Barney's Blog

Blog archive

Doug's Mailbag: Malvertisement Horror Stories, More

While Microsoft is going after the companies behind "malvertisements," a few of you are fighting the problem directly:

I recently ran into one that had so invaded a computer that when you turned the computer on and it finished booting, it changed the desktop and warned of a virus infection. It locked IE so that the only Web site you could go to was the one for downloading the software to fix the problem. To make it even worse, Task Manager was not available, so there was no way to shut the program down.

During the time the computer was booting up, before the malvertisement loaded, I was able to get to Task Manager. Using the Task Manager, I was able to kill off tasks as they loaded, killing off the offending program. Then I ran SPYBOT Search and Destroy and a couple other spyware and virus scanners to clean the computer off. It took HOURS to get everything working right.

I was browsing my favorite torrent site (the big one that just changed its name). All of a sudden, without clicking on anything other than the normal site links, my computer started to send pop-ups from a new icon in the system tray about the fact that I needed to check my computer for viruses and I should 'click here' to download the latest and best virus scanner. Of course, my first reaction was to head to Task Mangler to end the annoying process. Imagine my surprise when I found that Task Manager had been "disabled by my administrator" (and I was logged on as a local admin on the machine -- you don't have to chastise me about what a bad idea that is). So I tried to get to a command prompt; same issue! I tried to go to C:\Windows\System32\cmd and Taskmgr and found they were all giving the same response. Fortunately, I've run into this behavior before and was able to download the Remove Restrictions Tool, re-enable Task Manager and kill the offending application (I can't remember its name).

Then for fun, I went back and tried to access the same site again. I got infected again! But this time, I spent less time resolving it. However, I did click on the pop-up to see what would happen. It immediately installed some more software, without permission. One interesting note: The offending application was now sporting a different name. And of course, nothing ever showed up in Add/Remove Programs; I actually had to hack the registry to remove it. I have visited this site before and have had a few other questionable re-directions from ads, and then other times had no issues whatsoever. And I have visited it since with no issues (yet). I'll certainly be more careful from now on. I may even start visiting it from a Linux VM, just to be sure!

And here are a few more suggestions for solving synchronization issues:

Agree with John about SyncBack. We use it for Digital Signage to edit text files on a machine while it continues to play script. We can make time, room or price changes immediately without interrupting lobby or cafe images. Other uses, too, and the price is GREAT! Have used it for three to four years.

I have always had a workstation and one or more laptops and always need to keep them in sync. I have tried a lot of different solutions but I have given up on each and return to my old standby: over network folder-level comparison of files using Beyond Compare from Scooter Software. BC is affordable, simple and powerful. I keep everything in my Documents, Photos, Music and Videos libraries and just sync them. I have never bothered to have domain controller at home so I have always used Windows pass-through authentication but recently moved all my PCs to Windows 7 and put them all in the same Home Group.

I run Carbonite online backup to cover me in a disaster. I told them they needed to support multiple PCs sharing the same backup which would be a slick solution for syncing PCs across the Web.

Share your thoughts by writing a comment below or sending Doug an e-mail at [email protected]

Posted by Doug Barney on 09/23/2009 at 1:17 PM


comments powered by Disqus