The malware triple cocktail

I have always prided myself on being savvy enough when browsing the web to avoid things like viruses and other malware.

I’m not so confident anymore, after I got hit with the triple cocktail of Virtumonde, Smitfraud, and Worm/Downadup.

The first sign of trouble was when Firefox started randomly opening unrequested web sites.  It turns out that this was the action of the vile Virtumonde.
I turned to an old standby, Spybot Search and Destroy.  It found the Virtumonde, but it couldn’t seem to clean it up.  After many cycles of clean/reboot/rescan, I finally gave up.

I scoured message boards for information on removing this foul beast.  There are specialized tools like VirtumundoBeGone and VundoFix that claim to be able to do a better job, but I had no luck with those tools, either.

Finally, I figured I’d try something new, SuperAntiSpyware.  Always the skeptic, I read as much as I could, and it seemed to be reasonably legit, and at this point, I had little left to lose.  So I downloaded it, ran it, and sure enough, it found and cleaned the infections!

OK — so after this frustrating experience, I decided to make sure that my machine was free of viruses; I had just read some frightening information about the Downadup worm, and I wanted to rest easy.  So I grabbed the latest AVG and ran it.  I couldn’t believe it when I saw that I had a Downadup infection!

AVG automatically quarantined the Downadup worm.  One componet was a DLL named msdxal.dll.  AVG moved that to the Virus Locker, and then when it was done with its cleanup, it prompted me to reboot.  That’s when the fun started all over again.  Every single executable that tried to run reported an error “Unable to locate component”, referring to the missing msdxal.dll.  Some apps would actually launch anyway; others, like Firefox, could not run at all.

Needless to say, I was about to pull my hair out.  But I found a message board post suggesting that a user try this command:
The scanner came up and took about 20 minutes to scan the system.  It didn’t report that it was doing anything, but it must have, because the error messages are gone.

I am very close to dumping Windows entirely.  I use a MacBook at work, and if they weren’t so expensive, I’d replace our two WinXP laptops at home with a pair of Macs.  Windows always seems to be a ticking time bomb, and I got lucky this time.


Leave a Reply

Your email address will not be published. Required fields are marked *