The Virus Warriors Ride Again

Back in January 2010, I wrote about the virus-warriors of Chennai — Microsoft’s Consumer Security Support team. Yesterday, I had occasion to call them again. They’re still awesome, though the phone access isn’t as good as last year.

(And they’re a refreshing counterpoint to the irritating call-center interruptions from Dish Network…)

I knew something was wrong when I went into my Yahoo email account a couple of days ago. The list of emails in my inbox looked fine, but when I clicked on one entitled  “Meeting next week?” instead of the expected note from my friend, it was spam. I presumed it was a Yahoo glitch, and carried on.

But when I went to Google, it was clear this wasn’t just any little glitch. The same thing was happening with my Google searches. They were getting hijacked to evil sites like “Ta*zinga” and “add*edsuccess” (The asterisks are mine. Just to be safe.)

So I ran a full scan with Microsoft Security Essentials. A couple of hours later it came up with the culprit: a Trojan called Tracur.Gen!B — which it said it had removed.

It hadn’t. My Searches were still being hijacked, and another full scan gave me the exact same result: Trojan:JS/Tracur.Gen!B

TIME TO CALL MICROSOFT

This time, I knew to go directly to Microsoft’s Security people for help. (I couldn’t get to the forums in any case, with all my searches being redirected.) They’d been winners the last time, the young people in Chennai. I emailed, got my support case number and the phone number to call. The last time, I’d gotten through almost instantly. Not now. Instead, I got put on endless hold of music and commercial messages. I gave up. Night- time would be better.

Around 10 p.m. I got through much faster, to “Jason”  who was possibly Jaisingh or Janak, I don’t know. (Or may even actually be  Jason. ) I explained the problem, then told him that the last time, it had been Kaspersky’s tdsskiller that fixed the problem.

This is more powerful than Kaspersky,” Jason told me. I visualized a videogame screen, Tracur and Kaspersky battling it out in armor with swords. My best bet, he thought, would be to run MRT (Microsoft’s Malware Removal Tool) and then call them back. It would take several hours, he said. So I ran it, and it took several hours, at the end of which it showed… nothing. But my searches were still being hijacked.

RAHUL TO THE RESCUE

I called them back, and this time Rahul answered the phone and took my case number. He cut to the chase, sharing my computer, running some searches for and with Bing (I have Google as my home page), and noting how those got redirected. Then he ran Kaspersky. It showed… nothing, again nothing. But searches were still being hijacked. So Jason was right. I pictured Tracur standing with a victorious foot on fallen Kaspersky’s chest.

“How come Microsoft Security Essentials didn’t block this?” I asked, annoyed.  If this problem didn’t get fixed, this machine was doomed to spend its remaining days as an isolated super-typewriter with no internet access.

At this point, Rahul (who still controlled my computer) removed my existing Internet Explorer. “You’ll lose all your cookies and saved passwords and settings,” he said apologetically before he started.

“Go for it,” I said. Who cared about cookies when the searches were being stolen? “Is it a browser problem? I just got rid of Firefox because it seemed to be lodged there, but that didn’t fix it.”

“Sometimes,” he said, a bit doubtfully. Then he downloaded the latest version of Explorer.

And wondrously, the searches were back to normal. It was now maybe 3 a.m., and worth every minute of the time it took.

Thanks, guys! Great job.

(Later, I ran another full scan with Microsoft Security Essentials. This time, it also showed nothing. I have my fingers crossed the machine stays clean.)

###

And yes, my tech-expert friends, I know I should be running Linux. I just find the learning curve a bit too steep…

Advertisements

About webmaster

I'm an international Business Consultant; author of a book called India Business Checklists, and working on a book on doing business in Burma.
This entry was posted in Communications, Doing Business in India, General, Infrastructure and tagged , , , . Bookmark the permalink.

5 Responses to The Virus Warriors Ride Again

  1. K.S. Bhaskar says:

    “And yes, my tech-expert friends, I know I should be running Linux. I just find the learning curve a bit too steep…”

    Another fine piece of self-delusion, dear friend!

  2. K.S. Bhaskar says:

    Just realized that my words could also be misconstrued as insulting. I meant that you sell yourself short in saying that you find the learning curve steep. Sorry.

  3. Dave @softwarecrew says:

    I personally use Kaspersky TDSSKiller and I believe its one of the best at finding Rootkits (which are super hard to find) ( http://www.softwarecrew.com/2011/04/tdsskiller-detects-and-removes-even-unknown-rootkits-in-seconds/ ) and are one of the hardest TDSSKiller Detectors to find.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s