I think I got a trojan virus

Yesterday after I started up my computer I had all sorts of problems: I would click on a site, AOL for example, and the computer would try and try to open until I finally got an "AOL is not responding" notice on the top of the page. Same thing with MSN, or anything I tried. If I tried to click on a page that was already open, the page would get an opaque white "film" (for want of a better word) all over it, and I couldn't do a thing.
Hours later, still working on the computer, I finally got Norton started, but it just stopped after a while without completing. Same with Malwarebytes: started but couldn't finish. Kept trying with Malwarebytes. Though it stopped again, by a stroke of luck, it automatically upgraded itself (I have the PRO version) and that somehow got the scan going again and it finally got all the way through. Near the end of the scan, it found "Trojan.FakeAlert.RRE; it was on my external hard drive!
I tried to find some info on this but couldn't find anything on this Trojan with the "RRE" extension.

So far today, I'm getting around okay but I'm curious how this Trojan produced my symptoms. Or how I got it. Or how I picked it up on my external and not my main hard drive.

Is it possible to pick up a virus from an email that I opened? It had no links of any kind in it, only a plea for money.

Mary,

I found quite a bit about the fake alert trojan, though nothing about it targeting an external hard drive, though I didn't really search far.
Here's an explanation of the trojan from Sunbelt.
The first notice of this on their website appears to have been in 2006, so this trojan is obviously far from new and I'm surprised Norton didn't pick up on it instantly.

No, you can't get a virus from just reading an email.
Not yet, anyway.


Gil.

If your computer is running better, run at least one more full scan with Malwarebytes and definitely a full scan with Norton. From what I read about the FakeAlert virus, it might take more than one pass with at least two different programs to get rid of it.

It's hard to know how it got there - it could have simply been a "drive-by" download from visiting an infected website. I saw several references to getting this virus after visiting a social website. While they always say NEVER open up emails from someone you don't know, I got one of those emails asking for money from my sister-in-law. Someone had hacked her Facebook account.

Draclvr,
The email that I opened was from a woman I used to work with. I forwarded her the bogus email using her correct address and she said that it delivered a very quick moving virus when she opened it, but I never heard of getting a virus from just opening an email.
The virus supposedly tries to get you to go to other sites to clear up the "security problem", but I didn't see anything like that.

I ran Malwarebytes twice yesterday; I'll run Norton right now. I do READ FaceBook once in a while, but rarely post anything, so I don't know if my catching the virus came from there.

Gil,
Thanks for the link; I was trying to find a definition of the specific version of the Trojan I managed to get. I'll keep looking.

A good browser, a good AV and/or Malwarebytes will generally stop you from visiting a dubious website.
Sometimes mistakenly and irritatingly but most often they're probably right.

Your SIL's FaceBook account was hacked, Draclvr? No, really? I am astounded.

Gil.

Yes, Gil, I too was simply shocked.. shocked I say! I can't tell you how many people I've helped get their Facebook accounts back from hackers. Usually a simple change of password does it, but in her case the hacker actually got into her Hotmail account and trashed it plus was carrying on Facebook conversations with other family members. It was very creepy.

Mary, there are a gazillion variations of this virus, so it's pointless to look for a specific one. It's been around for several years.

Mary,

Kioskea.net has some information on this trojan. I had a little difficulty figuring out what they meant exactly since the website is French though written in English (Kioskea gets a Safe rating from Norton and others, I checked since tortured English, even a little bit, always raises a red flag for me); however, it looks as if the infection is passed through a removeable drive.

Gil.
speaking of tortured English

Infection by email was one of the earliest methods of infection (though not as early as infection by floppy disks). When I first started using computers years ago, we were warned never to open emails we weren't expecting. The infamous "I Love You" worm from year 2000 spread by email.
http://en.wikipedia.org/wiki/ILOVEYOU
It wasn't the first, but it was one of the most well-known email worms. Strictly speaking it was a "worm" rather than a "virus," but few people bother distinguishing between virus and worm -- especially since modern malware can be both.

As others have said, don't rely on one anti-virus or anti-malware program to get rid of it all. If you only get rid of one part, the parts you didn't find can easily replace what you removed.

Modern malware often uses multiple methods of infection. So you could have gotten the virus by email and had it spread to your external drive, where it's all set to infect any computer you plug the external drive into. I wouldn't be too surprised if it was also sending out infected emails without your knowledge.

Jenny,

The article on the I Love You worm may have been badly written, but, as it is, it indicates to me that you had to open "the attachment" in the email to become infected, not simply open and read the email itself.

Gil.

There was no attachment in the suspicious email I got. Maybe that email just happened to come in at the same time a website dumped the virus on me. I just really have no clue how I got it.

I may have been thinking of a different virus, Traveler. But there were some that would infect when you opened the email -- not an attachment -- and this isn't a recent thing. As long as emails have been sent using html rather than plain text, there have been viruses that were embedded using scripting in the html of the body of the email. So all you had to do to be infected was open the email. Or if you had a "preview pane" open in your email client, the virus could infect through that.

Oh, boy. Hallelujah for a good AV.
I think I'd be giving Norton the boot for not catching that, particularly given how old it is.

Gil.

The virus may have been "updated" to change its signature. Polymorphic viruses change their signature with every infection, which is one reason why antivirus that work by signatures alone aren't very effective any more.
http://en.wikipedia.org/wiki/Polymorphic_virus

Yes, I'm not too happy that I paid dearly for Norton and it just let this virus right in. Then I've got to clean up the mess.

After getting a "clean" Malwarebytes scan (my second scan) and a "cleaned" Norton scan (it removed some cookies), can I assume that I can exhale now? Computer seems to be running fine.

I'd think so, Mary.

Gil.

Keep an eye on it and your fingers crossed.
MalwareBytes is a good product, so hopefully it got it all.

If an e-mail is responsible for the infection then it might be a very good idea to get in physical touch with the sender and set up a specific one word code between each other that will be included in the title of the e-mail. Doing this will help you to know if e-mails from this person are real or phony. And don't store the code on the computer, write it down somewhere. And whatever you do, don't tell anyone what the code word is, no matter the reason.

Homer,
Luckily, the person who inadvertently spread this virus to me is a person who I no longer work with nor have any other kind of relationship with, so anything coming my way from her will be automatically deleted by me.

What happens is hackers use brute force tools to scan accounts for passwords. unfortunately many people use the same password for Facebook and their e-mail. Once they get into your e-mail they use that address to send out piles of spam. Of course they have access to your address book as well. Forwarding nasty stuff to everybody you know.


As Drac said changing the password in your Facebook is the easiest way to shut them out. A problem arises when the theives get into your account they can change your password keeping you out.

It is a royal pain but you should use a different password for every account and DO NOT KEEP PASSWORDS ON THE PC.

AND NEVER EVER USE A PASSWORD SAVER THOSE INTRUSIVE BROWSERS OFFER, that is askingfor trouble.

How easy is it to brute force a password?

This password for instance
john1422
Will take a brute force effort using
Offline Fast Attack Scenario (a hacking tool)
29 seconds to find

Using the Massive Cracking Array Scenario
it would take 0.029 seconds

This password JoHn*!4@2!aA!

Will take (Offline Fast Attack Scenario hacking tool
1.65 hundred thousand centuries to crack

The Massive Cracking Array Scenario tool
Will take
1.65 hundred centuries to crack

Steve Gibson a security expert has designed a free utility allowing you to design passwords reporting how long it will take using various tools to crack

You can create passwords and test them to see how secure they are

It is a great tool and of course you use the tool anonymously

Here is the tool

Password Haystack

For those of you who do online transactions of any kind, banking, purchasing etc here is a way to verify the security certificate of the site is legitimate and you are on the right site. This little puppy is worth it's weight in gold. Again this is Gibson at work.
There is a long article explain why Mr Gibson built this tool. You simply paste the URL onto his fingerprinter and his site will tell you what the correct certificate id is for that site. You compare that to what your browser reports the certificate id is for that site.

He gives you directions how to read the certificate for several browsers. It seems location of the certificate varies between different browsers.

Gibson-Certificate Fingerprinting

oldmariner, you post is worth its weight in gold! I use Norwegian words with some numbers or characters for passwords and when I plugged a couple of them in to the Password Haystack, they would take several years to hack!

We had to have a twelve character password when I was working, and it had to have a mix of upper and lower case letters, numbers, and any other character we wanted to use. Because of this requirement, the passwords created were the kind that would take years to crack. And some systems we accessed a security fob had to be used, which rotated the pass code every few minutes. All this was a pain, but it did help to keep out the wrong persons.

I do agree with oldmariner to NEVER allow the browser to store/save your password. Keep it written down, it's safer that way.