Saturday, March 07, 2009

Unscheduled Downtime

I'm finally emerging from virus purgatory, actually trojan purgatory. McAfee Antivirus, ComboFix, Windows Defender, SpySweeper - even manually deleting files - nothing was getting rid of this. Every time I rebooted, my virus scan was deleting and quarantining even more files than it had the last time I ran it ... when it told me I was clean!

I was infected by reading a food blog.1 No downloading (that I knew), no opening attachments. These things are getting insidious.

The nasty culprit was: NTOSKRNL-HOOK. ComboFix (not the others) was successful in getting rid of that, but it left UAC files that multiplied each time I restarted.

Now I'm clean, if lean. I had to reformat my hard drive (first learn how to change boot priority), reinstall the operating system (Windows), and load programs back - individually, from original installation discs. Still updating them with years of Automatic Updates. What an amazingly unjustified sense of security I had.

I'll leave you with a photo of what I've been looking at the last several days:

________
1 My blog is clean.
Photo: Bix

4 comments:

Angela and Melinda said...

Wow, that is awful, Bix--and then there are viruses in food too! Just for future reference, how can you know which blog infected your computer?

Bix said...

I started to get a lot of false warning messages while I was on the blog, e.g. GoogleUpdate not working (it was, but at the time I didn't know that). I also got spyware warnings. There was literally a flurry of messages popping up on my monitor.

Another symptom was immediate inability to visit other web pages ("Forbidden" or "Cannot Access"), or worse, it was redirecting webpages. I'd go to CNN and some bogus site selling real estate came up.

I couldn't run executable files. I couldn't download executable files. (I had to download ComboFix from another computer and install it on mine. Even then it wouldn't execute.) I couldn't even see cache's of web pages that had any of the words "virus" "trojan" "NTOSKRNL-HOOK" etc. on them.

It's a horrible feeling.

Anonymous said...

I know what you have been through. About a month ago one of my computer had a similar virus. I ended up re-installing Windows too. I was lucky that I had recently backed-up my data. I was also fortunate that the IT guy at work help me.

I'm glad you're back online.

Bix said...

Thanks, RB. Sorry to hear you had to clean-sweep too. It's not fun.

I have to say ... I was lucky that I had a recent back-up of everything too ... my email, my documents, & my food pics!