Fast, Easy, Cheap: Pick One

Just some other blog about computers and programming

Pwned!

Well, I just spent most of the day reinstalling WindowsXP and my most used apps. Somehow my computer got some virus, and nothing I could do would remove it, so I had no other choice. Now, I am no stranger to virus infections. Having worked in IT for a number of years I’ve seen and cleaned my share of infected machines. I’ve never seen anything like this one before though…

It was, as for as I can tell, some weird amalgamation of BEAGLE and a number of other viruses. I could find no trace of it in any system directories with any of the scanners I used, and there was no sign anywhere of how it launched at startup. My theory is that it must have injected itself in to some system service executable. After booting, it would create a number of files and directories all over the computer, use them to launch more processes, and then attach itself in to explorer.exe running within a srvchost instance. Killing this and the other processes would make it appear to stop working.. but only for a while, every now and then the explorer.exe’s would return. Another nasty side-effect is that it deleted registry entries and files pertaining to the virus and spyware scanners on my computer, and would terminate any attempted runs of them. I used several online scanners like TrendMicro’s Housecall, but none were able to make headway.

I figured that even if I did appear to manage to clean most of it from my system somehow, I could never be sure, since it was so well hidden and distributed around the drive. So I just cut my losses and reinstalled…

It’s going to take a while to get my computer back up to where it was before, but at least this gives me an opportunity to reorganize my stuff.