Monday, August 31, 2009

Fire for Fighting

Something's been wrong with my desktop computer over the past couple of days, and all of the symptoms were there. For one, the system wouldn't shut down properly — something would always interrupt the shutdown and ask me to terminate a running process. On top of that, anything that I downloaded — however small it was — would inevitably run into connection issues. But when I realized that my Google searches were being redirected to completely different (and ad-laden) sites, I realized that I had a problem.

My ability to make completely useless distinctions automatically told me that I was dealing with some malware here. There was something in the system, all right, but it wasn't necessarily a virus — a virus, after all, implies a payload of some sort; it's supposed to do something bad to your computer. Plain old adware normally puts a lot of pop-up ads on your computer, which wasn't the case, so I figured that whatever was in my system had been created for far more insidious purposes. Like, say, password thievery or backdoor hacking.

The first thing I did, then, was to enter my symptoms into a search engine (watching out for the redirection, of course) and figure out what I was dealing with. Yes, it was malware. Yes, it was a password stealer, with security compromisation on the side. Yes, it was a strain that was difficult to remove, which I was to find out later.

Most of the sites I visited recommended a single piece of free software which I could download, install, and run... and that's what I did. So I just sat back, waited patiently for the slower-than-usual download to finish, then double-clicked the handy little Windows icon and watched it do its stuff.

Except that it didn't. The silly thing wouldn't install.

I hit the internet forums again and noted that some of the more recent strains of malware were advanced enough to prevent corrective software from functioning... which was just great, really. I've run into enough malicious code in my life to know that this thing wouldn't be deleted easily; I just had to find the right combination of moves that would defeat it.

After a few attempts at booting and rebooting, I found out that I could run the antivirus installation as long as 1) I changed the name of the installation file, and 2) I performed the installation shortly after I booted up the computer. (I can only assume that it took the malware a while to figure out what I was doing.) The installation turned out successful, although it ran into a problem near the end... which I took as a sign that my digital interloper was trying to fight back.

Chortling to myself, I got the software to scan my computer, and after an hour's work, it easily identified the source of all my woes. Gotcha, sucker.

Cleaning it took all of ten minutes, after which I did what I normally do after a good cleaning session — I restarted the computer and ran the scan again. At this point, however, I ran into the bad news: The second scan indicated that the files were still there... which meant that the bad code was either resisting removal, or reconstituting itself in some way.

I cleared the harmful files again and ran the scan without rebooting. This one told me that the threat had been removed. After a skeptical restart-and-rescan, however, I was told that the malware was still present in my system. I guess there was some sort of method by which it was rebuilding itself, then.

Fortunately, by this time, I was able to put a name to my imaginary little opponent. I could identify a couple of primary component files, as well as three or four supplementary files that were written in random ten-character filename strings, presumably to evade detection. In short, I had a fair idea of where the problem was coming from, and the only question involved killing the stupid thing.

At that point, I fell back on my recovery console — this little backup tool that allows me to get into the operating system without running any of the files there. A few nerve-wracking minutes later, I was looking at the obnoxious little buggers from the safety of my digital crawlspace, and manually zapping them one by one.

From there, I restarted the computer and ran one final scan. This one gave me no issues whatsoever.

I don't remember when I started fighting these sorts of things, but I feel as though I've done a whole lot for someone who doesn't even have in-depth experience in this sort of firefighting. I figure that it's because of the wide range of tools that we have available for our convenience nowadays — any person with at least half a brain for technical analysis would probably be able to combat these things in their spare time.

In that sense, it brings to mind a question that someone asked me once... something about why I never seemed to write about things like computer viruses in my few sci-fi stories. If only that person knew about what strange, real-world experiences I've had in that regard...

No comments: