DIE Magic Software/Malware

I got this piece of shit on my PC-and had a devil of a time getting rid of it! It is insidious-it infects your operating system, and makes it impossible to remove-I wound up wiping the HD. A friend told me tese shits are in the Ukraine-is there any way to spam them to death?
People who launch these things ought to be shot!

Magic Software Inc. is disavowing any connection the spyware that is using their trademark.

Many of the current spyware infections have been traced to the Ukraine or other former Soviet republics. I seriously doubt they care if you send them spam.

Take your computer and any internet-accessible electronics and throw them into a river.

And then move upstream, just in case.

Create a limited user account to use on the web. Malware can’t install itself.

This doesn’t always work. I have two user accounts on my laptop: the admin which is used strictly for, well, admin stuff, and the account with admin privileges which is what I’m usually logged in under. I nonetheless got infected with something or other a few weeks ago, when I wasn’t even downloading anything, and had to waste most of a day getting my system clean.

Then it isn’t a limited account.

Yes, it is. I’m very careful about it. The RHYMER account, which is the admin, has a deliberately boring background, no icons on the desktop, and nothing in the QuickStart or StartMenus but AVG, Ad-Aware, and so forth; it has always been thus. The SKALD account was setup from day one to be the limited account; all the cool stuff is there, and the wallpaper cycles randomly through various paintings and not a few photos of hot chicks.

Then buy a Mac.

I’m a cheap bastard, so now. Though I will happily concede that,of the dozen or so computers I’ve owned since '88, the one I was most happy with by far was the Macintosh Presario 631. Never gave me a lick of trouble.

If it has admin privileges, it isn’t limited, it has administrative privileges.

Ah, that was a typo. I mean to say the account without admin privileges. In my own defense I am at work and was distracted by the department admin, who is protesting having to work on Sunday by wearing short-shorts.

I surf on my admin account, and have found this to be really effective for preventing malware. 1. Use Firefox w/ adblock plus (or any browser other than IE honestly) and 2. carefully READ anything that pops up and understand what you’re clicking on. I have been amazed at the difference in webpages opened in IE and Mozilla. The IE page will be deluged with pop ups and programs installing scareware, nothing happens when I visit the same page w/ Firefox.

as a SysAdmin overseeing a few hundred computers, I can assure you that it is possible to be a limited user and get a virus. It just isn’t as easy.

I take care of a couple hundred myself, and agree. It isn’t as easy, frequent or difficult to cure.

CP, I am parsing your second sentence to mean that a malware infection obtained via a limited account is easier to cure than one one obtained via an admin account. Is that what you meant? If so, why is that the case?

I have had two vexsome viruses this year. One was on the home machine which I hardly ever use; I think one of my nieces picked it up while surfing the net on the admin account; I ended up wiping the machine and starting over. The other was on my personal desktop, which I didn’t want to wipe unless it was absolutely necessary. Fixing it was tedious rather than difficult. One thing that struck me about it was that, though I had to have picked it up while using the limited account, I could not kill it off from the admin account–not completely; nor did I experience any symptoms of it on the admin account. I ended up having to run MalwareBytes a couple of times on the admin account, then turn the limited account into admin account and run MB there a couple of times, before I finished. The malware in question was a ransomwear program whose name I have now forgotten.

A limited account cannot write to the windows folder, nor as far as I know, the registry. It can write to folders the limited account owns, and hide out under assumed names, as it were. It can’t write to folders the limited user doesn’t have rights to, so other accounts are relatively safe; you have a clean admin account to run the virus checker from. Starting up in safe mode may prevent the virus from loading, making it easier to seek out and kill.

It can write to the registry, just not certain parts, including the parts that autostart things. My dad picked up a virus on the limited account, and it was able to write to the registry, but did not write anything to any of the Run keys. Furthermore it was unable to install the downloaders that were the real problem…it just kept flashing up a warning saying it needed updates. All I had to do was run SUPERAntiSpyware from safemode, and it was gone. (Although it left a few registry entries that I had to delete manually, which is how I know writing was possible.)

I ran updates on my desktop Mac this morning (from the message pop-up, which looked like it always does), then got a message that Magic didn’t upload or some garbage like that, and now my Safari browser doesn’t work anymore (I just get blank pages) - do you suppose I have this Magic malware or whatever it is?