Monday, January 6, 2014

So I spent the day recovering from the Wajam virus


So there's a company called Wajam that illegally gains access to your computer and illegally takes your system resources away from you and illegally redirects your browser and shit.

I say "illegally" because if you're installing your shit on my computer and doing shit without an explicit and informed check-off from me, you're stealing my computer resources.

I dunno how I came across it; it might be that I caught it from clicking on a "sponsored" link to download Chrome instead of the proper link. (I backtracked when I saw it was the wrong site, but even loading the site might have been enough.) It could have come bundled with Chrome. I could have caught it as a "drive-by download" in an ad, as well, since I did run Chrome and Internet Exploder for a little bit last night.

Typically I use Firefox with several security add-ons, so you can't drive-by me; but unfortunately I trusted a company that I wasn't supposed to trust, enough to go to their site in Exploder, and I suspect that's how I got infected.

But in any case, I saw my computer was doing things it wasn't supposed to: it was chugging on the hard-drive when it should have been idle, and it was using system resources that it wasn't supposed to be using.

First thing I do is fire up Wireshark and look for data transfers that ain't supposed to be there. Not really useful in many cases, but a protocol analyzer saved me from the port 135 worm years ago, so it's second nature for me to watch my traffic. Anyway, I saw nothing of value there.

I decided for the heck of it all to run Malwarebytes, and lo and behold it found "PUP.(something).Wajam.A".

So I looked Wajam up, saw how nasty it was, and went searching for a removal method.

This site here, malwaretips.com, has a step-by-step method for uninstalling Wajam, which involves downloading and installing some stuff but which otherwise worked fine, considering Wajam is fuckingbitchcuntware that is almost impossible to uninstall.

And yeah, the people who run the Wajam site supposedly have an uninstaller available; but you can't get to it on their site without enabling javascript (which I don't do, see "internet security" above), and in any case why am I going to trust the fuckheads who just infected my computer?

So I went through the malwaretips.com method, and now I'm presently running AVG to make sure Wajam is gone. I'm assuming Wajam hasn't paid off AVG to not detect them as a virus.

Problem is, my computer was still chugging a bit when wasn't supposed to. Seriously, I cut my teeth on Win95/98, so I'm the type of person who doesn't want my computer doing anything without my explicit say-so. Computers are supposed to stand still til you tell them to move.

So I went into Task Damager, and saw a few processes still using my fucking CPU. Did a search, and it turns out they're both related to Windows disk indexing.

Maybe disk indexing gets turned on by Wajam? I don't know. It certainly fucks up your whole registry. Anyway, I went into Admin Tools/Services/ and killed that Windows disk indexing bitch too. Not needed, so go away.

Point being, you'll look on the internet for how to kill Wajam, and it's a really crafty bitch that is hard to get off your system. But you might want to look at your computer in detail afterwards to see if it's changed your settings to make your computer slow down even after you get rid of it.

It might still be, of course, that my disk churn is actually being caused by a Cryptolocker process slowly killing my data. I'm not sure. So if I disappear off the net for a few days, it's because I'm doing a nuke and trying to work within Linux.

7 comments:

  1. Replies
    1. The wajam virus using his computer to make more bitcoins.

      Delete
  2. Thanks for this. You nudged me into running malwarebytes on mine and a found a Trojan (though no Wajam here). And yes, there has been chugging recently (started a couple of weeks before Xmas but I was busy thinking about other things) and yes, it's now gone.

    Early last year I switched to Chrome default. You think that bad idea?

    ReplyDelete
    Replies
    1. I'm philosophically opposed to Chrome because Google is trying to corner the internet. You'll probably need it to keep blogging, for example.

      But I guess IF you can find security plugins for it, it's tolerable.

      Every person should uninstall Java from their computer. Then you need a script blocker like NoScript, an ad blocker, and a cookie rejecter like Ghostery.

      Don't touch the internet without all that. That was my mistake, running browsers out of the box.

      Delete
    2. BTW you need ad blockers because every ad is HTML code, and every instance of HTML code can cause a drive-by infection. And websites aren't typically scrupulous in who they take ads from.

      Delete
  3. Don't lie to us, you got that virus surfin' porn!

    On a serious note, I recommend a periodic check for rootkits on any winpc, use tdsskiller from Kaspersky. Of course it probably can't do anything about those NSA rootkits that are spying on us all.

    ReplyDelete
  4. I have used "Total Uninstall" to uninstall that shit. It has removed C:\ProgramData\Divx\Converter, so it might have come with DivX since I upgraded it couple of days ago when it appeared on the task bar with info abt new version.

    ReplyDelete