Tuesday, November 10, 2009

Virus attack!

In case you're wondering why I've gone silent again, this time it was Win32.Virut.56. I honestly thought it was under control - in the twenty-five years I've worked with computers, I have never been bested by a virus or hacker before; over the five or so times I've encountered them, I've been able to figure out the means of entry and seal everything off, root it out, and enjoy another year or two of bother-free existence.

The full blow-by-blow is probably less than exciting, but suffice it to say that I shot myself in the foot with a thumb drive I took myself from an infected machine and only realized about 0.05 seconds too late how colossally stupid I'd been - I saw the drive infect my laptop. I was up until 4am that night researching and whacking, mostly with Dr. Web, a marvelous tool that almost did the trick in combination with Comodo Internet Security and Malwarebytes scanner. The next day I tried Dr. Web Live CD (it boots into Linux and removes Virut while Virut can't infect more files) and honestly thought I'd beat it.

Today, though, after three days of lost work, I broke down and bought two new computers. One is a new Windows desktop, and the other is now a Linux box currently working on pulling the files off my infected drives in a safe, non-Windows environment. I'm actually going to have to wipe my dear old laptop; it finally just ... stopped booting. Yesterday. Nothing more I could do for it. I can start it up on a Linux rescue disk and copy the files onto an external drive, but Windows has left the building.

About two hours before the end, I realized that although things looked superficially calm, my machine was actually and literally on one of the Russian botnets. It was phoning home to St. Petersburg and the Ukraine as I watched it, downloading and spawning new viruses as fast as my new blocking software could stop them. Finally, after one scan-and-reboot to remove the quarantined files, the machine started hitting the blue screen of death during every boot cycle. Windows had self-destructed. I am almost 100% certain the Russians did this on purpose to make it impossible to deconstruct the botnet code. Not personally, of course - but I think it's one of their preprogrammed failure modes if an owned node starts getting too "smart".


But I did get a sweet new machine out of it. Two, really. My wife said if I wanted a new office setup for my birthday, I could have just asked. Ha! Also, it was fun in a horrible, high-stress, panic-laden way. So I can't say it was altogether a negative experience.

That said, I'm looking forward to getting back to nice, safe plaster, although the whole dining-room-by-Thanksgiving thing is looking way less probable now. Thank Pyotr and Dmitri if you see them.


  1. Where was the machine that infected your thumb drive? If it was, frex, a library computer, shouldn't you warn them?

  2. It was my daughter's laptop. I probably would have been a lot more vigilant had it been outside the house - weird, but one of those psychological quirks that always lead fallible humankind astray.

  3. The colossality of the stupidity, you see, was not that I used a thumb drive from a machine which later proved to be infected. It was that I knew it was infected in advance, used the thumb drive to put some files from my machine onto the infected machine, then had a second thought and wanted to do that again - which entailed plugging the thumb drive, now tainted, back into my own machine.

  4. I just wiped my old laptop. I'd used it continuously since 2006; actually zapping the OS made me so nervous I felt physically sick. It's like having a house so infested with termites and rats that you have to torch it as you leave.

  5. Just got my bookmarks and typing accelerators transferred off the old machine. I'm feeling more like myself now.