Musings From My Heart's Canvas...

Now i knew i had not updated my antivirus for quite sometime..and i was always careful of the websites that i used. Most of the websites i would browse would be some or the other shopping sites or some blogs. I would be careful enough that if any website looked suspicious or kind of cheap...i would immediately close it. That morning i remember i had downloaded some tamil movie songs...though i was not very sure if the website i used was suspicious or not. But when this security warning showed up on my system, i totally believed that my Windows XP was getting infected or was already infected! The only way i knew i could remove it was by using my McAfee antivirus, which is a powerful antivirus. I tried accessing McAfee and ran a quick scan, unfortunately it said my DAT files on McAfee were 11 months old and some viruses might not get detected. I ran the scan anyways cuz that was the only option i had i thought! As expected, the scan did not detect anything. And by now i had some more popups on my system which looked something like this!

It said scan now...and whenever i did a scan it would again show the same results as were shown in the first scan. And i had no clue how the first scan got triggered at all...i was on the verge of believing that something malicious had infected my system and my Windows XP was just trying to save itself by using the XP Internet Security services. If i clicked on the Update now option it took me to a webpage which did not look something very trustworthy. It was neither XP's home website nor some other trusted site like microsoft.com etc. And over that it said buy the FULL version protection for 49.99 USD for 1 Yr subscription. I tried restarting my system thinking this must be something that came by mistake and will go once i restart...but alas...some more popups came this time...more dangerous and scary ones than before! Anyways it was almost time for me to go to the church so i left my system the way it was and went to the church.

When i came back i rebooted my system and again the same things happened. This time i switched my wireless network connections ON and tried connecting to the internet. The connection was successful but as soon as i double clicked my internet explorer icon, there was another popup from Windows Firewall saying that XP Internet Security services has blocked this operation to save your system from further damage! and a System Hijack popup saying some tracking software was detected and my computer is at high level risk. And another popup saying that worms and trojans are currently infecting my system files in the background and i should update my XP internet security immediately(Recommended)!! Finally with all the popups and security messages my poor laptop was looking something very similar to this!

All this was way too much for me to believe that there was no hope for my laptop anymore. I tried using control panel and tried seeing where and how did this XP Internet Security thingie ever come from cuz i had never seen it before. I thought to myself how about uninstalling it altogether from the add/remove programs option of control panel! but alas i couldnt find it in the list of installed programs. I started to wonder if XP is really providing some sort of security why does it have to charge me for that? and anyways the website to which i got directed everytime i clicked "Update Now" did not look anything that i could trust. i wouldnt mind spending 49.99 USD for a good protection of my system, but somehow a thought kept striking me that may be its all fake...may be some virus is only showing all these fake scans! Anyways as i knew i couldnt do anything as even my browser was not allowing me to open any webpage i thought i rather switch off my system than trying to infect it more! My system definitely was looking very pathetic!

Day2: Monday: Usual nitty gritty of a hectic monday at work. I call up my brother to find out if he could help me with anything regarding my laptop. his first suggestion...why dont you buy a new laptop, you can get good ones for 400-500 USD. And then he says do one thing, format your system. copy all your data in your harddrive and format your system and then reinstall XP. I have never formatted my laptop till date even if its about 4 Yrs old! Anyways i thought i'll give it a try. So i go back home and check for free space in my 250GB external harddrive. This harddrive has so many movies and F.R.I.E.N.D.S seasons and pictures and songs in it, it had only 10GB of free space! My Laptop's C drive had about 63 GB of used space...i filtered out my necessary stuff from the C Drive and still it was about 30GB! And a little while later i thought let me see if i can make some space in my external hard drive! and guess what!! even that was infected now! whatever files i clicked it said file is corrupted and cannot be opened! Now this was the limit. I disconnected the external hard drive from the laptop and tried doing whatever i could. I opened the control panel, it denied from opening saying system/32.exe is corrupted! I tried opening my windows firewall, it denied from opening! almost all my files were not opening! I tried opening songs in my C Drive, and nothing played! I thought may be all Windows files will not work but the other applications should work! so i rightclicked on one of the songs and chose the open with option. i selected VLC player for playing the song. It said file is corrupted and cannot be opened! I was in utter despair...i thought i lost all the songs that i collected in the last 4 yrs! i was too sad and just shutdown my system.

Day3:Teusday: Office work was going on as usual. I was still tensed thinking about my laptop. I had anyways made up my mind to buy a new laptop and was searching deals on HP and VAIO ones! i couldnt believe that i had to pay about 1200USD to get a good one. i definitely dint want to buy just a workable one, i thought if i am making an investment let me make a good one. just then my office phone rings, one of my friends calls up! After talking the usual stuff to her i told her about my laptop, she said arre change your user. just delete the existing user and create a new user and give all the administrative powers to that new user, all your popups will go! She said she had faced exactly the same problem last year! I was damn happy that i found something that will work! went home happily, couldnt wait to try what i had discovered. At home i tried clicking the users in the control panel, it denied from getting opened! again the same crap of being corrupted etc etc. i switched off my system and restarted it in the safe mode. I couldnt believe my eyes that the XP Security Center warnings were coming even in the safe mode! I was sure its not a virus, it really is a valid warning from XP. Anyways i changed the user here and restarted my system. unfortunately nothing major happened. The same popups were still present and everything was still the same. Now this was the 3rd day i hadnt checked my mails. I was just too tired to do anything so i went to bed without trying anything new.

Day4:Wednesday: Today i was determined to stop by J&R shop in downtown NYC and buy a 1TB external harddrive and take a backup of my files so that i can buy a new laptop. But i was sure that my external hard drive will also get corrupted like everything else. but i thought i can always run a scan with a good antivirus later. I checked my Bank Of America balance every now and then to make sure that any tracking software had not stole my internet banking password! I thought i will buy a registered version of McAfee antivirus later and keep my new system good. I had little too much work in office so i couldnt really think much about my laptop. But suddenly a strange kind of relief was there in my heart and mind. As if i was sure that this problem will get resolved very soon. Went back home and tried opening IE from the "Program Files" option. luckily this was still working and greater thing was that IE opened the default page. I immediately went to McAfee to update my DAT files. but unfortunately the update failed on my system. again the same popups came and all i could do was shutdown my system and watch TV and go to sleep. I was somehow just not bothered about my laptop anymore and i knew it will be fine soon.

Day5:Thursday: I was doing my usual work, was sending reports and other stuff at work. Suddenly i wanted to know how and where did the XP Security thing came to my system! I never knew it was present in my system, and if it was legally from XP why was it asking me to pay for the update? So i went to Google and typed "XP Internet"...i was about to type XP Internet Security center when suddenly Google gave its automatic options like "XP Internet Security 2010 Virus", "XP Internet Security Virus Removal" etc etc. Just then i thought oh so this is actually a virus?? IS IT? i went and checked the results from "XP Internet Security Virus". There were elaborate explanations with screenshots exactly similar to what my laptop was showing. I read and realised that what i got as warning in my system was actually a fake warning! XP Internet Security is actually a misleading internet security application created in the tradition of Rouge security program. XP Security Tool 2010, XP Defender Pro, Vista Security Tool 2010, Vista Defender Pro and many more like this, are actually new rogues that are exactly the same programs. They are just shown with different names and interfaces depending on the version of windows that it is run on. This Malware pretends to be an update for Windows installed via Windows Automatic Updates. This parasite has a characteristic to automatically scan your system once your computer is started. This is done without the user's knowledge. Immediately fater the Fake scan, the malware shows many fake warnings stating your computer is at risk and is infected. The aim of the fabricated scan results are to make users lose his vigilence and get into trap by paying small amount for "Full" version of XP Internet Security 2010. The warnings are all fake and actually your system is fully safe. You just have to remove the parasite from your system as soon as possible cuz the parasite itself even if it doesnt harm your system much, paves the way for a lot of other trojans to enter your system. It installs itself as a single executable called AV.EXE that uses very aggressive techniques to make it so that you cannot remove it. First, it makes so that if you launch any other executable, it instead launches the XP Internet Security tool. If the first program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch Firefox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last but not the least, when you try to browse to a website it will hijack your browser and state that the browser is a security risk and will not allow you to visit it. After reading so much about the virus on the net i was sure all this was exactly what had happened to my system and i was now determined to remove it. I read the elaborate step by step removal guides on Google and followed the one which i felt was the most dependable one. Went home, first of all visited microsoft.com and downloaded Windows Security Essentials and ran a scan. It found a couple of trojans and i removed it. Next i removed Security Essentials and installed Windows Defender. The scan found a couple of more trojans and worms and i removed these also. atleast my syatem was much better now and almost all the applications which had been detected as being corrupted now opened without any problem.

Day6:Friday:Usual weekend mood day at office. I wanted to search for options of removing the XP Internet Security Virus for good from my system. Found some useful stuff on Google. Went home, downloaded MalwareBytes AntiMalware software for free. This is believed to be an amazingly effective software in removing Malwares like XP Internet Security and any associated trojans etc. This software should be downloaded on your desktop. Next i downloaded the RKill.com software. This Rkill is a small freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. RKill is avilable in 4 different extensions .EXE, .COM, .SCR and .PIF File. The reason why RKill is available in 4 different extensions is because some malwares like the XP Internet Security, will block .EXE files in an attempt to prevent you from running other malware removal tools. Then i ran a quick scan using the RKill and that detected some 3-4 trojans and EXE files which it terminated and removed. Finally i ran a scan with MBAM and it removed any final traces of any trojans or worms that might have entered the system with the XP Internet Security Rogue. I restarted my system and i was happy that everything in my system was working good and well.

So that was the story of my one week long struggle with XP Internet Security Virus. I was amazed that the Malware and Virus world has become so smart that they are capable of fooling you into believing Fake stuff. It has advanced so much that there are fake warnings which will actually look so real taking the names from real security programs, that its very easy for anyone to fall for them. I was fortunate that i did not buy any "Full" version of any software that they were offering. I am happy to know that i was suspicious enough to doubt the validity of the website that opened when i tried to update the XP Internet Security. The very fact the update version was not free was enough for me to suspect its authenticity and not to buy it. Just hoping that this piece of information in my blog will be useful for someone who might get fooled by this Fake Security Warning.