web analytics

«

»

Mar
12

Bloody Virus

Categories:

by

I’ve spent most of my valuable Sunday afternoon doing battle with a very stuborn virus / worm / malware on my parents computer.

The battle ended in an uneasy truce. I managed to maim it enough that the messages, websites and automatic shutdowns shouldn’t happen, but it’s still there.

At one point my younger brother asked me why people write viruses, and I struggled to come up with a good answer. To prove something? Get a freakin’ job, start a company, do something useful with your life!

I swear, if the person who wrote that program had walked into the room and confessed I would have punched him in the face, possibly more than once.

It was such a battle because it disables almost every tool you would normally use. It had disabled norton antivirus and wouldn’t allow it to run at all.

It also blocks you from looking at the processes that are running (CTRL+ALT+DELETE), and from running “command”, “regedit”, SP2 upgrade and probably lots of other stuff.

I managed to get the computer (windows XP) into safe mode (by restarting the computer while loading windows) and this helped. In safe mode I could run norton, regedit and other files. However no matter what I removed from the registry, and no matter what I did with norton, the virus kept coming back.

I was able to delete various files from the command prompt, which is what has stopped the visible effects of the virus.

My last gasp attempt to rid the computer of the bastard was to download prevx which claimed to be able to get rid of it. Ultimately, while it seemed to pick a lot of stuff up, and remove it, it made no difference. So I called it a day.

So my parents computer is left completely unprotected from future attacks, with a deeply entrenched virus on it. Something has to be done, and that something is most likely to do a reinstall of windows.

However, given I did this just a few weeks ago, I don’t know if I can face it yet.

Virus Files

gimmysmileys1.exe
others to be added

Facebook Twitter Email

This post has no tag

4 comments

  1. db says:

    March 13, 2006 at 11:51 pm (UTC 13 )

    People write viruses for the same reasons that people invent revolutionary technologies, find cures to diseases that afflict millions, and create beautiful music. Like most things there’s a light side and a dark side, and you don’t get one without the other. You can barely even separate them most of the time. I actually think this is a good thing, but you are most welcome to disagree on that point.

    I wonder, if you re-installed Windows for them just recently, how did they get a virus? I assume you did the usual things like Firefox, firewall, perhaps Tb etc. It would be interesting to hear where the holes are, so we can plug them on our own systems (or those thrust into our care). Cheers.

  2. Pete says:

    March 14, 2006 at 9:12 am (UTC 13 )

    You could perhaps make that argument about some hackers (whose aims are normally just to gain information and have fun (not to take systems down), but I find it hard to extend this to malicious virus writers.

    I think the downfall was that there system was SP1 and I didn’t have the SP2 update (and didn’t have the time to download it on dialup).

    All the norton protections were on, but I have a feeling that they installed some software that either installed or allowed the virus to get in (either an internet optimizer or toolbar both of which were on there but I hadn’t installed).

    What it comes down to is that my parents don’t really read error messages, and if they do, don’t think about them, or how they should answer them. I agonize over this, but don’t really think it’ll change.

    In the meantime, I’ve found another tool called hijackthis, which is supposed to be pretty good at killing malware. I’ll let you know how that goes.

  3. db says:

    March 14, 2006 at 10:46 pm (UTC 13 )

    I don’t have SP2, or any windows updates since 2001, so I daresay that’s not the problem. Maybe I’m just lucky :P I’ve come unstuck on that in the past but since I put up a firewall, never had a problem. In my experience, they are not worth the download and compatibility problems.

    If it makes you feel any better (perhaps worse), almost no users read or respond wisely to error messages. There’s a good reason, too: most error messages are wasting their time, or even if they’re not, mostly just confuse the user. At the end of the day, really a user should never get asked “would you like to install this software?” just because they, say, browsed to a webpage. It sounds a bit like they’ve been using IE, king of malware vectors.

  4. Pete says:

    March 15, 2006 at 8:23 am (UTC 13 )

    Yeah, a firewall would have been a good idea (I must have not initialised it when I did the reinstall). My only worry is that it might block their everyday use of the computer. For instance if the firewall blocked an email from sending for some reason, they wouldn’t know what to do, and my support services would be required. I’m generally reticent about implementing things that increase my support time.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>