The guy was a Microsoft researcher on the trail of counterfeit software. He just happened to stumble on the malware called Nitol.
This particular virus isn’t just in China. It’s also in the US, Australia, parts of Europe and in Russia. The virus is run by servers, so, all of the infected computers are part of a botnet: “. . . large number of compromised computers that are used to generate spam, relay viruses or flood a network or Web server with excessive requests to cause it to fail. The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. There is a thriving botnet business selling lists of compromised computers to hackers and spammers.”
The Microsoft researcher and his colleagues also found counterfeit software, which was their original goal. It was on all of the computers they purchased, and 20% of the computers had malware installed as well.
If you know you have a virus, the surest way to get rid of it is to wipe the drive and reinstall the operating system, along with your other apps. The downside to this is if you haven’t been backing up your data, you’ll probably lose it.
Or, you can try removing the virus, but you’ll never know if you removed all of it.
Go to Symantec Security Response and see if the virus is listed, and if they have a removal tool for it. If they do, you can download it and follow the instructions.
Just remember, the virus may not be simple and could leave behind gremlins that allow intruders to get in back doors, or that pretend to be trusted programs but really aren’t. There are lots of sticky bits that a virus can leave behind to mess with your computer.
Back up your data regularly. Just do it. We can help you get set up so that you don’t have to think about it. And if you need help getting rid of a virus, we’ll provide the sympathy and tools to get it done.
By Danny Tehrani