Facebook Repost 02-07-14

While it looks like my “technical difficulties” are over, it looks like I have another task to add to my “Spring Break Spring Cleaning.” It also gives me a laundry list of complaints for companies, since the start of the problem came from what should have been a trusted source.

One of the programs I trust, CCleaner by Piriform, is used when things begin to act up and viruses aren’t detected. Files do become corrupt, stuff breaks, and this little program does a decent job of finding many of them. Unfortunately, there’s one flaw, at least with the free version: it doesn’t update itself automatically. It detects updates and, like other Piriform apps like Speccy, notifies you that a new update is available.

Unfortunately, whether I made the error by ignoring something or the link I was sent legitimately to a “false page,” the page I that opened to grab the latest version of CCleaner was the FileHippo page. FileHippo’s one of the two links – the other being Piriform’s main web site – to download the program from, so I trusted it. The mistake I made: clicking the wrong “download” link, and running the program without thinking about what it would do.

So what does this cause for a headache? First, it changes all of my browser settings in almost all of my browsers to load a specific search page when either going to the “home page” or opening a new tab. (The one it didn’t change? “Waterfox,” a 64-Bit version of “Firefox.”) Second, because many of these browsers allow for settings to be synced by account, it infected my laptop as well. (Fortunately, it did not affect my phone – though that might be due to the software on the phone catching it.) Third, it also changes my search engine to that search page – and anyone who knows me knows I dislike “Bing” for anything other than Desktop pictures.

The cause of this change: some nice malware known as the “Conduit Virus,” which was installed with a program called “Download Manager,” and that hid a program called “Search by Conduit.” (http://malwaretips.com/blogs/remove-conduit-search-virus/) This link will describe it, and it has more than a few entryways on your system. (http://botcrawl.com/how-to-remove-conduit-search-malware/) This link will tell you why it’s important to remove it immediately. The best part: It goes unnoticed by Norton’s suite available through Comcast. (This is extremely funny, because it also tried claiming that “Mame64,” the 64-bit version of the MAME Emulator I use to play arcade games with, WAS a virus. Go home, you’re drunk Norton.)

Three lessons to be learned here:
1.) ALWAYS grab the program from the main site when possible – and when not possible, don’t download it. (This one would have prevented everything.
2.) ALWAYS pay attention to the installer, EVEN WHEN it’s a program you’ve used before. (This is how they sneak in most of the time.)
3.) NEVER download or install any file when you’re in a position other than “awake” and “alert” – the main reason for my sloppiness was because I was just waking up when I did this yesterday, and just like drunk texting/emailing, this could have been MUCH MORE than a headache.

One additional Gem, IF you’re using Windows 8/8.1: MSCONFIG can be your best friend in situations like this, as I had to get into “Safe Mode” to get to it, and the normal means of access kept crashing the machine. (This is one of the reasons why I added “Windows Re-install” to my Spring Break list.) If you’re in 8.1, right-clicking the “Windows Start Button” on the desktop will bring up a menu allowing you to “run” programs; in both Windows 8 and 8.1, the key-command is “Windows Key-X.” In both cases, type “msconfig” to run it, and once it’s running, pin it to the taskbar.

I will copy and blog this for later, if anyone wants to reference this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s