer.

And wondrously, the searches were back to normal. It was now maybe 3 a.m., and worth every minute of the time it took.

Thanks, guys! Great job.

(Later, I ran another full scan with Microsoft Security Essentials. This time, it also showed nothing. I have my fingers crossed the machine stays clean.)

###

And yes, my tech-expert friends, I know I should be running Linux. I just find the learning curve a bit too steep…

But that’s not what I want to write about today. Today, it’s kudos to the Microsoft security people based in Chennai.

My computer had been colonized by the Alureon CT trojan, or actually rootkit . I didn’t even know: Norton Internet Security, (which is what I had) doesn’t see it, let alone block it. Then one day, someone suggested downloading Microsoft Security Essentials. It found Alureon CT, cleaned the computer, and then suggested I restart the machine. I did. And within minutes, Alureon was back.  (Norton still showed nothing amiss.)

Rinse and repeat.

The infection explained some weird things that had been happening – like search hijackings, where clicking on a link took me someother-place.com. I’d attributed it to my computer aging and becoming incompatible with updated search engines. The thing is insidious; it keeps very quiet, but  it can steal passwords and make your computer part of a network outside your control.

I also found that getting rid of Alureon was Not Easy. Someone on one forum opined “formatting and reinstallation of the operating system is the only sure way…“

Someone else suggested opening a support file with Microsoft.  “Start here – https://support.microsoftsecurityessentials.com/ and select the link that says I think my computer is infected and then select the support option for phone (or email if phone is not offered for your region).”

So I did. Within minutes, I was in touch with their 24/7 phone help, given a case number and immediate assistance. “Nanda” shared my computer, performed a scan, emptied my temp files and cookies, and pronounced it cured.  But it wasn’t.

I e-mailed him (the engineer who’s been helping you provides an e-mail address) that it wasn’t working, and sent them a link to a particularly dire article on Alureon. I assumed the only solution was to go off and rebuild my computer with much cursing.

Well, Microsoft called back. The case isn’t closed until the problem is fixed. They wanted to give it a second try. This person had actually heard about rootkit infections. “I am going to run Kaspersky’s tdsskiller,” he said.

“I read that Norton, McAfee, Kaspersky, none of them work,” I argued, annoyed. This was going to be another afternoon of rote, by-the-book attempts. “I read that I have to rebuild.”

“Yes,” he said. “But sometimes the people on the forums are not aware of special programs like tdsskiller. I believe we can clean your computer without having to reinstall the operating system.”

I had nothing to lose, so I stood by while “Allan” took over my computer.

What do you know? It worked. I ran a full MSE scan, which took 2.5 hours. My computer was clean. Now, 36 hours later, it’s still clean.

I told my brother, who’s been active in the outsourcing space. “Those young people in Chennai,” he said. “They’re good.”

Yes. They are.

Thanks, Nanda, Alan/ Arul, and all the folks on the forums.

——–

[ETA: Some people still think it makes sense to reinstall the OS even after Alureon has been removed, because Alureon could have allowed undetected malware including keystroke loggers to lodge in the computer. As a precaution, I'm not using this machine for anything sensitive.]