Published by William; Sydney, Australia
In our house, we used to share a computer. I had Spybot - Search & Destroy and Norton Antivirus installed on it, and I became the scanning boss since my parents barely knew how to click a mouse. After about a year, I discovered "DriveCleaner" in the program manager window. I tried uninstalling it, got an error, then saw the progress bar roll backward fairly fast. At least these malware people have a sense of humor.
But then: My computer was exceedingly slow and gave me constant pop-up problems. Stress session. I tried looking up fixes for this on the Web, but I believe it infected hosts.dll, as the search came up with more variants of DriveCleaner, which I didn't realize, so I installed them anyway.) "Please pay to remove 3,960 infected items." I was so stupid and desperate, I did.
Stress attack. Angry relatives. Internet banking now forbidden. I burned everything to a DVD and reinstalled Windows. Of course, lovely Dell supplied our computer with Windows XP Home Corporate, and did I mention the DVD had auto-run? Stress attack. Actual nightmares of virus.
I reinstalled again and this time, disabled the auto-run registry key. Whew. Then I took about a month to reinstall the drivers, as the small spectrum of default colors just didn't cut it.
Now I've got a new computer with ZoneAlarm, Avast, and Spybot - Search & Destroy installed. Soon I'll get AVG and McAfee Site Adviser (for Firefox or Internet Explorer) as well. Throughout the entire scenario, I thought the infection was my fault. It turns out my father had a close call with DriveCleaner, and you can guess what happened when the truth came out.
Stress. Relief. Dramatic arguments over not telling me. My dad got me to remove his Windows account and create it again. This seemed to damage the Trojan heavily, but it was still there opening ports for its nasty friends to come and play.
Realizing you're not solely responsible for a catastrophic computer meltdown is an immeasurable relief, but don't let yourself off the hook yet, William. Although your pop may have been the first in the family to fall prey to the rogue antivirus app, don't forget who also bought the ruse, paid out, and lost Internet banking privileges, not to mention a portion of the contents in that account.
Your most fundamental weakness in this episode wasn't the malware per se, it's that you allowed yourself to get panicked and lazy. Had you been calm and proactive, you could have compared DriveCleaner's phony prognostication with a second opinion, and not grabbed at the first seemingly-solid repair option that was dangled in front of you. These mal-intended apps prosper by scaring you into action, and the more clear-headed you are, the less likely it is you'll succumb.
You also would have seen by running an Internet search that DriveCleaner is a no-goodnik that makes security vendors' malware list, including Symantec's, Norton's publisher. And DriveCleaner is twice damned by LinkScanner Lite and McAfee Site Advisor, which both assign the link blaring red "stop" signs. In the twisted justice of search engine optimization (SEO,) DriveCleaner's site is also the top slot on Google, which may mislead some users into thinking it's safe.
At a time like this, it would be prudent to remember that as an ultraindexer, Google reflects what's live online, but doesn't vet it. CNET blogging partner Michael Horowitz's recent article has just the pithy example.