Tuesday, March 17, 2009

Sick

My computer got infected by a virus sometime yesterday, and so far the unwelcome guest is really testing the limits of my hospitality. I was generous at first, giving it the lion's share of the CPU and tolerating its flurry of popups when the browser wasn't even open, but when the screen burst into flames I knew I'd had enough. I opened my Common Sense handbook and started taking what we lawyers call "countermeasures."

First I went online and downloaded some more viruses, hoping they'd somehow fight and cancel each other out, including the one I'm currently hosting. This totally didn't go according to plan. Somehow, they managed to find a common ground and united against me.

Then I downloaded three anti-virus/anti-spyware programs: avast!, AVG, and the fearsomely named Spybot - Search & Destroy.
Ad-Aware was already running on my computer, but the viruses had kidnapped its family so it wasn't to be trusted.

I started up all three at the same time, and once again, expectations were not met. These guys are as individualistic as it gets. Instead of doing their job, all they do is moan about not being compatible with your other anti-virus programs. I ended up having to run them sequentially.

Good news: Spybot Search & Destroy found 8 googolplex viruses, and destroyed them all. Avast! did a boot-time scan, and deleted everything on my computer that sounded suspicious and everything else that sounded a little too unsuspicious.
Bad news: absolutely nothing has changed from a user's perspective. The flurry of popups and the obnoxious CPU usage remain standing strong. Also, AVG failed completely. It just threw up its hands and crashed. Twice. And then it crashed during uninstall.
Good news: as soon as I turn off my Internet connection, my computer starts behaving reasonably sanely.
Bad news: without Internet, I will wither and die in 3 hours.

Ok, time for some more scanning. I'm starting to think I'm dealing with SkyNet or something. There's always the tried and true unplug-computer-then-throw-it-down-onto-an-uncarpeted-floor-and-stomp-on-it method, but I'm willing to wait another 15 minutes and see if these anti-virus/anti-anti-virus clowns can get the job done.

Ok, back from scanning. Results:

Avast! should be renamed to Pure Evil!. First of all, it starts on system startup, something I absolutely hate in a program. Usually, in this scenario, I'll Run msconfig and uncheck it under startup/services, but this didn't fly with avast!. I resorted to my trusted Spybot Search & Destroy to take care of the problem. Spybot is capable of detecting registry changes and asking you for confirmation or denial. Usually this looks something like "A program calling itself SlowPainfulDeathToYourComputer is requesting to add a value to your registry, would you like to allow the change?" Then you click Yes, and are successfully infected. Except this time I was being infected by my own anti-virus.

I did the usual, and went to msconfig. When I removed avast! from the startup queue, Spybot asked me if I was sure. There was no option for Hell Yes, so I settled for Yes. A split-second later, Spyboy tells me avast! tried to reenable avast! to start on system startup, do I want to allow this? I said No of course, and got the same message a split second later. Avast! was playing dirty! The next time the query came up, I said "Remember my decision" and was treated to a veritable battle of anti-virus software. Every second or so, Spybot would report to me about successfully thwarting another attempt by avast!. I watched this for a minute, then uninstalled avast! altogether. I wish it were that simple with viruses.

Ten minutes later, I'm in the same situation with my friendly nearby virus. I managed to track down one of its tentacles in the registry, and deleted the key. A second later, deja-vu:

"value added in registry for yigivoguvu, do you want to allow?"
"No. Remember my decision."

Now I'm enjoying the same "denied change" message flickering on my screen, except this time for "yigivoguvu," a random name picked by my latest malware resident, one apparently called Virtumonde. Hopefully Spybot can live up to its name and destroy it once and for all.
...
Ok, after some more unsuccessful attempts at getting rid of stuff with Spybot and manually, I downloaded 15 more anti-virus utilities, including Kaspersky, Webroot and Norton. Webroot was doing great, finding all these viruses on my computer and even freshening up the air in my room, but then it demanded $40 for the task of deleting all those viruses and I showed it to the door. Currently Kaspersky is doing his thing, we'll see if he's any more charitable. I'm starting to get sick of this though.

Funny:

Mark: lust caution
Mark: no martial arts
Mark: so u should be fine with it
Mario: they are too cautious for fighting?
Mario: lets fight!...woah, wait, we might get hurt

1 comment:

Anonymous said...

That's what you get for uninstalling VirusScan! It is a monarchy but as Plato put it: "VirusScan is a true philosopher king"!