Vosteran

[annieoakley]

I reset Firefox and re-installed No Script. The green Install button didn't work, so I looked around for another way, made a mistake, and got an avalanche of junk. Got rid of most of it, but Vosteran persists. Their web site, vosteran.com has a Remove button. Can I trust them? Will their Remove button remove vosteran or make it worse? I am afraid to try -- please help.

[therube]

I believe this is a site typically referenced at mozillazine.org, but I would go there first & have a look to verify: How to remove Vosteran.com Search (Removal Guide).

[annieoakley]

I believe this is a site typically referenced at mozillazine.org, but I would go there first & have a look to verify: How to remove Vosteran.com Search (Removal Guide).

Your link goes to malwaretips.com, and they are very thorough. I have at least a couple of hours work ahead of me, but I will be happy to be rid of vosteran. In addition to having my browser hijacked, I was prevented from opening Speed Up My Computer and eventually from getting on the internet at all, and my computer kept freezing. Day before yesterday I unplugged my modem from the wall and ran Malwarebytes about every two hours to clean up the Vostran PUPs that keep replicating themselves at the rate of 10 - 15 per hour. And I figured out how to open Speed Up My Computer from the Computer folder in My Computer. So I got Vostran out of my registry and the computer was useable again.

In a word, it has been a wild ride. Thanks for your help.

[annieoakley]

The italics got out of hand there. Sorry.

[annieoakley]

@ therube

I did the entire protocol and it worked beautifully -- for a day. Then Firefox got slow, didn't respond, froze and froze my computer. So I did the protocol again, and found that Vosteran is really gone. So I have another problem, but neither Malwarebytes nor Hitmanpro is identifying it. Do you have any more good suggestions?

[barbaz]

Try your normal antivirus or AdwCleaner?

If that doesn't get it, try Malwarebytes Anti-Rootkit Beta (WARNING: cleaning can completely ruin your system!)

Code: Select all

http://www.malwarebytes.org/antirootkit/

If you use that, give it several hours to run. Note that it can seem to get stuck but that's just a bug in the GUI

[annieoakley]

I ran AdwCleaner again and the report looked pretty much the same.

In the meantime I read about rootkits and Malwarebyte Anti Rootkit Beta: Malwarebytes says what you said -- danger, use at your own risk.

Can I get rid of rootkits by wiping the computer and overwriting the disc? Rootkits are in the disc, not in Firefox, right? But my Firefox profile is on the disc, so if I want to save my bookmarks I save them as HTML in a Word document. I don't know of anything else I need to save from my profile.

Everything from My Docs and Desktop got backed up the minute I started having problems.

Thanks for your help. I appreciate your clear, concise replies.

[barbaz]

Can I get rid of rootkits by wiping the computer and overwriting the disc?

They can reside in places other than disc, so if you're considering wiping the whole disk I'd suggest running MBAR on everything *except* the filesystem just to make sure there's nothing hiding in other subtle places. (can't remember what all locations it offers to scan or the exact words, but I'm fairly sure that master boot record / MBR was one. note: it's scanning the disk/filesystem that takes a long time.)
If that comes out clean then yes wiping the disk and reinstalling OS totally from scratch should zap it for good. (*Scanning* didn't do any harm when we tried it to remove a rootkit - it's *cleaning* that really risks borking your system. So it's a good idea to check things other than the filesystem even if you don't do anything about it right away.)
If the MBR etc is not clean... I have no idea what you should do

Rootkits are in the disc, not in Firefox, right?

Rootkits could reside in pretty much anything really, even parts outside the "disc" like the MBR. I don't know if they can go so far as to worm their way into the BIOS or not, but if so that would be REALLY bad

But my Firefox profile is on the disc, so if I want to save my bookmarks

... then you completely shut down Fx then copy the places.sqlite file in your profile to an external disc and hope the infection doesn't hide on that external disc in the mean time. You can re-scan the disc with a known clean system later, but note that I don't know if merely plugging in an infected disc and not autoplaying anything can get a Windows computer infected (e.g. during the "Found new hardware" process)...

Everything from My Docs and Desktop got backed up the minute I started having problems.

Are you double sure that you have a backup that was done before you saw these symptoms, and that there's nothing else you couldn't restore that isn't backed up?
(Rootkit is not likely to reside there, but it's still possible.)

You might also consider backing up some of the contents of C:\Users\<YOU>\AppData (contains application configurations).

Thanks for your help.

You're welcome

I appreciate your clear, concise replies.

... and no sooner did you say that, I end up making a long post.
sorry

[annieoakley]

@ barbaz

"Are you double sure that you have a backup that was done before you saw these symptoms, and that there's nothing else you couldn't restore that isn't backed up?
(Rootkit is not likely to reside there, but it's still possible.)"

My backup from before I saw these symptoms and my backup from after I saw them are on the same external hard drive. Do you think the rootkits can travel within the hard drive and infect clean files?

[barbaz]

Do you think the rootkits can travel within the hard drive and infect clean files?

Can? Sure, as long as the hard drive is plugged into an infected computer.
Does it actually do that? Don't know, depends on the rootkit. Well, a rootkit alone may not do that but a rootkit+worm could.

(Please note that malware isn't my area of expertise at all, especially since I'm not even a Windows user. I'm heavily basing my replies on just one incident where I helped ferret out and zap an elusive rootkit - Trojan.Zekos.[something] I think it was called. What we saw there is surprisingly similar to what you're seeing.)

[annieoakley]

Hi, Barbaz,

In the past four weeks I have read hundreds of websites and forums and at least five books, including Turings Cathedral and Ghost in the Machine. I understand a little bit of why computers are the way they are and I think the human race is certifiably insane to run our governments, banks and commerce on anything as vulnerable and ephemeral as these machines.

I think I am beginning to be able to tell what is good information and what is junk. Most of the time.

I have thousands of scraps of information (and , probably, misinformation) rattling around in my head and am about to read a tutorial from bleeping computer called Introduction to your Computer in the hope of getting some organization and clarity.

In the meantime i have shopped around and have an idea what computer I will buy if this one becomes unusable. If I have a new computer I will want a new external hard drive and one or two new flash drives. This computer and and I have come to terms by me clearing the cookies and cache at least once a day, turning off Firefox and disconnecting from the internet when I am not online, turning off the computer when I am not using it and watching less Netflix. If whatever is in the computer won't let me disconnect from the internet I get up, walk over to my phone jack and disconnect from there. Because I am disconnected from the internet so much I have to manually update and run Malwarbytes every morning and also check Windows Updates. So far, so good.

I have a few questions, only one of which is about scripts.

Computers run on 0s and 1s, and are programed with code, which is in letters and symbols. The scripts we control with NoScript are sections of code that cause our computer to do things it is not "supposed" to do -- things we have not been told will happen, things we don't want. Have I got it right so far? If so, what I am wondering is this: what is the difference between these scripts and malware?

The other two questions are about software. Is it worthwhile to buy the Avast upgrade, and is FarBar a good program, a worthless program, or malware?

I know this is a lot all at once. Thanks for reading and for any help you can give.

[barbaz]

I will want a new external hard drive and one or two new flash drives.

Protip: *Always* buy a larger external storage unit than you think you need! Meaning, for example, if you think you'd be good with a 1 TB hard disk, get a 2 TB hard disk if you can spare the money. I've been repeatedly caught by this and have to keep running to the store for more hard drives and flash drives!

Computers run on 0s and 1s, and are programed with code, which is in letters and symbols. The scripts we control with NoScript are sections of code that cause our computer to do things it is not "supposed" to do -- things we have not been told will happen, things we don't want. Have I got it right so far?

Not quite right, NoScript controls 'scripts' that *might* cause your computer to do bad things / stuff you don't want it to do. You, the user, tell NoScript what's good and what's bad. It doesn't know otherwise.

what is the difference between these scripts and malware?

These days with the Web being basically another OS these scripts _are_ a form of malware.

The other two questions are about software. Is it worthwhile to buy the Avast upgrade, and is FarBar a good program, a worthless program, or malware?

Well this was the last time I heard about Avast, and I've never heard of FarBar...

(I'm not really the best person to make suggestions about AV programs for Windows, because the only Windows AV programs I've personally had experience with are Norton and Symantec, which both invariably slow the computer down to the point of being unusable after, oh, anywhere between 2-9 years...)