Tim Makins: September 2010 Archives
My computer recently suffered from a Rootkit virus attack. The first that I knew of it was when my Avast Free Antivirus program, which runs constantly in the background, began reporting virus activity. Not just one, but fifty one virus reports were collected in a couple of seconds. Examining the logs, it appears that the culprit was the Win32:Bubnix-J and the Win32:Bubak viruses. Before I knew it, I had lost my Plug-and-Play facilities, and my entire sound system. Some action was needed, and in a hurry!
A little background: I have been involved in computers for more than 30 years. I used to design 8-bit computers and their operating systems, then moved on to PCs when they became available at a reasonable price. I am therefore familiar with the ways of computers, and have become quite good at spotting actions that, whilst small, are not quite correct and may indicate a greater problem that is either occurring now, or is likely to occur unless something is done. After a while, you develop a sixth sense to spot a computer when its going wrong, though I'm more than happy for an Anti Virus program to catch events first. I'm currently using Avast Free Anti Virus, which I like as it has a facility to do a Master Boot Record (MBR) scan when the computer next starts. Is Avast the best of the bunch? This is a very good question. There are a variety of Anti Virus programs available, and in the last fifteen years or so, I have tried quite a few of them. Symantec/Norton, and McAfee - both very good, but not free, and apt to 'take over' your computer in their eagerness to do their job. I had plenty of problems with both, then plenty more when I tried to Uninstall them.
AVG was one of the earlier free Anti-Virus programs, but a did a very bad job at everything it attempted to do. Hard to configure, hard to operate - I quickly had enough of this, though these days it continues to have a loyal following. Perhaps they know something I don't? Or maybe they just haven't tried any other programs. I finally called it a day when an AVG insisted that an infected computer had no viruses in it, despite very strange symptoms. I uninstalled it, and loaded Avast from a free computer disc supplied with a magazine bought in New Delhi, India, where I happened to be at the time. The program quickly detected and eliminated the virus that AVG refused to say was there.
I have stuck with Avast Free Anti Virus program since then: I guess this must be about 5 years, which is pretty good going for an Anti Virus program, free or otherwise. However, the other morning, as mentioned above, Avast started to report a string of Rootkit viruses, and although it seems to be blocking them all, it doesn't seem to be able to eliminate the source of the attacks in the computer. These Rootkit viruses are devious bits of code!
A Search for advice produced a list Anti-Rootkit programs, including an offering from Trend Micro. I have used products and services from this company for quite a few years: initially their Firewall Testing program, then later on, their Online Anti Virus-elimination service, 'HouseCall'. This will scan your computer even if you have no Anti-Virus program installed at all - I have found that it is a very useful service to know of when trying to help friends and relations who's computer has suffered a Virus attack and needs urgent action, though you must have a working Internet connection to use it for the first time.
Trend also supply a RootKit Virus Buster program, so on the strength of their past results, I downloaded and ran it (installation is not required). The program reported a large number of infected files, including some that I use quite regularly. They were mainly images (png and gif), pdf documents, and some web pages (htm and php). The program then offered to 'Delete Selected Items' which I did with a heavy heart, not sure if all were backed up elsewhere. However, it did not delete the files completely as expected, but, in some way, disinfected them. Is the program telling the truth? It doesn't find the same files on a subsequent Search, so something may have improved, but the RootKit Virus is still on the computer, as Avast reported the next morning as it stopped a further 10 files executing.
It is easy to assume that all Anti Virus programs do much the same things, and that they can all locate and destroy the various viruses winging their way around our computers, hidden or otherwise. Some personal experience and some recent research shows that this is not the case! I found a very useful website which lists the results of a variety of tests that it has conducted using Anti Virus programs from most of the major players. Looking at their results, I noticed that Panda came out on top, so I went to their website to investigate what Anti Virus products they provide. There are no free Anti Virus programs on offer, but they do have an Online virus program, similar to Trend Micro. I tried the Panda Active Scan, and it located 40 Tracking Cookies, but didn't find any new viruses. Its only recommended course of action for an infection was to purchase the full program, which wasn't very helpful if you were someone with an infected computer who was starting to panic. Its a great marketing tool, though.
Back to the www.av-test.org results, and I saw that Trend Micro doesn't do so well as the average, with a result of just 2.5 out of 6. Still, their HouseCall program still seems as useful as ever, and performed better than the Panda program, removing some viruses that it found, which the Panda program hadn't. I also downloaded the latest version of LavaSoft's 'AdAware': a program with a long-standing reputation for getting rid of various types of Malware that other Anti-Virus programs miss. The latest version has a hefty 130MB download and takes ages to install and update itself, but did find and deal with some virus problems that the others had missed.
Will this be the end of my current Rootkit Virus attack? Time alone will tell. I'll stick with Avast as my main Anti-Virus protection for the moment: they seem to be the best of the bunch for catching active viruses in my experience, and the program has proved itself to be user helpful and frequently updated, without being too invasive on the system. It is obvious, though, that no one product can be relied upon to fully protect a computer, and the sensible user will take advantage of a range of programs to ensure that their computer continues to operate despite all that the internet tries to throw at it.
