Trojans, viruses, and other malware are a fact of online life. Fortunately, there is a jewel hidden on your machine that could save your computer should you become infected.
Most malware follows a typical pattern of infection. First, it gets itself copied onto your computer somewhere. Next, it modifies your registry to mess with things like your browser and antivirus software. Lastly, it hides itself so that you can’t easily get rid of it.
I got a Trojan (and not the good kind)
This morning, I discovered a trojan virus on my machine — no idea where it came from or how I got it. (Maybe a gas station toilet seat…?) The symptoms were several:
- Hijacked my browser so that anywhere I tried to go I got a scary looking “Your computer is infected – click here to fix it” message. (Note: the phrase ‘click here to fix it’ should rank right up there with ‘Hey, look what I can do” on the danger matrix.)
- Frequent popup windows announcing a plethora of found viruses, along with the same scary ‘click here’ message.
- Frequent windows popups over a funny-looking icon on my icon tray, all with variations on the theme “Holy crap, you are so “&*@#$%!”
With a little investigating using the Windows Task Manager, I figured out which funky process was the virus – a little baby called tda.exe sitting innocently amongst the windows programs and processes. I killed that process and the funky fake windows icon went away – a dead giveaway that I’d found the right program. A quick trip through the registry editor (kids, don’t try this at home) found several registry entries the virus had made, but where the heck was the original file? Haha – did a file search on the computer for tda.exe and found it hiding in the windows/prefetch folder. Whacking it there fixed the computer.
Mr. T to the rescue
So where is that hidden nugget I promised? Go to Windows Start and select Run, then type mrt to see it. This is a Microsoft Malware Removal Tool that has shipped with Windows since W2K. This little puppy will save your butt on many virus attacks, especially those that interfere with your browser or antivirus scanners.