|
Just thoguht I'd post a warning here, but I'm sure a lot of people have got burned.
I needed a copy of AviPreview for an XP machine, so I went on google and did a search for "avipreview". The first thing that came up was the website "www.avipreview.com" and thinking it was the offical site , I went there and downloaded Avipreview 0.26a. My virus scanner, Grisoft AVG Free 7 pick up on the trojan when I tried to run the program, but unfortunately, it did not appear to stop the infection.
The next day on first boot, there was a strange pause during the boot process after the windows welcome screen. It hung for a minute or so, and when it finally did load, the start bar crashed, and whenever I got an error, I also got a system beep from the internal speaker (I didn't even know my machine had an internal speaker until then). The quick launch bar had been switched off and key programs, such as system restore and windows installer, now did nothing when launched. AVG and Spybot had been nobbled, AVG being unable to complete the update process and Spybot reporting crc errors on dectection core updates (language files updated fine).
I went back to www.avipreview.com and found the website had changed to lots of Eastern European looking language, and a small passag ein English which said something like "I thought I'd tell you all that the version of Avipreview you got from here was a trojan". I thoguht "I've been done". I went into recovery console and found in the windows root directory a file sneakily labelled " avipreview.exe", with an space at the begining of the word to make it difficult to delete. I just put the whole word in quotes and it deleted easily. I'm not sure if that removed the infection, but unfortunately, I also discovered in recovery console that several key files (such as installer) had been zeroed.
I still got the strange pause on reboot. I gave up on the idea on being able to cleanse the problem, and I've started a recovery install from the original XP cd (where you press R when you get the option to do a fresh install or recovery install). I've no idea what XP does on a repaired install, and there is every chance the machine may be still be infected. I'm just hoping it will give me enough time to get in there get system restore started and retreive any old system setings. I've got a feeling the trojan might have deleted them all.
Anyway, I'm in the process of reinstalling now, so I report back on my sucess or non-sucess. I'd like to know what is really going to be done about people that think its clever to do these things. I'm sure the original coder would be gutted to know his very smart piece of free software is being abused in this way, particulary from a very legit domain.
If I got hold of the trojan maker, I bet he'd wish he was inside of a horse's backside.
|
