Friday, August 05, 2005

Computer agonistes

Well, here I am blogging on another borrowed computer, this time down in Pennsylvania. What follows may be boring, but I feel I should detail what's happened in case somebody else has a similar problem.

My Norton anti-virus detected a backdoor virus and tried to remove but judging from the history, it was only quarantined. No matter: the damage appears to have affected (surprise!) my Internet Explorer program. After I scanned for viruses with McAfee's Stinger and a Trojan cleaning program, I re-ran both AdAware and Search and Destroy to remove spyware. Finally, I was able to get onto my AOL account and Microsoft security asked if I wanted to update my virus definitions. Yes, yes I would, but instead of using the browser embedded in AOL, the security program opened a separate Internet Explorer page through the DSL service.

All hell broke loose. Pop-ups galore. Virtual Bouncer and AdDestroyer started to load automatically and take over the computer. CPU usage shot up to 99% and I was battling to turn things off but the computer couldn't respond. Eventually I killed the DSL, opened task manager and shut down the applications and processes.

Rebooted into safe mode and ran everything (virus & spyware scan) again. When I rebooted and merely turned my DSL modem on (did not connect to a service) all the spyware programs started loading again. Clearly something on my computer was calling for these downloads and no matter how much I scrubbed I couldn't get rid of the problem. Now my Norton Systemworks wouldn't even run and the AOL & MSN startups would crash immediately. [Do I want to send a report to Microsoft? No.]

So....since I was going away for the weekend anyway, I threw in the towel and brought my computer to the "Geek Squad" at Best Buy to get everything back to normal. I didn't want to micromanage the problem since I'm sure these guys have a standard procedure, but in hindsight I wish I had asked him to load FireFox or some other kind of browser.

6 comments:

Eric said...

Another reason to seek professional help: by this point I had easily invested 12+ hours running every utility program under the sun to get things back to normal.

I told the Best Buy guy I had a very popular blog and that readers were desperate for updates. Even I didn't believe me.

Anonymous said...

Yes, definitely get Firefox. It's an easy download and install.

If you have the money, setup a network at home with a server for holding all your files. When you get attacked again reload your system software from scratch (don't just do a repair). You won't waste time and lose hair worrying about losing your files. Reinstalling your programs sucks, but it won't take 12 hours and your time will have been much more productive.

Search Compusa or Froogle for "network hard drive", and you can get an easy solution for $300.

In my office all files sit on the network server. Speed has not been a problem.

Re: "Even I didn't believe me." You're missed more than you realize.

Anonymous said...

"I told the Best Buy guy I had a very popular blog and that readers were desperate for updates. Even I didn't believe me."

You used your best material in the comments! For shame.

In all seriousness, it's time for Firefox. And you have a router standing guard between your computer and your DSL modem too, right?

Eric said...

You guys are too kind. And thanks for the advice. It's getting to the point where it's probably cheaper to just get a new computer than pay for all these fixes.

Dusty said...

You've had enough Firefox fans recommend that browser, I'll add some things. Just a note, though. It not just that Firefox is better at this point but that having two browsers is good, in case one is infected. Three is best.

Sounds very much like you had nasty spyware using the registry to reset your IE after you clean your system. I'm curious if you use Spybot's Tea Timer because that notifies you of any registry change, which you have an option of saying no to. If you do use it, I'd have to think about what else it might have been. (Also curious if it was Sub-seven that hit you or something else.)

ANyway, also there is SpywareBlaster to immunize against spyware. I recommend that in addition to using Spybot's immunization function.

The one thing I didn't see is your cleaning steps was HijackThis, which is a browser hijacker detector and remover. A great program serviced by most of the major spyware forums, newbies to HT can post the log and get help on what to delete but one time through should let you know what to delete without hitting the Internet. SpywareInfo, Tech Support Forum, Castle Cops, Wilders Security all have help forums.

Also, Process Explorer let's you look at what is up and running and has a kill function. Not so good if you are already in havoc mode, but helpful often and in combination with running msconfig to check what has been loaded in that lull you had between the your initial cleaning and the your attempt at updating the virus definitions. One problem is that lots of the bad stuff uses names of good stuff but is loaded and runs from a different folder. If you deal in a state state operational use, you can confirm most things off a printout of what should be running and check on those that look suspicious. (Having a log of your clean steady state IE browser setup is also a good thing.)

I wonder if you use a local proxy server. If not, Proxomitron is good one to look at. You can set it up to prevent popups before the pop up - both on arrival and leavning while allowing it while at a site. It's great! I've never had a popup I didn't like or a problem where my system went haywire, though I have had cases where Zone Alarm showed unusual traffic and looked in the P-log screen and seen it dutifully killing pop-ups and other ilk, so I have just used either the Zone Alarm lock or Proxo's Abort to stop it. (P has many other cool features that you ought to take a look at, too.)

Give me a yell if you need anything, Eric.

Jay Solo said...

I always install Firefox as part of any cleanup, and encourage the user to switch to it for anything that doesn't absolutely require IE for interpreting invalid code or whatever.

I am curious about your experience with Geek Squad. I looked at their site a while back to compare prices, and was intrigued by their fixed rates for various things, where I charge hourly. Looked like they generally would be more, but not always.