I just installed the trial version of Total Security and a little over an hour ago it allowed rogue security software to be installed on my computer. I have since removed one program that I know of that was installed to C://ProgramData/defender.exe, but more viruses have popped up and my firewall is disabled.
The viruses turned up in my latest scan include trojans one of which was Generic BackDoor!dl for whcih quarantine failed.
I keep getting an error that my Firewall is disabled and whenever I click the button to turn it back on it works for a brief second before turning back off.
Activities Leading Up to Attack
A few days ago I uninstalled Norton and replaced it with McAfee. I kept McAfee on default setting for the most part, but in order to use FileZilla I had relax some firewall restrictions.
Earlier today I had been uploading files via FTP using Filezilla to some website that I am building. I had been tinkering with form authentication settings in ASP.Net trying to see why files on my server result in users being timedout long before the specified timeout in my web.config file. I had just uploaded fresh batch of files, logged in to one site, and when I logged out I got hit by a fake antivirus scan. I immediately unplugged my computer from the internet, turned it off, and restarted it before running a virus scan using McAfee Total Security which produced clean results.
Over the past couple weeks I've been getting really annoying redirects from Google searches in every browser I use to spam sites full of PPC ads. Before installing McAfee I cancelled my Norton AntiVirus subscription because of poor service due to their software being unable to remove a trojan called Tojan Tracur. My Norton firewall had blocked the virus trying to access the internet multiple times, but never quarantined or removed it. Every time I ran a virus scan it failed to detect it even when I used their Power Eraser and Bootable Recovery Tools. When my trial expired and they billed me I called their customer service people and demanded a refund on the grounds that they engaged in false advertising by claiming that their software detects and removes viruses.
A month ago my computer was completely hijacked by a Gumblar variant called Win 7 Home Security 2012. The program took over parts of my Windows Control Panel, started running fake virus scans, and stole my FTP credentials. It used the latter to hack several of my sites before appending vicious scripts to all my Default.aspx pages. I installed Norton AntiVirus, but it failed to detect the rogue software and I had to use Malwarebytes to remove it.
Before that I some mild issues with adware including something called Facemoods and I also was using a Firefox addon called SEO Quake that created a number of ad related annoyances.
I am at a loss what to do. The infected computer is my primary development computer used solely for building new ASP.Net sites using Visual Studio 2010 and FTP is a necessity for fixing anything. I've already used the computer I am typing on now to change my FTP credentials on potentially compromised sites, but after learning how Gumblar works I am afraid that any attempts to upload my work will result in my sites getting hacked. Two of them already got red flagged by McAfee and even though they have been clean for over 2 week they are still listed as attack sites in SiteAdvisor which strangely flagged them even though they never downloaded malware to anyone due to the malicious scripts causing runtime errors on all the pages.
The only thing I can think of doing would be to see if McAfee has a competing bootable recovery tool that actually works. If they don't then I think I will have to reformat my hard drive unless one of McAfee's competitors an antivirus product that actually locates and removed viruses.
TOTAL SECURITY MY ***!