Computer virus, you gotta love 'em

[Ole Anderson]

Five year old laptop has been acting kind of of slow lately. Then we went to Cedar Pointe last weekend and rented a cabin with wireless. Got home and my computer virtually ground to a halt. Opened task manager and went to performance and saw that the CPU was running at 100% with no programs open. Clicked on resource monitor and saw many rundll.exe programs running with the description com surrogate. Also my permissions had changed so I couldn't download the latest version of Norton Eraser. Not that it would have done any good. I already scanned it with Norton and Speedy PC Pro: nothing. Really debated what to do with this 5 year old computer. Wasn't planning on replacing it for a few more years, so I bit the bullet and paid Norton $99.99 to have a tech crawl through my computer to fix it. They said it would take 60-90 minutes while they accessed it remotely (obviously from India). 4 hours later they declared it fixed. Meantime I left and wasn't home when they finished, so I allowed them to close out the case as they claimed I was now 100% virus free. NOT.

So they reopened the case tonight at 6:15 and finally by 11:30 they seemed to have really fixed it this time. Nine hours, don't think they made any money on that one. The tech said the com surrogate is a very complex virus and it takes many iterations and scans to remove it. Not something you are going to fix yourself. Makes you want to strangle the hackers that think up these viruses, and screw up everybody's life just because they can.

[Chuck Wintle]

com surrogate is not a virus according to what came back from a google search. There must have been another virus on your laptop that was using the process. did norton give anymore details?

[Duane Meadows]

Just a suggestion, that I have found helps. Create a non admin user account and use that for daily computing. Most people run as admin all the time, and a rogue program doesn't have to escalate privileges, as the machine is already running as admin! You will have to put in the admin password to install programs(be sure it is something YOU were installing!) but the inconvenience is worth it.

Create a new admin account, and change your current account to a user account is the easiest way.

[Ole Anderson]

Good idea on the admin account, just changed it as suggested and used a strong password. They explained to me that the "virus" replicates and runs the rundll.com process until that is almost all your cpu is doing. The description attached to the rundll.exe programs is com surrogate. Prior to the cleanup I had anywhere from 80-100 processes running, it is now around 50.

[Duane Meadows]

Yep Ole, some nasty stuff out there! Glad you got it taken care of.

[Tom Stenzel]

Just a suggestion, that I have found helps. Create a non admin user account and use that for daily computing. Most people run as admin all the time, and a rogue program doesn't have to escalate privileges, as the machine is already running as admin! You will have to put in the admin password to install programs(be sure it is something YOU were installing!) but the inconvenience is worth it.

Create a new admin account, and change your current account to a user account is the easiest way.

That's how I've been running my XP box, it's been pretty bug free. Only problem with XP Home(ly) you can't adjust the limited account settings. In my case I'm sure the admin would allow me to use the CD/DVD. There's probably a registry tweak that could fix it but I don't use the drive enough to bother.

-Tom

[Brian Elfert]

User Account Control in Vista/7 helps somewhat with viruses/malware too. Some of the time a virus/malware can't install without a prompt from Windows asking if it is okay to install the program.

[Phil Thien]

That's how I've been running my XP box, it's been pretty bug free. Only problem with XP Home(ly) you can't adjust the limited account settings. In my case I'm sure the admin would allow me to use the CD/DVD. There's probably a registry tweak that could fix it but I don't use the drive enough to bother.

-Tom

If you're running XP, run regedit and change
HKLM:Software:Microsoft:Windows NT:CurrentVersion:Winlogin:allocatecdroms to 1.

[Rick Christopherson]

Viruses are a lot rarer than people think. That's because every time their computer slows down they assume it was caused by a virus, when it was actually just poor side effects of the software they deliberately installed. Anti-virus companies take advantage of the hysteria so they can sell more software and services, just like the $99 charged above.

Geez, as I was typing this, a commercial just came on the TV advertizing MyCleanPC, and showed a graphic suggesting they removed 1180 virus files from a computer.

If it was a virus, it wouldn't have taken the technician very long to get rid of it. What took him so long is that he probably went through and cleaned up all the automatic processes that otherwise legitimate software sets up on the computer whether you use the software or not.

[Ole Anderson]

Viruses are a lot rarer than people think. That's because every time their computer slows down they assume it was caused by a virus, when it was actually just poor side effects of the software they deliberately installed. Anti-virus companies take advantage of the hysteria so they can sell more software and services, just like the $99 charged above.

Geez, as I was typing this, a commercial just came on the TV advertizing MyCleanPC, and showed a graphic suggesting they removed 1180 virus files from a computer.

If it was a virus, it wouldn't have taken the technician very long to get rid of it. What took him so long is that he probably went through and cleaned up all the automatic processes that otherwise legitimate software sets up on the computer whether you use the software or not.

It wasn't hysteria on my part, it was choosing between a new computer and trying a fix for $100 from a well known company. Previously I bought into a $40 fix from Speedy PC Pro, who claimed to be a Microsoft "Partner". I did a little research and couldn't find anything contrary. Yep, they fixed 3500 problems, and afterwards I had 70 processes running rather than the 90 prior to the scan. But when I called with a question, they wanted $200-$300 to do what Norton ended up doing for $100. That is when I became suspicious. The first tech from Norton removed Speedy PC Pro claiming some of my problems were from that program. And so far, so good, my computer is running almost like new.

I believe the issue started when I noticed that Norton messages started popping up stating they had blocked Poweliks and Adclicker viruses.

Here is a typical response to a person with an infected computer: "Hi, Please don't try fixing yourself. From the behavior of the system, it seems there is a chance of multiple infection which bypassed the security shields. I strongly recommend you to visit a free malware removal forum list at https://community.norton.com/forums/...ecommendations . . "

I can't imagine how many back and forths I would have had on such a forum trying to straighten out the problem, when it took Norton techs 9 hours to finally fix it.

[Malcolm Schweizer]

My website got hacked and it crashed my forum (Which, by the way, used the same software as this forum). I discovered that there was a "back door" to the forum software that was fixed in a later version. Apparently I did not update in time. The hack came from China. The only reason to have hacked my site was to try to put me out of business. They got no financial gain from shutting down my site. Believe me, there is a war going on in cyberspace. All my spam attempts came from China and former Soviet countries.

[Rick Christopherson]

It wasn't hysteria on my part,...

If it wasn't just hysteria, what was the virus you supposedly had? If you actually had a virus, the Norton technician would have made a big deal about telling you that you did.

[Scott Shepherd]

Viruses are a lot rarer than people think.

I'm not sure I'd agree with that.

http://cybermap.kaspersky.com

Take a look at the USA (click on it when the map is spinning). #3 most infected country in the world is the USA. I'd say that's a long way from being "rare".

[Dan Hintz]

Let's separate "viruses" from "malware". Malware is what most people run into... surreptitiously installed programs that force your browser to go to a specific search engine, pop up coupon images, etc. Annoying, but they're relatively harmless (other than sucking up precious CPU cycles). Viruses are programs intended to either harm your machine (e.g., deleting files) or steal information (e.g., copying files).

Virus infections are relatively rare, comparatively speaking. Malware infections are rampant (I'm continually cleaning the munchkin's machine of junk that gets installed in the background every time she plays a new game). Removing admin rights to your often-used account is the cheapest (and easiest) method to cut down on malware. Virii are going to get in regardless the vast majority of the time.

The best way to avoid any of the above is to watch where you surf (and turning off ads in general with programs like AdBlock Plus helps everywhere). If you are infected at some point, how valuable is your time and money worth? If you value both as much as I do, you'll reach for a backup CD and load it, wiping the current system clean beforehand. Most virii will be toasted in the process (boot sector/UEFI virii being the exception), and if you are careful in your surfing habits, this should only be necessary once in a blue moon (I've had to do it twice in 10 years (?), and both times were due to work-related activities).

[Phil Thien]

Let's separate "viruses" from "malware". Malware is what most people run into... surreptitiously installed programs that force your browser to go to a specific search engine, pop up coupon images, etc. Annoying, but they're relatively harmless (other than sucking up precious CPU cycles). Viruses are programs intended to either harm your machine (e.g., deleting files) or steal information (e.g., copying files).

Virus infections are relatively rare, comparatively speaking. Malware infections are rampant (I'm continually cleaning the munchkin's machine of junk that gets installed in the background every time she plays a new game). Removing admin rights to your often-used account is the cheapest (and easiest) method to cut down on malware. Virii are going to get in regardless the vast majority of the time.

The best way to avoid any of the above is to watch where you surf (and turning off ads in general with programs like AdBlock Plus helps everywhere). If you are infected at some point, how valuable is your time and money worth? If you value both as much as I do, you'll reach for a backup CD and load it, wiping the current system clean beforehand. Most virii will be toasted in the process (boot sector/UEFI virii being the exception), and if you are careful in your surfing habits, this should only be necessary once in a blue moon (I've had to do it twice in 10 years (?), and both times were due to work-related activities).

Viruses are a type of Malware.

When people say "Malware," they are (if properly using the term) referring to the entire category of malicious software.