My discovery of the bamital.x Virus
For more than a week, I’ve been working on an Acer Aspire One Dd257 for a friend. When I got the computer, the complaint was neither Firefox nor Chrome would open. What I discovered was that the program would open, just not as a visible window. The application was open according to the task manager, but there was no open window. Finally, I remembered I could open the resource manage and see exactly what was using all the cpu resources. Surprise, surprise, it was Internet Explorer. Many multiple instances of Internet Explorer.
At that point, I knew I was dealing with a really bad virus. I didn’t know which one, or where to find it, but I knew it was there. I had already run AVG, Avast, Avira, and Malwarebites and the system had come up clean. I enabled Windows Defender, the Windows anti-virus component, and ran that while I researched other anti-virus programs.
Microsoft Security Essentials
I run Malwarebites intermittently on my own computer, and it seemed to work just fine. And up until this time, I had stayed away from using any Microsoft add-ons or anti-virus programs. While reading many reviews, I came across several really positive reviews of Microsoft Security Essentials. I decided to give it a try. I installed MSE, and ran a full scan. The scan took more than 6 hours to complete, but it did find a medium threat virus on my system. I figured it was worth a shot on the Acer One.
I downloaded and installed MSE on the Acer. (If you are wondering how to download and install a program when you can’t access your browsers, check back here later today or tomorrow. I will be posting that next.) After MSE installed, it automatically went to update to get latest definitions. Before it completed getting the definitions, win32/bamital.p had attempted to hijack it, and I got an alert saying I had to restart the computer to finish removing the threat. I tried to restart the computer, but after installing MSE, Windows wouldn’t load at all.
After several failed attempts to restart the computer, I resorted to the Alt+F10 repair/restore function. I really didn’t want to restore and have to do it all again, but I didn’t see that I had another choice at this point. Remember, here, that Acer One’s are netbooks. They have no CD/DVD drives. The come with just 1Gb of ram, also. They run Windows 7 Starter Edition for Small Notebook PC’s. It’s the only edition of Windows 7 that can run 1Gb of ram. They do not come with repair discs or other media to re-install Windows if it crashes. Ten percent of the internal hard drive is dedicated to the repair and restore program. Repair rarely works.
After restoring the computer to the latest restore point, just before I started working on it, I downloaded MSE again. This time it got part way through the scan before bamital.p started interfering. I had run MSE on several of my own computers by this time, so I was familiar with the process. What I was getting on the Acer was not the expected process. Every few minutes a window would pop up saying I needed to restart the computer to complete the cleaning of the bamital.p threat. The box said the threat was sever and needed immediate attention. I ignored these pop-ups. I was determined to let the scan finish, letting the program work the way it was supposed to work.
When the scan was about 5/6 of the way through, bamital.p shut down the computer. When I tried to restart, Windows wouldn’t load, again. I did the Alt+F10, again, and was restored to the point right before I installed MSE earlier that day.
Lost Cause
I have determined that the only way to get rid of this virus is to wipe your computer clean and re-install Windows. This is a problem when you don’t have a CD drive from which to re-install, but I have another option in mind for this. I have a jump device that can connect a SATA, PATA, or IDE hard drive to another computer via USB port. I will need to install 2Gb’s of RAM to do this, also. Here’s hoping it works!