A Word about Viruses and Malware: Don’t blame me

Viruses and Malware Suck

Viruses and Malware Suck

A Word about Viruses and Malware: Don’t blame me.

I often help people when they have a problem.  That’s when they come to me.  The problem with that business model is that they are often already frustrated, and what I am going to tell them, at least initially, isn’t going to make them a whole lot happier.  This is particularly true when someone comes to me for advice after having had a virus, malware, a PUP, adware, spyware, buttware, banannaware, tupperware… look, they are all the same.  If it ends in “ware” and it doesn’t start with “soft”, then it isn’t good (yes, including Tupperware, but for different reasons).  Don’t make the mistake of thinking viruses are worse than malware, which worse than spyware, which is worse that adware, which is worse that PUPs, PIPs, PAPs, POPs, whatever.  They are ALL bad. They can ALL trash their system – any one of them.  Period.  It doesn’t matter if one utility makes it yellow and medium or red and critical.  The fact is, The red ones we almost always know about and react to quickly.  For that reason, they are the lowest risk to you.  The highest risk items are those that sound harmless… the items that you only remove after I tell you that I’m sure you have something bad on your system.  Here’s an example of how that happens, and the common reaction.

I was helping a customer with what started as printer problems.

He sent me these screenshots:

Canon Printer Drivers

Several Installs without Publisher Names

 

Canon Extended Survey Uninstall

Canon Extended Survey Uninstall

Canon Drivers won't Uninstall

Canon Drivers won’t Uninstall

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

My response:

Do you see all those installs with the publisher blank? Those are most likely malware – based on your screenshots, that is the source of your headache. That’s what I would concentrate on – I know that’s a very different direction, but I think you will find it a necessary step no matter what you do. I don’t like delivering this kind of news… but it doesn’t look good. When you are done with this, you’ll probably realize that many other anomalies you’ve experienced are connected to it.

I would start with malwarebytes at malwarebytes.org. Do a full scan, remote, reboot and repeat until you come up clean, then come back to the printer.

 

The customer’s (unfortunately typical, and delicately insulting) reply:

Michael, I think this is becoming a timewaster. There were six “installs with the publisher blank” in the screenshot in question. You implied that these were likely malware, yet 5 of the 6 were actually the result of installation using Canon software! The only odd one out was AVIGenerator, which I know for a fact was a useful item installed as part of my Swann Security surveillance camera package. Despite my misgivings (I am VERY security conscious) I gave you the benefit of the doubt and installed and ran the suggested “malwarebytes” scanning software. It found NO malware, but pointed out two items of software that might be “unwanted”. It was correct on both scores – one (iLivid) had outlived its usefulness, the other must have been “crapware” (“driverupdate.exe”) bundled with other software and must have escaped my usually vigilant habit of unchecking tickboxes during installation. I uninstalled both of these items anyway.

Sure enough that made no difference to my being unable to uninstall the two Canon drivers and the Canon “Extended Survey Program” item, which were preventing a clean reinstall of my two printer’s drivers. I think the best thing will be for me to go to the Canon helpline to learn how to uninstall these three.

Then perhaps I can seek a different expert on ******* to address my MP800 malfunction. I won’t take any more of your time, thanks. I do appreciate your effort, but there seem to have been times when we were not on the same page. Regards, Peter.

My Reply:

I couldn’t agree with you more, Peter, about us being on different pages.  You are upset with me because the thing that destroyed the functionality of your computer was something you call “crapware”, and not “malware” as I had suggested. The software I suggested you run to correct your problems identified this software only as “unwanted” or something you don’t want on your computer – something you have defined as “crapware”.  Since I am not schooled in “crapware” technology, that one must have slipped past my inexperienced eyes. However, “crapware” (I guess) is an emerging field and I will come up to speed on it as quickly as possibly to avoid so grossly misinterpreting similar situations and giving such poor advice.

That is how I wanted to reply, but my extraordinary professionalism doesn’t allow me to do that.  While I do hope that he finds this and reads it, my official reply was as follows:

My Real Reply:

The Extended Survey Program software is something that is installed for a single use and then uninstall and is usually done at the direction of a Canon Support Rep. It should not be installed.

An alternate uninstaller for the MP drivers is, Start menu -> All Programs -> “Your model name” -> MP Drivers Uninstaller.

If that doesn’t work, you can delete manually.

  1. Select the printer to be deleted
    Select the Start menu -> Control Panel -> Hardware and Sound -> Printers.
    Click the model to delete, then press the Alt key on your keyboard. On the File menu, click Delete.
  2. Delete the printer
    If the User Account Control dialog box appears, click Continue. Then when the confirmation message appears, click Yes.
    The icon is deleted.
  3. Select the printer driver to be delete
    Press the Alt key. On the File menu, select Run as administrator, and then click Sever Properties….
    If the User Account Control dialog box appears, click Continue.
    Click the Drivers tab. In the Installed printer drivers list, click the printer to delete.
  4. Delete the printer driver
    When you click Remove…, Remove Driver And Package dialog box is displayed.
    Select Remove driver and driver package, and then click OK.
    In the confirmation dialog box, click Yes.
    When data collection is completed in the Remove Driver Package dialog box, click Delete.
  5. Click OK.
    You can do those things, however, I will re-iterate what I said because I think it is important to address. When someone comes to me, I try to address the big picture with them. I can give you itemized micro-steps, or I can truly provide you value by telling you when I recognize what might be a root cause. For this, you have already rated my service negatively.

Those installs should NOT have a blank publisher name. A blank publisher name in almost all cases, is an indication of a corrupt install. This is often caused by a virus or malware. What I see in those screenshots is a telltale sign of a virus or malware problem at one point. Even if the problem has been fixed, damage may remain. You can trust me or not, but this is what I see.

driverupdate.exe and iLivid are both malware and absolutely may have caused those problems! This actually verifies exactly what I had told you. you are basically finding exactly what I told you that you would find and being upset with me for it! I didn’t put those things there. But I can tell you that I’ve seen them thousands of times causing these problems. Do you think it is a coincidence that when I told you to scan with malwarebytes, you found those two items? You responded as though finding malware actually contradicts what I was suggesting?

I am security conscious too, but I have had malware and viruses. It’s nothing personal – it happens.

Everything that I have told you is supported by what is on your screen – from finding driverupdate.exe, to the corrupted installs. Yet you dismiss me and act as though I haven’t helped you,  I think you are shooting the messenger. This might give you a much better understanding of one (and it only takes one) of the items you had on your computer:

http://bitli.es/bntqZr

 

The moral of the story?

There are two, and they are old, but worth repeating:

Please don’t shoot the messenger. It ain’t fair. The messenger usually notices when you do, we hate it, and although you forget it quickly, we remember it forever.

Don’t bite the hand that feeds you. A hand that is feeding you is usually close enough to deliver the bitchslap you deserve.