Recently, I started searching for an alternative text editor to the Windows standard Notepad. The reason for this is that I have one gigantic text file that I want to edit but it seems to be too big for Notepad to handle and really slows it down.
I found a program that looked interesting on the CNET website and downloaded it. I’ve downloaded programs from there before and have always trusted it, but when I went to get the file, I instead downloaded some kind of download manager. When I started to install the text editor, I was first directed to a screen asking if I wanted to download some kind of add-ons. Some programs do this, normally I decline everything that they’re offering and I thought I did that this time but apparently I didn’t.
So after going through this, the download manager then went on to download the actual program that I originally wanted. After I installed the program, I tried it out and it was able to handle my huge text file easier.
Something I noticed, though, was that my computer seemed to be running slower than usual, so before I went to bed I began running a full scan with Malwarebytes. It scanned for a couple of minutes, then my system crashed. This didn’t look like a good sign, so I restarted my computer in safe mode, ran another scan in Malwarebytes and almost immediately it came up with infected files. Over all, there were about 40 infected files, almost all under the name Fun Moods. After the scan was completed, I removed all the infected files and did a reboot.
When I opened Google Chrome, the start page looked different and I saw a logo in the bottom left hand corner saying Fun Moods. Obviously, it wasn’t completely gone so I began looking through the settings in all my browsers and this Fun Moods crap appeared in all of them in one form or another. It showed up as a search engine, a toolbar, an extension and also as my home page in almost all of my browsers. In each case, it replaced itself as the default of whatever I already had set up, I was able to manually remove it all and so far it hasn’t popped up again.
I also used CCleaner to run a system analysis and a registry scan. By the time I did this, I was pretty sure I’d gotten rid of everything but I ran CCleaner just to be sure and find anything I might have missed.
As far as I can tell, this virus, much like planet Earth in the Hitchhiker’s Guide to the Galaxy, is mostly harmless. All it did was replace my search engines, home pages and added a toolbar and browser extension. It didn’t lock up my computer, it just slowed it down and made a general nuisance of itself.
It took quite some time to get rid of it, so I hope nobody else encounters it. If you do notice something like this, run Malwarebytes and CCleaner. If you don’t already have them, you can download Malwarebytes here, and CCleaner here. Both programs are available for free, but apparently now to download Malwarebytes you need to sign up and register with them, but it is free. It’s a program that I’ve used for the past decade or so, it’s very reliable. Also CCleaner is a great program for general computer maintenance, it searches for and removes temporary internet files and cookies, which can slow down computers are are some of the favorite hiding places for infections, and it also has an uninstaller for removing programs. I use it instead of the Windows uninstaller as it loads faster.
I’m also going to run a Spybot scan tonight just to see if it picks up anything that might have been missed, and an antivirus scan sometime in the next few days.
Also, if you download anything from CNET, don’t click on the big green button that says “Download Now, CNET Installer Enabled.” There’s a link underneath it, which I did not notice at all the first time around, that downloads the program directly. I don’t know for sure if CNET was the source of this infection as I went through it pretty quickly, but I’m pretty sure this is where it came from. When in doubt, go directly to the manufacturer’s website and download your program from there. This is what I should’ve and normally would’ve done, but I was in such a rush yesterday that I neglected to do this.
Lastly, don’t download anything called Fun Moods or Face Moods. Stay as far away from it as humanly possible; if you see anything like this, back away slowly and run the other way. Hopefully nobody else gets infected by this. As I said, it’s relatively harmless but unless you’re a computer whiz like myself, you probably won’t be able to completely get rid of it without some help.