Sunday, 22 June 2008

If I was googling for porn it would have made sense

I think I would rather have a virus myself than have a computer virus. There are few things in my life more frustrating than computer viruses. I tend to get a bad one every year or so, and each time I curse myself for not backing up my system and I wonder what files I would be losing if I have to reformat (family photos? eTax records? my year-long action research project?), before beginning the arduous process of scanning, googling, printing off removal instructions so that I can do things in safe mode, rebooting, rebooting, rebooting.

On Thursday I was googling "Viggo Mortensen Lore of the Rings" trying to locate some photography that Mr Mortensen took during the production of the Lord of the Rings trilogy. The collection was called Lore of the Rings as far as I could recall, but I wasn't sure if it was ever released as a book or if was just a magazine article. (Aha, after some more googling it seems that the collection of images were from his book SignLanguage, and perhaps 'Lore of the Rings' was an article about said book. Or maybe my mind conjured the memory out of nothing). (AHA! Found it! 'Lore of the Rings' was the title of an article from Flaunt magazine)

This was the image I was searching for, that had stuck in my brain for six years:
Eerie. I love it.

But in searching for it earlier this week I stumbled acorss dead links and expired domains. As usual, I had teatimer switched on. All of a sudden 10 registry change boxes appear, and I deny each one. My browser shuts down, my desktop disappears, my tool bar, my start bar, my task manager all disabled. All I have is a blue screen and some black command prompt boxes.

I reboot in safe mode and am able to get into windows explorer. I scan with spybot and find myself infected with over 2 dozen viruses, from smitfraud to zlob to virtumonde. Spybot is able to get rid of a few, I use SmitFraudFix to rid myself of a couple more, and use hijackthis to clear out most of the rest. (Note: hijackthis should never be used without caution. I know a little about what I am doing but what I do is still mostly trial and error. One of these days one of my errors might just destabilise my whole system. If you find yourself with viruses that you can't get rid of, get hijackthis, run a scan, and post you log to a support forum. They will tell you which files to delete. Proceed with caution.)

I had one problem that I couldn't get rid of: win32.tiny.abk. I googled around and found many people struggling with it but no clear answers on what to do. The only people reporting success were those who just gave in and reinstalled windows. I found a few pages of removal advice, but the directions involved deleting files that I didn't seem to have. I struggled with it for about 48 hours but I seem to have it beaten now.

What win32.tiny does is it uses your computer to mail out spam. You'll be able to tell because you internet will have slowed to a crawl. Port 25 is the email port, so disabling that is a good idea (I am still receiving email, but I haven't fully tested my ability to send email. I might have to unblock the port. I'm hoping that now that my computer is scanning clean it won't be a problem).
Gmer was very helpful, especially as the virus had disabled my registry editor. In safe mode I would start gmer, go into services and take note of any files displayed in red. I would then go to files, browse to these red entries, delete them, and then go back to services to delete the entry there. I used teatimer to block processes and registry changes, and then used the teatimer log to go into gmer to find these files for deletion. Eventually spybot was scanning clean and teatimer was not having to block anything.

Now I have learnt my lesson and am using Mozilla Firefox.

No comments: