[Ask dotTechies] Best (worst) virus infection stories?

Recently I had to clean the computer of a family member who got infected with a rogue antivirus. That lead me to a semi-good idea: Let’s see who, among dotTechies, has the best/worst virus infection story. To kick this off, I’ll share my story.

Dear ole Dad purchased a product from an online retailer. After he ordered the product, he just happened to get an e-mail from “FedEx” informing him about his recent “delivery”. (The product purchase was a legitimate purchase from a legitimate e-tailer, so the e-mail from “FedEx” was just a coincidence — or so I hope.) Said e-mail had a file attached and encouraged my dad to open the file if he wanted more information about his “delivery”. Little did he know the only thing he was going to get delivered from that e-mail was a rogue antivirus. His computer has been infected before so he recognized the signs and asked me to fix the computer. Luckily the rogue antivirus he got infected with was a known threat so a little Googling and a little work got his computer clean, so it wasn’t too much of a hassle; but boy was I pissed, primarily at my dad who, for being extremely intelligent, does not know jack about technology. Now I keep wondering if the reason his credit card keeps being “hacked” is because of phishing scams my father falls for… (I’ve told him him if he wants to make any purchases online, from now let me do it for him on my computer.)

Okay, so you have heard my story. Let’s here yours. Fire away in the comments below.

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

24 comments

  1. Josh

    Just today, a sales rep for my company called and I logged in to his computer. He got infected by a malware that hid all his files and had numerous popups. Luckily, on his laptop, we installed Bufferzone (a browser sandbox software). I deleted the sandbox and the virus disappeared. I wanted to see the website he visited. It seemed to be a legit site about medical products. Within seconds, it took over again. Again, multiple popups, hidden files and executables got installed without any user intervention. I deleted the sandbox again and told him not to visit that site again.

    You can get infected without doing anything at all except clicking a bad website link.

  2. Liam K

    On my old Windows 98 computer, I had a virus that opened the floppy drive every time I booted up with a message “If your floppy drive just opened, you are infected. Click here to remove” or something of the like :P That was back when I didn’t understand how viruses worked and used IE6… By now I have my antivirus disabled and haven’t gotten anything in years :)

  3. newJason

    Mine occurred Just after an upgrade from Win 3.11 to Win 95. Back then you had to have DOS installed underpinning your windows install. I had probably 200-300 3.5in Floppy discs that I backed up and installed from as that was pretty normal at the time. As I got win95 up and started using all my new cool programs, I started noticing that the screen would occ®ssinally start rea¼ing with stray charäcters that did not ? belong there? . This continued even × in the BIOS ? ?® then my hardware began ?™ to ™™ fail ? ? ? and after many many hours of research and memory scans ect, I determined that there was a dangerous memory resident boot sector virus called Sluggy.32 (that name may be incorrect, i am guessing from memory) This was a real virus as It hooks INT 13h, and writes itself to the BOOT sectors of floppy disks and to the MBR sector of the hard drive. To explain it simply, This code was 16bits of self duplicating, overwriting hell.
    There was no way to clean it, it corrupted everything.
    Monitor, memory, the motherboard, all fried. So, I bought another computer, a new x486 . It was not long before that little laptop was eaten up by this virus infection too.
    But how was It getting Infected?
    I just could not figure it out.
    After 2 more computer failures to this lil son of a boot-sector, I FINALLY determined.. that when you Reformat a floppy disc that had previously been a factory bootable system disc and format it as non bootable non system disc, it is in fact still bootable and this is the source of the of the infection.
    No matter how well you scan and clean your floppies, I was putting in what was supposed to be a data disk and in fact was booting the INT13h virus into my system again.
    So you know those Floppies you got in the mail from AOL, and Copuserve.. I would just Erase them, re-format them and use them… free discs right? Nope, free, but they were factory bootable and could not be erased at the boot sector table, even though Windows reported success and McAfee reported no virus present.
    This was what inspired me to educate myself as to how exactly computers operate, how software is written and coded and how to write my own programs.

    So a few years later i was pretty comfortable writing programs that suited my needs. I was writing a program in Visual Basic that would capture incoming streaming Video data, store it, and then write it to a file that I could play back with a slideshow. (that was how early video started, it was just single images, coming in through a Java object) . Well, VB had to be run in its own enviornmet to test and debug the code. My code had a loop that I forgot to close from the caller. so when I ran it, in windows, It hooked explorer and every directory I opened from that point on, had a copy of itself written inside that directory. LOL. My Hard Drive Ran in an endless loop. That drive literally Burned the enclosure it got so hot.

    After that, I said no more taking chances.
    I got a few small script based malware infections here and there, but nothing serious. I have been Virus and malware free for 6 years now. This is thanks to AVAST and safe and smart computing. That means, I don’t click on something that I am not Positive what it is and where it is coming from. I learned my lessons early on and I think people should have to take a course when they purchase their first computer. Otherwise, you are a sitting duck.
    I got some Yahoo email today that Claimed it was from YouTube, and It said , My videos uploaded and were ready to view, Click here to View them…. Interesting since I had uploaded them a week ago and got a confirmation on the site. and my YouTube account is with google, not yahoo.
    It looked official and the email address of the sender had a youtube domain. But the links led to someplace else. Never click a link in a email.
    Lastly , I was reading the Avast Facebook wall about a year ago, This guy uploaded a screen shot of his scan results, Avast detected 11,420 infections.. LOL even the admins were astounded that his machine even still was operable, and the guy said, what is so funny? is that bad or something? Avast guy said, NO, 10 infections Is Bad, 11,420 ….. i’m speechless…

  4. John A

    February 2012. I was on uTube & got the “XP Anti-Virus 2011”. It popped up
    With a Fake Scan & said to click this button to delete these Viruses.
    It became obvious it was a Nasty Virus. Every time I clicked on
    Anything like a program, internet, file, Norton Anti-Virus, Malware
    Bytes, Safe Mode, it stopped me by running this Fake Scan and
    Would not permit me to use my Computer. The only way to attack
    This horrible Virus was thru an Offline program. It took me 10 days
    To find the right Anti-Virus program. It was MS “Windows Defender
    Offline”. You download it from a clean computer and it burns a
    Bootable Disk ( 32 or 64 Bit ). It works very well and Cleaned up
    My computer. Thank you Microsoft and friends, who told me
    About the Program.

  5. deep bhatnagar

    Well my worst experiences was with “cool web search” which got installed on my system…. I had no clue how it got installed & from then onwards i was left wondering as i was not even able to open google & during those days there were no live CD’s (of windows) & bootable USB’s. So i tried to repair from safe mode but failed, tried to repair windows from windows disc etc. than i researched on it (from different pc) then worked on it via using many AV & AS tools mentioned in various malware removal forums from safe mode. Used utilities like combofix & other similar ones to further clear the traces. Removed the registry entries manually & made sure that it was completely gone. Although it was my worst experience but it is the best experience since than i am not afraid of any viruses and faced many horrible ones like Sality :)

    This experience taught me a lot about viruses, spywares etc. so i suggest that before formatting always consider all options to repair the infected system as it will enhance your understanding of viruses & other malwares. Well that’s it, thanks for reading.

    Regards,
    DSB.

  6. jayesstee

    @Ashraf: I called my partner and wife “Mrs. jayesstee” to explain the relationship. She is very much her own person and strictly speaking should have been “Mrs. emjaytee”.
    Sorry to show my ignorance (it’s a ‘generation’ thing), but what does “LMAO” stand for? Is there a reference site for these abreviations?

  7. Darcy

    My sister claims she isn’t technologically illiterate, she’s technologically antagonistic. Well I had to resurrect her old computer from the dead so many times he friends started calling me “The Jesuit.” Well one day she had a “Windows Alert” pop-up while browsing the Web and her husband told her he thought it was legitimate. He should have known better, bingo the “Thinkpoint” Virus. It’s a rootkit virus that interrupts the startup process and replaces it with a new one. There’s about 5 different versions of it and the more I researched the more I realized – it’s as real monster!

    Since it’s my sister, and she had never followed my advice about backing up – ever, I decided to delete the virus. At that time, maybe even still, there was no AV product that would do anything about this one. I had to interrupt the boot sequence before it took over, go in and manually edit the registry to remove the lines it added, delete the hidden files from the hard disk, then run two separate specialty programs before I could enter safe mode. Then I ran Malabytes and SuperAntispyware back to back followed by her regular anti-virus. Took about six hours for everything to perform their most intensive scans and they came up clean.

    One word of advice if you ever run into something like this, do not reboot until after everything is finished or you will have to begin from the beginning. I knew better but not everyone does. Counting the scans, the entire process took close to 8 hours but this is one of those that will re-install itself if you miss anything so be patient and do it right. If it had been anyone else I think I might have been tempted to restore.

  8. Aaron

    My worst virus infection happened back in 2003 before the Windows XP firewall was on by default and before most people used home routers. So, I hooked up my brand new computer to my DSL modem, went online to download updates from MS, and had a worm (Blaster I think) within about 2 minutes of being online. After completely formatting and reimaging, I turned on the firewall, then went online and all was well. The joy of getting a new computer is quickly squelched by getting a virus.

  9. Daniel Lovejoy

    The worst infection I’ve seen was one that had root-kits, viruses and malware/spyware. Every single file on the computer was infected, all were hidden and the hard drive was full.
    There was no protection in place. According to the customer, his ISP told him that those programs were slowing down his internet and told him to remove it.
    I didn’t charge him for the formatting of the drive, removing the root-kit and reinstalling his OS and programs from scratch.
    I did get the customer service “technician” replaced with someone not quite so dangerous.

  10. tejas

    The only virus I’ve ever had on my machine was back in 2000. My wife handed me a floppy disc for something. Unfortunately, it had the Monkey-Boot Virus on it. ARGH!

    I’ve cleaned up a few computers for other folks, that were so full of malware, and garbage, that I almost told them to stop using a computer until they get a clue.

  11. leland

    It was at a time when I was spending a lot of time in a monastery and I was helping one of the monks with their computers they use. He started to think he knew a lot and decided he would like to try file sharing. I directed him to Kazaa Lite but instead he got the regular version. He installed it and all havoc broke loose. He had work that needed to get done but there was a babe in the way. The babe was some sort of malware he got along with Kazaa. He came and got me and it took about a day to save the monks from the babe. He learned never to experiment with software unless he read up on it before and now always follows my advice. The monastery has never had to contend with babes ever again…

  12. Mags

    Horror Story #2 – This is one that isn’t finished yet, but is similar to Ashraf.

    Problem being my son, it isn’t the first nor probably the last time I’ll have to clean up his pc because of a virus. Some were easy to get rid of and a couple were really nasty and took a lot of work to clean them up.

    My son doesn’t live at home anymore but always calls Mom for help when he gets a virus.

    The latest one is probably a nasty one. This is the first time that he can’t even get into Safe mode let alone Normal mode.

    I have his laptop with me right now since my son is away for the next 6 mths working in BC. So I have time to work on it (when I get the time)

    The last time he used the laptop he was on FaceBook and that was the only place he had been on prior to his problem. So he is fairly certain that is where he got it. However, the strange thing is he didn’t download anything, nor install any new game, all he did was chat with friends, and update his info.

    So how he got it I haven’t got a clue, unless someone hacked into his laptop and did something to it.

    Will eventually post here again once I take a look at the laptop to see what is going on.

  13. Mags

    Horror Story #1 (happened roughly 10 yrs ago)

    This was back when I was using AVG antivirus and Adaware, (before Spy Boot came out) and the reason why I no longer use them!

    This was when I was first learning how to design websites. I was looking for a web design program and found one that was new and highly recommended by many sources, including HP (where I was taking a course in HTML.) I dl and installed the program and started using it. (and yes it was a great web design program) However, shortly after I realized that things weren’t right with my pc, especially when browsing the web. My computer was much slower than normal, and when on the web I kept getting pop up images constantly. No message, just strange images.

    I scanned my pc with both AVG and Adaware in normal mode and safe mode but neither came up with anything. I then decided to do an online scan with McAfee and it found the virus. It was an old virus, nothing harmful other than being annoying, and was easy to get rid of once found.

    I contacted both AVG and Adaware.

    No response from Adaware which wasn’t surprising as they had stopped updating it about a month previously to work on their newer version (which turned out not to be that great either.)

    AVG really annoyed me with their response. I was informed that because the virus was old it was not included in their definitions. I was told I needed to purchase their pro version to be more safe. AND I was informed that I should be more careful about what I download. Excuse me! That is one thing I have always been careful about. I told then no thanks, that if they couldn’t be bothered to include older virus’ in their definitions, what good would that be to me (or others) if I happened to innocently get one again. That is when I went searching for another free AV program and found Avast and haven’t looked back since.

    Anyway, it wasn’t long afterwards that I discovered info on the ‘net about the web design program that I had downloaded and installed. Seems the developers had deliberately put the virus into their program. They lost all credibility and shortly thereafter disappeared from the ‘net.

  14. Bill

    I was asked to help out by cleaning up the computer. I was told the internet wouldn’t open. I suspected a virus right away. Well it turns out the system was poluuted with viruses, software was in place to protect the pc, however, it hadn’t been updated since 2009.

    To make things appropriate difficult for me, our malware experts had effectively eliminated al references to any programs files in the start menu, contorl panel and sys admin tools were gone, TCP IPsec and all of the other critical network services were gone, and when you opened up my computer everything was blank. even in “safe-mode”.

    After using many of the top notch scanning utilties, the only one that got everything was combofix. However the system still required a replace/rebuild of critical system files (SFC, make sure you have the correct cd ) and a reinstall of most of the software that was on the system to get shortcuts and icons back. Due to the fact the most of the software on this system, I did not have the install disks for, I had to fight it out. However, given the ok, I would have started with a clean install in a heart beat. (hours instead of days).

    If only the people who come up with this stuff would put their intellect to good use!

  15. jayesstee

    @PCbasics: Thank you for your “heroic story”. It should be compulsory reading in Schools and all ISPs should insist that all new customers read it before being connected! By the way, could this incident have any connection with your current woes, detailed on: http://dottech.org/forums/tech-support/first-steps-to-recovering-from-a-blue-screen/#p16261?

    My own only (identified) brush with the dark side occurred when I accidently typed “coppers” instead of “coopers” in a fairly long URL. The page loaded and instead of the expected retail site, I had a page of scantily dressed young ladies. I dn’t click anything (honestly!) and I don’t think I ‘hovered’ much. After going to the right web page, I finished browsing and closed the browser. I thought about what had happened, and mainly because Mrs. jayesstee might not have understood my mistake, I opened up Firefox and deleted that day’s history.
    Nothing happened until the next full reboot, then I got the pop-ups, warnings and increasingly less control of MY PC. I used AVG and Malware- bytes’ Anti- Malware and this seemed to removed everything. I still worried and decided to restore to anearlier restore point. Strange, but only one restore point existed (there should have been at least one every couple of days). Guess what, this lonely restore point didn’t work. I got masses of error messages.
    So I finally did what I recommend every one else to do, I restored to my last disc image. The importance of having regular up-to-date disc images has been made elsewhere on dotTech, but always keep as many as your external storage allows. Remember, the last one might have been made after you caught the infection. Three is a good number on the ‘Son’, ‘Father’ and ‘Grandfather’ principle.

  16. Jim Van Damme

    Guy in the next cubicle over got one of those popup fake antiviruses yesterday. It took 2 hours for our “guru” to clean it. I handed the victim an Ubuntu 11.10 disk. I think the next time I’ll have him.

    I cleaned another machine of the similar “anti”-virus a couple months ago, by googling it and finding the executable in the process list thingie and killing it, then finding the same executables (they all had 3 letters in the filename) and zapping them. When I got the popups ended, I could run Microsoft Security Essentials, the only good software they make. It took hours for a full scan, and uses 28 seconds at every bootup, but worth it.

  17. Nelson

    I too have gotten the “anti-virus” pop ups but I was forewarned. Instead of clicking “No” I just shut my browser and then reopened it. My daughter-in-law, unfortunately, did fall for it. We were able to get rid of her infection by use of system restore.

  18. Jeanjean

    Never had a virus so far, I’m probably too cautious.
    So I have no story to tell, but just to add my contribution to the building…..
    I keep on hand (randomly found during my surf) two softwares who “might” also help in such situations (I repeat : I never had the opportunity to test in such circumstances) :
    - to attempt to reach safe mode : RebootSafe (portable)
    - to force the launch of Windows Installer in safe mode (for installation and uninstallation) : SafeMSI (portable). It’s an oldie but a goodie and works on XP, Vista, and Windows 7.
    Good weekend to all !

  19. Prema

    let’s see.
    **True Story**
    Once upon a time, I was on my computer. I was looking through my program files and noticed a lovely Windows XP Anti-Virus (or something)… i ran it, it came up with a BEEPload of stuff and I had to pay for it to remove it. My computer was slow, there were popups coming in every direction. I was frustrated. I looked on the internet, found the solution, and put an end to that Son of a BEEP. Never again will it return and annoy the hell out of me. The End.

    Yep, that’s about as bad as it gets, unless of course right now I have some virus/trojan/spyware, etc. on my computer that is secretly tracking my every movement and capturing my passwords and bank routing numbers and credit card information, yikes that would be a nightmare.

  20. Steven Libis

    One of my clients was infected with a virus that disabled the keyboard and mouse. In normal mode and safe mode. I know it is not a keyboard problem as the keyboard worked to get me into the CMOS.

    I couldn’t figure out how to fix it, so I ended up formatting the hard drive and reinstalling from scratch. This isn’t as bad as it sounds, as all data was saved on the server, and no other computers on the network were infected with this virus.

    :-(

  21. PCbasics

    I had a virus get into my computer with a popup. It was the classic “scanning your computer popup” which looked exactly like explorer on my own pc. As a natural instinct, I clicked stop, and from then on I “installed” a fake anti virus that stoped any activity on my computer. I couldn’t move the mouse or use any keyboard shortcuts. Then, I came on dotTech and my fellow friends here came to my rescue and finally removed that booger.

    Read the heroic story here:
    http://dottech.org/forums/tech-support/antivirus-alerts/