And I’m almost ashamed to admit it. My various Win XP installs have been virus free for about 7 years now, but now the streak has finally been broken. The strange thing is, I’m still not entirely sure how, or where, my computer got infected.
I’ve looked back on the events that have led up to this unfortunate incident, and I have pieced together what I think has happened, which I present to you below.
Two nights ago I was browsing the net with Google’s Chrome. I had a few tabs open, and I was bouncing back and forth between them. In one of them I was working on downloading a file from a file-sharing site, kind of like RapidShare, but not quite as official (if you can call RapidShare “official” by any stretch). I had jumped through all the rings, skipping two ads and waiting 60 seconds for the download link to appear. Once the link was ready, I began downloading (it was a RAR file).
About 5 minutes later, while the RAR file was still downloading, I noticed that I had left the tab open with the file share site on it. With no reason to keep it open, I switched to it to close it, but as soon as I selected it, Chrome became unresponsive. Not wanting to cancel my downloading file, I let the program sit, hoping that whatever was slowing down that page would resolve itself. After a minute or two, the tab finally showed up, but the whole browser was acting slow and slightly unresponsive, so I closed out that tab and a few others that I wasn’t using anymore.
I turned away from the computer for a second to look at something, but out of the corner of my eye I saw the screen change. I looked back at the display, and it took me a moment to realize that Chrome wasn’t on the screen anymore – not in a window or on the taskbar. So I opened it back up, and began trying to restore the tabs I had open. About 30 seconds into this, all of my tabs (even those that had already loaded and stopped), switched to show the Chrome error page. A minute later Chrome disappeared from my screen again with no warning or error message. Opening the program again resulted in a similar outcome.
By this time, it had gotten pretty late, so I attributed this to Chrome’s beta status, turned off the computer, and went to sleep.The next day I got home from work and fired up the computer again. I browsed around the web a little, got up to go eat dinner with my girlfriend, and later came back to the computer to play some games. I noticed that FireFox (my default browser) had opened a window in the background – an ad for some idiotic anti-virus program. I assumed I had overlooked it from using FireFox earlier in the evening, and closed it. A minute later it was back, and this time I was sure that I hadn’t initiated it’s arrival.
My troubles with Chrome the night before came back to me, and instantly, I suspected something might be wrong.A quick look through the computer’s running processes yielded nothing. Everything that was supposed to be running was. I checked the startup folder in the Start Menu; still nothing.
Finally, I opened up msconfig to check and see if anything had been added to my list of boot items. Sure enough, there were four oddly named dll’s there that I did not recognize. I unchecked their boxes so they wouldn’t be run when my computer started, and immediately went hunting for information on the problem.
I found out that my computer was infected with a few pieces of malware, all of the same origin, and all of which had a nasty habit of renaming themselves and latching onto legitimate processes to run. I wasn’t entirely sure if their only function was to show me anti-virus ads however, so I figured the best course of action would be to remove the infection and then re-install Windows, just to be safe.
I tried to start up AdAware, but after waiting a few seconds, a cryptic error message appeared on the screen about a server error, and the program refused to load. So I looked up NOD32, an anti-virus program which I’ve heard Leo LaPorte rave about on his “The Tech Guy” radio show, installed it, and ran it. 10 minutes later, after I’d watched the program cycle through all the known areas of the infection, the program reported that it had found nothing. Lame.
A quick Google search returned a few more promising pieces of software; upon further investigation, I decided to try out a program called Anti-Malware by Malware Bytes. This program zipped through my drive and found about 14 infected files and registry entries. I quarantined and deleted all of these, restarted, and ran the program again. The second search turned up nothing. I checked msconfig and my processes list for similar results. I made a mental note that I should purchase the full version of Anti-Malware when this was all over with, as a token of my thanks.
With that, the pre-re-install process began: check, backup, delete, and restore. I checked the software on my computer to make sure I had all the install files I needed and read up on how to properly save my email and saved games. I copied everything from my main hard drive to the (much larger) second hard drive. I uninstalled everything that pointed to files on the second drive, and then rebooted with my trusty Windows XP disc in the tray.
About 30 minutes later I found myself staring blankly at the rolling green hills of the default Windows XP wallpaper. I turned off the machine and went to sleep.
Now it’s time for me to get all my programs, games, and files back in their rightful places – just what I wanted to do this weekend.
Thanks malware. Thanks a lot.