2004-04-30 - 10:31 p.m.

more than you really wanted to know about my virus encounter

I got an email today with a .zip attachment. At the bottom of the email text, it said, "attachment - no virus found" and then listed the name of an anti-virus program.

Yeah right. Nice try.

For all my being careful and using safe computing practices and all that, last night I did get a virus. I had just run my daily virus scan at 7pm and there was nothing suspicious. But several hours later, suddenly one of the programs I was using just froze, and locked up my CD drive as a nice side effect. I couldn't even open the tray by pressing the eject button.

So I said some swears and did a restart. After what seemed like a really long time, the computer booted back up. Okay, there's my wallpaper... there's my task bar... there's my system tray... um... desktop icons? I used to have a bunch of them... hello? I clicked the start button, and when the menu creeeeeeeeaked open at the speed of mold growth, everything was still there. But no icons. Perhaps the band members on my wallpaper were feeling a bit crowded and did away with them... but maybe something worse. Not good.

So I did an actual shut down, then re-powered. Okay, slow as death, but everything started back up, and slowly, one by one, there were my icons. Better. However, they had brought with them a new friend - an .ini file on my desktop that was quite definitely there before. Uninvited .ini files - not good.

Opened up my anti-virus program's main console to see the date of the last time it had been updated. As soon as it opened, some unseen force aggressively closed it right back down. That happened twice. Not good.

Opened up IE to do a little research and see if I could find out what was up. Well, correction - I double-clicked on the IE icon. Zero happened.

Oookay. Opened up Opera instead. Why I don't use that as my primary browser is quite beyond me. The many ways it surpasses IE should be way more than enough to outweigh the few things I don't like about it. Inertia together with habit is a terrible combination.

Sure enough, they were talking about that .ini file I had, on many of the geekboards. Nothing that I can find on any of the antivirus sites though. So I read enough to figure out which people seemed to be blowhards who like to give clueless advice, and which ones actually knew their stuff. The general consensus amongst the good geeks was that the .ini came from an .exe (isn't that always the way) that had somehow gotten onto my system. The most-guessed-at source was that it was connected with spyware, but that's the catch-all explanation for everything these days. So where I got it is anyone's guess.

But what it does is just insidious and seriously annoying. The .exe file immediately begins to run. If you find it and stop it, it restarts itself randomly and usually immediately. Every so often it writes a copy of this .ini file somewhere onto your file structure. I'm lucky it threw one out on my desktop so soon - that's what alerted me. The result is that, to quote one site I found, "it reduces your available processing memory to almost nothing." Niiiiiiiiiice.

The fun part is trying to delete an .exe file that constantly restarts itself, since you can't delete it while it's running. They basically suggested you go into your processes, stop this one, and just keep stopping it until it stays stopped for a second. Pretty much you keep hitting the damn thing over the head until it stops getting up. Then while it's down, you delete it. I had to stop the stupid thing about 20 times.

Then you can see how many of the .ini files it bestowed upon you, and delete them. I hadn't had the virus very long, because I only had three. So I got rid of them.

Oh, and then IE finally opened. Gotta love Microsquish.

Then I quickly ran my praytogod.exe and hoped that I had put my faith in the correct geeks - and I shut down.

Started back up. Yay - Windows actually started! Yay again - there are my icons! I started my anti-virus program and it stayed open. Another good sign. Okay, so the program was updated a few days ago, and it checked for more updates to the program earlier that night. I tried looking for updates again - hey guess what, new program update. Downloaded that, installed, ran the check - no viruses found. Yeah well... could have still missed something, but best you can do.

And now that damn virus has wasted almost as much of your time as it did of mine. But at least you didn't have to play .exe-file whack-a-mole.

my mood -

the mood of the whole world wide bleepin' web -