November 2009

It was on one of my routine bi-monthly runs that a virus file — “TrojanClicker:win32/Yabector.gen” — appeared.

About every two weeks my computers are scanned in a series of steps that attempt to assure that all is well—including viruses, structure, data integrity, and software-patch currency.
Many of these activities take hours, but I don’t care because the scan is started and I disappear out the door.

So when Windows Live Safety Scanner was run, I found a message that there was a malware—“TrojanClicker:win32/Yabector.gen”—on my computer, and subsequent use of Windows Safety Scanner did not remove the offender. Malware Bytes also failed to remove the problem.

When I went out onto the Net and queried though Google, I found that there were some responses - all dated earlier on the same day — which meant that I was dealing with a “Zero Day” virus — one that had been discovered earlier the same day, one that the malware fighters had not had time enough to analyze, create a solution for, and then send the solution out to all of their customers.

But the clues supplied by the Google scan were enough to guide me into the arms of Microsoft Security Essentials. My thinking was that since a Microsoft program had discovered the problem, possibly another arm of the same company would be able to remove the problem.

So I installed Microsoft Security Essentials, which is the follow-on to the now defunct Windows Live Scanner, which always was physically slow, somewhat costly, and always so far down in the evaluation ratings that Microsoft justifiably just pulled the plug.

The allied, free, and equally slow Windows Live Safety Scanner is still offered, still being updated, and seems to still be effective — not only at scanning for malware, but also at testing for and fixing a whole host of problems of Microsoft software. Thus the remainder program is Microsoft’s agent for unscrewing the problems of the installations of XP.

Microsoft Security Essentials was installed, run, identified the  “TrojanClicker:win32/Yabector.gen” virus, and obliterated it. So I decided to leave the program on my computer with intention to run it when necessary.

But Microsoft Security Essentials slowed my computer to a crawl. After putting up with my benefactor for a number of days, I just could not abide the slowness and further — since Microsoft Security Essentials is not running constantly, but merely idling pending being called into action — it had to go. I removed Microsoft Security Essentials and the computer immediately sped up.

Since Microsoft Security Essentials is a relatively new program, I just could not wait for Microsoft to fix the speed problem.

Then there is the question of whether or not all this activity was needed.

Yes it was.

A routine check brought forth the fact that I had, unknowingly, received correspondence from a known friendly entity that unknowingly passed it on to me. If it weren’t for that routine check, I would be sitting fat, dumb and happy with a virus doing whatever it may such as keylogging, forwarding passwords and social security numbers to whomever.

Is everybody suspect? Yes. Of the computers that come into the Clinic, about one third are infected and their owners had no idea that they were infected! As a result, I have been adding a scan for problems to the routine I go through in the Clinic. The scan usually adds about four hours to the session, but the time is worth it. Unfortunately, some owners don’t want to spend the time, promise to do the scan at home, and never do. Then they pass the problem on to other unsuspecting users, thereby perpetuating the problem.

To summarize: Use Windows Live Safety Scanner to find an infection and Microsoft Security Essentials to remove an infection.

That is at least how it appears to be currently.

This is from the Microsoft Security Center:

• TrojanClicker:Win32/Yabector.gen
• Description: TrojanClicker:Win32/Yabector.gen is a generic detection for variants of TrojanClicker:Win32/Yabector.A. TrojanClicker:Win32/Yabector.A is a program that notifies a web server of its presence without user consent. It may be bundled with an installation program as a file "eBayShortcuts.exe".
• Published Date: Oct 15, 2009
• Alert level: Severe

  Note the date I picked up the virus was the very next day. That it was caught at all was somewhat serendipitous.

I have the unique situation of knowing where the infection came from, but have no feedback whether the infection has been removed from the offending computer. That will be reviewed.

For further information on how to avoid and control malware, go to http://tinyurl.com/yg85ozs.
Also see the requirement for downloading Microsoft Security Essentials, at http://tinyurl.com/yewgwqn

Someone will probably ask, “What is your bimonthly routine to clean up a computer?”

Here it is, in outline:

1. Make sure the hard drives all have integrity, by running the Microsoft built-in structure scanners. The “C” disk must be run with a standalone boot.
2. Run Windows Live Safety Scanner.
3. If a problem is found, run Microsoft Security Essentials.
4. Keep MalwareBytes around for quick scans.