Something called Trojan.Win32.Wauchos paid a visit to this desk Thursday night, and I was simultaneously horrified and mortified.
The little sumbitch chose to manifest itself about 9:30, when someone (no point in naming names) tweeted a link to something at Bloomberg. I hit the link, and Malwarebytes tossed up its big Quarantine screen in Check Engine Light Orange, assuring me that the infected file had been isolated, and that once I rebooted, I wouldn’t have to think about it anymore.
So I rebooted, and my browser had disappeared. Its directory was still in place, but the executable itself had vanished into that big orange maw. Fortunately, I keep a copy of Internet Explorer on hand for just such emergencies, and in not much time I had performed a reinstall. Was it a tweeted link that caused this? Only one way to find out.
Yet another reboot later, the truth of the matter became apparent. I went looking for a restore point; the most recent one was dated late August. Teeth unsatisfyingly grat, I set the machine for eight weeks ago and waited. It took about twenty minutes; when the system came back up, there was a dialog box indicating that the process had failed for some arcane reason, and no changes had been made. It took about twenty seconds to discover that yes, some changes had been made, because all of a sudden half a dozen Windows updates were waiting. I said fark it and went to bed.
The great discovery of the next day was discouraging but not surprising, really. There were lots of How To Remove pages out there, and about a third of them were blocked by Malwarebytes for, of all things, distributing malware. One that didn’t offered a small executable to rid myself of this Trojan once and for all; I downloaded their file, ran a scan on it, and of course it failed. “Jeebus,” said I. “Tell me what registry changes this little bastard makes, and I’ll unmake them myself.”
Turns out that it changes exactly one registry key. I duly fired up regedit, and, just my luck, I didn’t find that key on the premises. Does this mean all those scans I ran finally got rid of it? I’d deleted the Twitter app, just in case. I rebooted, all those Windows updates finally updated, I reinstalled that app and the browser, and, eyes raised toward the heavens, I clicked on the first link that showed up in my timeline.
Worked just fine.
This particular Trojan is, according to the scorekeepers, No Big Deal compared to some. But let me tell you, I was glad to be rid of it.