Roundup: your malware infection stories
 
Posted: July 10, 2017 by Wendy Zamora
 
You hear the cautionary tales all the time. So-and-so didn't have an antivirus
in place and was infected with malware. Such-and-such business had limited
cybersecurity infrastructure and was hit with a ransomware attack. You think:
Sure, but it probably won't happen to me. I'm a safe surfer. I've got good
computer hygiene.
 
Turns out, it can happen to anyone-even those who follow cybersecurity news. A
couple months ago, we sent out a survey to our newsletter subscribers with the
following question:
 
Have you been infected with malware or ransomware? Tell us your story. How did
it happen? How did you respond? What changes, if any, did you make to your
cybersecurity habits afterwards?
 
We asked, and you answered. We want to thank all who participated and agreed to
 share their malware infection stories. It takes guts to come forward, but each
 of your contributions help better inform all of us, whether that's by helping
a newbie avoid a rookie mistake or preventing a veteran IT professional from
being ensnared by cutting-edge criminal tactics.
 
While there were so many interesting stories to choose from, we decided to pick
 just a few to highlight infection methods past and present, various types of
malware, and different approaches to solving the problem. [Editor's note: These
 responses have been lightly edited for grammar and spelling.] Without further
ado.
 
Cleaning up a floppy mess
 
This was a quite a few years back. A friend of mine worked for a bank as a
security officer and the bank gave me this small tower computer for free. I had
 just started working on computers (had a small floppy disk drive). I could not
 get it to boot up. I used all my known floppy disks that worked in the past,
but still could not get it to boot. So I ran the usual antivirus programs
(Norton and McAfee), and lo and behold, they found the virus but could not
clean it.
 
After researching the Internet, I found another program called Trend Micro and
followed their instructions, making six boot disks on another computer. I
proceeded to boot the infected machine. Well, it found and cleaned the virus,
which turned out to be a boot sector virus (memory resident). It infects your
memory chips as well as the BIOS. I have never come across another virus like
this since. And I hope to never have to deal with these new ransomware
infections. That is why I use and pay for Malwarebytes today and the past few
years.
 
Special delivery: ransomware
 
I was expecting a long-anticipated delivery from Federal Express when a
message, ostensibly from FedEx, appeared in my inbox, telling me there was a
problem with my delivery. Naturally, I opened it and found that it included a
couple attachments. The body of the email informed me that additional
information on the status of my delivery would be available in the attachments.
 Even though both attachments had unusual extensions, I fell for it and clicked
 on one of the attachments. Too late. The virus encrypted a huge number of
files and tagged them with a label called Osiris. Everything was backed up on
the cloud so I didn't pay, but it took days to restore my files. The next day,
I purchased Malwarebytes and wiped the virus off my system. I should have made
the purchase immediately because it takes hours and hours for the virus to work
 its way through the computer, encrypting files as it goes. It's kind of like
cancer: If you start treatment early enough, you can save yourself a lot of
misery.
 
Total restore
 
It started with getting a message every morning that I could not send data. I
started researching. My virus software was current and not reflecting any
problem. My CCleaner would no longer work, and my computer was password
protected. But I had virtually been locked out of using my computer. I no
longer could change any settings, could not do a system restore, could not go
into safe mode, the computer would not defragment-nothing. I could not change
network settings; everything had been overridden, and I did not have permission
 to change anything. Even my email accounts could not be used. Many nights and
weekends were spent [figuring it out]. I had to disconnect the Internet so no
one could access.
 
Finally, Microsoft recommended Malwarebytes. I purchased and downloaded it. It
Immediately found severe Trojans and viruses. Although it was able to contain
and give me a little access to things, after consulting with an IT
professional, I ended up having to restore my computer to factory condition. I
had to purchase a lot of new software, but thankfully I had an external drive
which I did not keep hooked up to the computer where I had saved all my
important documents and pictures. Malwarebytes got me back on the road to
recovery, so to speak, and I shared my story and recommendations to others.
 
Navy files for ransom
 
I was infected with ransomware a number of years ago when I was the national
president of a US Navy organization. My whole computer was corrupted, and they
sent me a link with instructions on how to recover my files. I notified the FAA
 about my problem, and they said do not pay. I called Microsoft for help and
they wanted my desktop at their shop. They had it for 10 days. I had been
backing up my system weekly, but kept my external hard drive on. I lost the
files, but hope to recover them someday. I since backup weekly but unplug and
turn off my new hard drive. I also purchased Malwarebytes on the recommendation
 of my computer guru, who has 35 years of computer experience. BTW, the
instructions were to purchase bitcoins from Europe.
 
Rage against the ransomware
 
Roughly seven years ago, I got hit by ransomware. Everything, even the restore
files, refused to load. It was everywhere and was demanding money. I had no
idea what to do and neither did anyone else, including a computer expert. It
was completely hopeless. My despair, grief, and rage over what had been done to
 me for no reason was useless against it. My wife at the time had not been hit,
 and she researched online to discover an answer recommending Malwarebytes. We
followed the steps, and Malwarebytes wiped it out in less than one minute. Ever
 since, I have been a firm believer in Malwarebytes, and every computer I have
had since then has used it. The peace of mind knowing I have the most powerful
and, in my case, proven cybersecurity money can buy means my computer is one
thing I do not have to worry about.
 
Social media psych-out
 
I was on Facebook watching video a friend posted. Then my screen went to a
Microsoft page and said you've been infected with the Lazarus virus. At the
same time, my phone rang. The web page asked if I wanted to talk to specialist,
 and before I could click it, the voice on phone said, "I'm from Microsoft, and
 we have taken over your computer. Let us fix your problem."
 
I shut down my Facebook and did a free Malwarebytes and Avast scan. But it was
too late: They had compromised my tower computer. I then took it to my computer
 expert. He installed a new hard drive and instructed me to buy Malwarebytes.
He installed free Avast. I have no idea how they got my phone number or name.
No idea how all this happened, but it wiped out all my sites and financials.
 
Roku scam
 
I have a Roku device on one of my TVs, and I installed a second device on the
TV that my wife watches most of the time. I was having problems with the
installation. (My fault, as I had mistakenly covered the sensor, and the unit
was not responding to the remote.) After changing batteries with no results, I
decided to call Roku. I got a number from Google on my cell phone, and hit
dial. Instead of dialing the number listed, another number was dialed, and I
got an operator (with a very hard to understand accent). She directed me to go
to my computer, as she said that the problem was not with the Roku device but
in my computer network. (I should have known better).
 
The operator then directed me to let her have control of my computer to see
what the problem was, and soon stated that the computer was infected with
ransomware. She showed me a screen that supported her claim that ransomware was
 present. She then told me that it would be $149 to fix the problem, and when I
 was hesitant, she told me it would be over $1,000 to fix it if I let it go. I
hung up the phone and called a person who helps with IT problems, and he told
me that it was a scam, and that I needed to run my Malwarebytes program to make
 sure that nothing was infecting my computer.
 
Fortunately, nothing was found. I also figured out my problem with the Roku,
and it is fine. However, this goes to show how dangerous the environment is and
 how easily an unsuspecting person can be fooled and taken in by one of the
scams that are out there.
 
Karma chameleon
 
One time, I got one from an email. Now, I usually am safe from that vector, but
 I had just installed WhatsApp earlier that day. The email, from everything I
could see, seemed to legit come from WhatsApp. They were supposedly testing a
new version of the app with video calling, and when I looked through the news,
rumors abounded that they were actually doing that, and indeed as time has
shown, they were. So, it looked totally legit from every angle I could find. I
downloaded the file and installed it. Suddenly, my default search provider
changed in all my browsers (Chrome, Firefox, Opera, IE, and Edge) to something
I've never heard of before or since. I tried to Google search the provider, but
 all search engines other than them were now blocked. I looked them up on my
phone and found out it was part of a virus. Oh boy, what have I done now?
 
Now the infection was in high gear, popping up error messages through Windows
itself, telling me each of the programs I had open was allowing virus traffic
through and closing them without my choice. Then it stopped allowing me to open
 any program. This included Malwarebytes. (Or so they thought.)
 
Eventually, it really went nuts and restarted the computer to install a
rootkit. I got it to start up in safe mode without networking in case it was
receiving instructions from somewhere else. This did slow it down for sure.
Then I pulled the trump card: Malwarebytes Chameleon mode. It opened a help
file instead of like a program. It found the culprit, including the rootkit. It
 got the whole infection in one go. I was almost back. This time when I
restarted, I did so in safe mode with networking. Then I opened all browsers
and removed the new homepage and search engine, setting them back to how they
were supposed to be. No trace left of that malware. Thanks, Malwarebytes. You
earned my money that day for sure. You saved my bacon.
 
 
Regards,
 
Roger

--- PQUSA
 * Origin: NCS BBS - Houma, LoUiSiAna (1:3828/7)