Friday, May 21, 2010

Virus Strikes Laptop, Gets Past eSet NOD32 - UPDATED

 
I've been hammered by a virus on my laptop. I'm blogging this from Stella's machine, which is on a separate network. Yes, I was doing everything right: WinXP fully patched, eSet NOD32 fully up-to-date. No, I didn't visit any pr0n sites or other "untoward" sites. The laptop is trashed and will probably have to be reformatted. My "backup" is in the cloud these days; I just hope everything is out there. If I'm away for a while, you'll know why. If not, it'll be because my desktop computer is unaffected... and I haven't turned it on recently, so I don't know. I hope this sucker does not hit your machine!

Oops. Please see my comments on the attached thread. It is not ESET NOD32's fault after all!
--------------------------------------------------------------------------------
UPDATE: Worse and worse. Both computers on my network are infected. (As noted before, Stella is on a separate network.) I am beginning to think the NOD32 expiration date was faked by the virus, and my new installation of NOD32 compromised in the install itself today; the date was not the one I had placed in my calendar. I don't know when I'll have regular access again; I'll probably borrow Stella's computer in the middle of the night occasionally. The virus is very thorough; e.g., it even blocks a command-prompt MAIL command... but PING works, proving that the internet connection att a low level is alive. I need to decide what to do next.

UPDATE: I'm back on the 'net with my ancient Ubuntu Linux computer, per Badtux's instructions. Now to install the latest Ubuntu 10.4 for Desktop and all associated s/w. This may blow me off the web again for a while, but it has to be done. See you soon, I hope.

UPDATE: Ubuntu Linux 10.04 Desktop is up and running. Most of the changes from the old version make it easier. I still have lots of exploring and installing to do. But at least I'm not stranded as I was before.

UPDATE: EVOLUTION sucks, and no, I'm not a creationist. This Evolution is the featured preinstalled email s/w in Ubuntu Linux 10.04, and I suppose it's not terrible, but today I replaced it with Mozilla Thunderbird, which is the companion to Mozilla Firefox. I've used Thunderbird for a while on Windows; it's a good interface. Now if I can just somehow import my address book from an old Outlook.pst file on a backup disk...

18 comments:

  1. Bummer. Do you happen to know the name of the virus? I was just wondering if Trend Micro knows about it.

    ReplyDelete
  2. No, fallenmonk, I don't know the particulars. Keyboard and mouse act "funny," crazy menu behavior, superfluous sounds, and of course the a/v web sites are completely inaccessible. At first, when the symptoms were fewer and more minor, I thought I had hardware problems; the computer is probably 4 years old. But no... it now behaves as a virus.

    Thanks for the Trend Micro recommendation. I looked there; none of their current listed threats match the behavior of this one.

    ReplyDelete
  3. Had one just recently that killed my laptop, but it just refused to see my hard drive. Nothing with noises and mouse antics.

    String them hackers up by their balls I say!

    ReplyDelete
  4. Ellroon, that was probably just a hard drive crash, unless a reinstall made it see your hard drive again. I had a hard drive crash that rendered my Macbook unbootable recently too, but I'm 101% certain that it wasn't a virus (Mac? Virus? Bwhahaha, that's like saying "flying cow"!). Rather, the fact that a 10 pound amp had fallen over onto my laptop while it was running probably had something to do with it ;).

    But back to Windows... if you use Windows to browse the Internet, you *will* get a virus. Period. The usual culprits: Adobe software (Acroread, Flash), or Java. These are so full of security holes that even if you have an up-to-date antivirus, you're likely to become toast. Switching to Google Chrome as your browser will reduce the frequency with which you become compromised (because of the way it firewalls things internally), but Windows is just inherently insecure, sigh.

    What to do? Well, if you can dual-boot Linux and use that for web browsing, that'll pretty much protect you. But that's a geek alternative. And of course if you're rich buying a Mac works well too, but not everybody can afford a Mac.

    - Badtux the Geeky Penguin

    ReplyDelete
  5. Firefox recently banned a Java update plug-in as a PITA, and Sun updated again two days later.

    So many sites use Java in one form or another that I suspect them.

    ReplyDelete
  6. Folks, I got it wrong. It wasn't ESET NOD32's fault. In over 3 years of running NOD32, I have not been hit by one single virus. And I wasn't this time, either: my NOD32 license was 4 days expired. My only complaint is that I never saw the notification popups.

    I have another NOD32 license from a retired (defunct) computer that has until 4 August left on it. I decided to see if I could apply that to the license on my desktop computer, which also expired. ESET generously allowed that, so I have a couple of months to get things in order.

    The laptop is still pretty well trashed. Such is life. But at least my "faith" in NOD32 is unshaken.

    I think I may resurrect my Linux box, also retired...

    (Heh. I just reached for the touchpad... ain't no such on this computer.)

    ReplyDelete
  7. My optimism above is unjustified. See the update to the main post. I'm afraid I may have gotten one of those new multi-vector viruses that come in via email, web, etc. and install a rootkit... those are very difficult to defeat, and they have a way of reappearing after you think they're gone. As Fallenmonk said... bummer.

    ReplyDelete
  8. I've taken Step 1 toward Badtux's recommendation: I revived my old Ubuntu Linux 2 (I think) and plan to apply the latest OS and other s/w. I'm back on the 'net again... sort of.

    ReplyDelete
  9. Thanks to good friend and technical wizard George B. who carried the machine back in from the garage and set it up, and just as significantly, figured out why our garage door opener wasn't working! :)

    ReplyDelete
  10. Ubuntu Linux 10.04 installed and running... but the restart displayed errors. The CD was good. Don't know what that means, but at least I seem to be up and running.

    ReplyDelete
  11. Steve, may be simply a hard drive crash. When the hard drive on my laptop crashed, the first symptom was that it started getting very... very... slow. Then accessing a specific file started locking up the system for the next couple of minutes as the hard drive frantically tried to read a sector that just wouldn't read. Then finally it just wouldn't boot altogether. Removing the drive and putting it into an external case proved it just wouldn't spin up, so I installed a new drive and restored off of backup. Of course since I have a Mac, and my Time Machine backup drive is plugged into the same hub as my keyboard and mouse, my backup was recent vintage, so it just worked(tm).

    I have some spare low-capacity hard drives (low-capacity defined as 120gb to 160gb) in either SATA or PATA, 3 1/4" or 2.5" form factor. If interested, email me with what you'd like. I know which box I just packed them into (I'm moving), and I'm never, ever, going to use them myself again, so... (shrug).

    ReplyDelete
  12. Badtux, that could be the cause; after all, this box is pretty old, and has spent about a year sitting literally out in the garage. (At least the garage is dry.) And the errors were sector read errors.

    I'll seriously consider your HD offer, but first I want to see if there are drivers for my WD external drive. I need better backup.

    ReplyDelete
  13. You remember your post from a few weeks ago about something messing with the cursor?

    That is strange enough that I wonder if that was the start point?

    If they messed with it, it could have been offset and had you agreeing to something when you thought you were closing the ad.

    I have a tendency to turn off my modem and shut down when I encounter something like that.

    Just a thought.

    ReplyDelete
  14. Good hindsight, Bryan! :-) I had the same thought last night. This thing has been around for a while, and it has played me like a violin.

    I had to fire up the laptop briefly last night... after shutting down all the other computers in the house... to retrieve a stored login ID (one of those damned numbers assigned by my mail provider, nothing memorable and not user-changeable) from a form in Firefox. (Yes, I had it backed up, even written down on paper... somewhere.) The laptop resisted all kinds of things; at one point, it inserted a bunch of garbage in a textbox, waited for me to delete it, then reinserted it. This virus may be a kid's prank after all.

    And so on. I got my login ID so I could get to my mail provider so I could set up one of my accounts in Evolution, which so far I don't like very much. It's as if they tried to make IMAP in Evolution as bad as it is in Outlook. Still, one account down; two to go. I may need to install Mozilla Thunderbird, which is what I used before. Sigh.

    But my attitude is beginning to sour. I want this behind me so I can deal with 1) household plumbing problems, 2) refrigerator problems, 3) "garage door key missing" problems (at least I got the remote opener working), Stella's stress problems, 5) another doc appointment, ...

    I could problem-solve until the cats come home. Sic: cats, not cows; Esther and the young Lily will be joining us here in about a week. Under other circumstances, I'd be delighted.

    ReplyDelete
  15. Spooks are trained in that sort of thing, Steve ;)

    Are Esther and Lily moving in, or merely boarding?

    ReplyDelete
  16. two cats! excellent!

    and welcome back to the web.

    ReplyDelete
  17. Bryan and hipparchia... Esther (approx. 1 year old) and Lily (her just-weaned daughter) are indeed coming to live with us. Esther had 5 kits, and Stella decided to take one so Esther will have a feline companion in our house. I know I'll love Esther, and I think I'll buy some gloves for handling Lily... :)

    ReplyDelete
  18. Bryan, on that old laptop at least, these spooks are made for balking... <grin />

    ReplyDelete

USING THIS PAGE TO LEAVE A COMMENT

• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes



(removed)