She called me over because she was getting multiple messages telling her that the harddrive was failing, all being delivered by a very fancy GUI that looked like this:
I became suspicious immediately: Microsoft have never produced a GUI that looks so slick. Another big hint was that the Help & Support button tried to take me to a very strange URL. I say tried because her machine by this point was close to being a vegetable. The All Programs tab contained nothing, there were no desktop icons and the C: reported that it contained no files. We could not browse to the NET because all icons to start a browser were gone and even when I started a browser manually (from Start --> Run), the browser was set to use an unusual proxy.
Fortunately Doctor Google was very helpful and I rapidly found this URL:
I used the tools and instructions found there and was able to get her computer back into a working state. Many thanks to the authors of that page.
This experience brought home three lessons:
- Her employers anti-virus is useless (her laptop runs a corporate load).
- Google images searches can return poisoned URLs that contain malware. Have a read of this excellent article. My wife was doing a Google Images search, looking for pictures of Wheat Rust, when the infection occurred. I am loath to work out which URL it was, as I don't wish to risk a return to any of those poisoned sites.
- Using no-script is a very good idea, and one that I will be implementing on her PC, especially until her employer comes up with a better anti-virus regime.
All of this excitement distracted me from the main event, preparing for the May 9 announcements. You will see a log of blog posts over the next few days detailing what our developers have been up to. Prepare to hear about some very cool stuff.
In the meantime... feel free to share any other methods you have to avoid malware... and download and install MalwareBytes. It is a very nice piece of software that costs nothing to install and use.