Seriously, my computer is compromised?

A member asks…

Hi Chris, I may need your help – at the end of March/early April, it appeared that somehow my personal email account was sending out Viagra-type ads to a bunch of folks not in my Contacts. I only knew because I received the bounce-backs. A couple of years ago I got a virus, and acquired Norman Anti-virus and Anti-spyware (which is apparently from Sweden). This time, Norman started popping up that it was moving three files into Quarantine so I followed their suggestions to address the apparent malware issue, and contacted my ISP to inform them that my email account was sending spam to people I didn’t know. They told me to change my password and do a full scan and contact my anti-virus software provider to get rid of it. I did these things, and it appeared that the password change stopped the sending of the emails, but still had files moving into quarantine. Did the full scans, contacted Norman Support (which is when I found that their US support is actually out of Sweden), thought it had taken care of the issues. Two days ago, I received a spam email from a relative’s personal account. didn’t click on it, told him about it. Yesterday morning I got a malware message from Windows and I followed the instructions. Today, I’ve received a bunch of bounce-backs for my work email (I can forward one to you). So clearly something’s up again. Thoughts? Recommended actions? As always thank you very much! Regards, Frank

Sorry to hear this Frank, and from what you tell me, I think a lot more than your email account has been compromised – likely your computer has some deep-seated malware, spyware, adware, and more infecting it. And unfortunately, using a third-tier protection program (Norman) is not helping matters. While Norman (based in Norway) offers reasonably good enterprise and large business protection service (enterprise.norman.com), their small business and personal protection services (norman.com) are not nearly as good as they need to be. Just an opinion…

Likely what happened is that your computer was infected, you achieved a partial eradication, reset your password, the infection returned (insidious aren’t they?) and you’re back to square 1.

For regular protection, Norton Internet Security (current version 2013) has been my top recommended provider of computer security for the last few years. But I should tell you that I’m reviewing BitDefender, and it’s looking like they may take the top spot this year.

Malware and viruses will often do two things by design:

• surreptitiously disable your protection program
• hide bits of themselves all over your hard drive with triggers so they come back later and bite you again.

The sad fact is that virtually everything on your computer is likely compromised, not just your passwords. Read on for exactly what you need to do.

So the first thing I would do in your case is use several tools to eradicate infections, and uninstall, disable, and remove suspicious things on your computer:

1. Use Malwarebytes’ Anti-malware (http://www.malwarebytes.org). Choose the free version and decline the free trial offer. Download, install, update, run a full scan and remove everything it finds. Restart and repeat until you get a clean scan – this will take you some time, but you need to practice patience and tenacity!
   • If something stopped you from running the program, you can try Malwarebyte’s Chameleon tool (http://www.malwarebytes.org/products/other_tools/). There’s also a rootkit removal tool there I’ve heard good things about, but I haven’t yet tested it (and it’s still in beta testing).
2. Get a better security suite than what you’re using. Uninstall Norman, and buy/download/install either Norton Internet Security 2013 (http://www.norton.com but look for it cheaper), or BitDefender Internet Security 2013 (http://www.bitdefender.com, but look for it cheaper). For example, at Buy.com (now rakuten.com) you can get either for less than $50. Run a full system scan after installing and updating it, removing anything it finds. Rinse and repeat till you get a clean scan – again, patience and tenacity will pay off for you.
3. Remove any toolbars, search ‘helpers’, etc. Click Start, type ‘uninstall a program’ and tap your enter key. Look down the list and remove anything that says ‘toolbar’, anything that looks like a search assistant tool, and anything that you don’t need and use. Restart afterwards.
   1. You should also visit your web browser‘s settings, and look for ‘extensions’ or ‘add-on’s’ – disable and/or delete anything you find that looks even slightly suspicious.

Only once your computer is truly clean from infection (not just viruses – spyware, adware and malware are rampant), then you can go to everyplace you use a login password and change it to something else. Don’t use the same password for everything – use one password for your email, a different one for online banking/credit card stuff, a different one for online shopping, and a different one for everything else. Don’t mix their use. That way if one gets compromised, you can just change that one. Remember, everybody uses your email account for a forgotten password reset, so your email password has now become your most critical one to keep safe. 

Oh, and don’t use easily guessable passwords – I like four or five short but unrelated words with no spaces, using at least one of a capitol letter and a number. For example, “doughcankerbuild2Fritz” (now make up a funny story using those words to help you remember!). Please make up your own passwords!

From this point on, be very careful about what you click on – malware warnings as popups may not be what they say they are (they can actually infect you). Ads and images in websites should never be clicked on. Be very wary of opening any file attachment in email, or even clicking on hyperlinks in email – these are so easy to fake. You can trust warnings from the protection program(s) you have installed, but nothing and nobody else (ok, maybe you can trust us!). Good protection programs help prevent things from inadvertently messing you up, but if you click on something fake, you can circumvent the protection program and get right back in the mess you were in before. This is (imho) the great failure of personal computers (especially the Microsoft Windows variety).