Removing Malware: Part 2

navlinks Malware

Since work was called off last week, I had forgotten about the troubles of two weeks ago until I logged onto my work machine this morning. At first all seemed to be okay — the computer was slow, but that was nothing really unusual, at least at startup. However, halfway through the day I noticed certain words on webpages had a double-underline, and a popup appeared obnoxiously when you rolled over it with the cursor.

At first I thought this was the usual suspects, another of those sites that serve ads from keywords it thinks you would be interested in, before it began to appear on my company’s site as well, which was when I realised this was simply a continuation of the troubles from a fortnight ago.

Welcome to Part 2

One of the options of the pop-up was a question mark, which I decided to click to try and figure out what I was dealing with this time. This led me to a ‘Help’ page, with an option to ‘opt out’ of the ad-serving. Sure enough, the double underlines disappeared after I clicked it.

Surely this was too easy?

I clicked back to the opt-out page and made a note of the name which the possible pop-up extension had identified itself as, It didn’t appear as an extension in my browser though and I no longer had any toolbars installed, so I thought it definitely must be something else.

Going through Control Panel again and to Install/Uninstall Programs, sure enough I discovered a new program had appeared called ‘Savings Bull’ despite not downloading any programs that day, which clicked with the suspicion that this was a continuation of last time. I selected this new program and tried to Uninstall it with little success.

SavingsBull PUP

Antivirus and Malware Removal

It was at this point I decided I should download an antivirus program, and downloaded Microsoft Security Essentials which failed to notice anything was really wrong with the system (my second failure today!). Regardless, I realised at that point I’d been naive to trawl across the internet without installing an anti-virus in the first place. I was lucky I had gone so long unharmed.

Using a Mac for just the past couple of years had made me complacent after next to no troubles. It is effortless in comparison to maintain a Mac.

One site I’d consulted during this process had suggested SpyHunter as a means to identify and remove Malware, but after a ~3 hour scan that detected over a hundred threats (ouch), it demanded that I buy the program in order to remove the malware from my computer.

While I did not have the funds to do so, I did glean some interesting information from the software in the form of what malware and PUPs had infected my machine and what they sought to do:

Mixi.DJ hijacks your browser, search results and uses aggressive marketing strategy to turn visitors into customers.
Adware Helpers
Adware Helpers block setting reversions attempted by users who want to recover their settings after they are hijacked by other add-ons. Adware Helpers are usually installed with other software that hijacks your browser, search results and uses aggressive marketing strategy to turn visitors into customers.
Adware.Savings Bull, Adware.WeDownload Manager
Savings Bull and WeDownload Manager are adware programs that can automatically display or download advertisements to a computer. These advertisements may appear in a pop-up window, web browser, toolbar or within an ad-supported program. Adware often comes bundled with freeware such as games, emoticons, file-sharing software or scrensavers. These may track your web browsing habits, sites visited, ad usage information, and transmit that data to third parties to deliver targeted advertisements to you for other advertising and marketing purposes. In addition, the data collected by adware like these are generally non-identifiable, in other words, you are not personally identified during the collection of information. Although these may not pose a serious threat to your privacy or security, it may have some side effects like slow computer performance and annoying pop-up ads.
PUP.Level Quality Watcher, PUP.Mobogenie, PUP.Optimizer Pro, PUP.PassShow
Level Quality Watcher, Mobogenie, Optimizer Pro, PassShow are possibly unwanted applications. They use a large amount of system resoures, even when idle. By default they are configured to start automatically alongside Windows.

After various attempts to remove SpyHunter and Savings Bull where at one point the computer was so unresponsive I had to force restart it, I eventually removed both programs and obtained MalwareBytes, a program I have experience with in removing malware before. Fool me once…

When I left work this evening, I left the computer on running a full scan so we’ll see if we return in a couple more days with another saga of Kiri-removing-malware, or if this will be the end of this unfortunate story — at least for a while.

Lesson learned, don’t go downloading free programs without installing some form of antivirus or other protection first. That and the fact that I prefer working on a Mac so much more it may be difficult to adapt again to using a Windows machine for work. Windows by day, Mac by night, so they say.