Wednesday, April 10, 2013

Quick update on malware issues

What an eventful few weeks it has been... I'm currently still typing this out on my tablet while waiting to see if a scan in progress on the infected machine turns out any more obvious malware. It's quite fun watching the progress as I type this post, as severel of my other antivirus/malware apps seemed to have picked up on the scan currently in progress, and are having a jolly good time checking out what the competition is checking it seems (hehe ;)
Since my previous post, I've since tried running Microsoft Security Essentials on it - in the process finding and removing one nasty (a win32 autorun inf worm - which has now been dealt with - though the scan did end up taking some 12 hours to complete! While watching and waiting for this to complete, I came across quite a few hidden cache stashes hiding away which I was not aware of (these have been cleared too for good measure :). Finally, after dredging through the registry a few times, I also removed a few slightly dodgy looking things (most notably, a "Browser Help Object" registered as some " IESiteBlocker.NavFilter"). Phew! At least there was SOME obvious stuff lurking around :)

Even though the scans are coming back clear now, I'm pretty sure that the problems will actually come back if/when I reconnect the box to the interwebs again. As several have commented, it's likely there is still some more persistent rootkit present, as the malware that I've managed to turn up using these techniques really doesn't look like they could entirely cause the problems I was seeing, nor could the presence of more than one of these have been quite that straightforward!

After having had a bit more time to mull over the situation, it seems that to be truly clear, I'd have to practically copy off all my files (all several hundred gb, some of it dating back quite a few years), wipe the HD, then reinstall the OS, each and every one of the tools I love and use everyday, completely reconfigure each of these so that they now have the custom configs I spent years refining, and then finally restore the data. Then, and only then would I have "restored" a safe and clean setup of what I had before... The downsides though are that, in order to set back all that stuff would be akin to doing this on a new machine, just that now I'd still be on several years old tech, and possibly having lost some aspects of my old config which I'd forgotten/fudged up copying over.

Up till now, the aging specs of this box really wasn't such as big a problem as it might have been 10 years ago or even back in 2007 when I got this, as despite not exactly having the latest and greatest specs, it was still one of the best at the time I got it. Perhaps the only thing about the hardware I'd really miss looking at the options available currently would have to be the keyboard, as most these days don't have numpads (argh! number-row for number entry sucks bigtime IMO) and have all gone the way of those gap-toothed shallow-give Mac keyboards (I really hate the look and feel of those things!). Oh, and perhaps the number of useful ports on this thing (e.g. 2x USB on each side for a total of 4, firewire, svideo out, etc.). The sheer weight of it (your shoulders and back really know it after even a short walk, and your cardio after a stairclimb), the failing soundsystem (IIRC, the microphone has now been dead for a year), and the fading screen (replaced once already after it bugged out after a nasty jolt+fall in 2008, right in the middle of Grease Pencil development) though were perhaps legitimate reasons to consider starting to look for a replacement or successor. Indeed, for a few days late last year (perhaps in the middle of deadline rush), when it looked like the trackpad had died. Initially, there was a bit of shock and concern as I worried whether it was on the cusp of complete breakdown, when everything would start shutting off like that silently and immediately. (Incidentally, this incident made me realise just how much I actually used the trackpad - as a long distance, general purpose pointing and manipulation device, the mouse is better, but the trackpad is invaluable when writing code for quickly jumping up/down lines, and all around the immediate local area without having to rehome to grasp the mouse). Sigh... Perhaps this is the way it was meant to be. Otherwise, it's very likely that I'd still be using my trusty laptop for quite a while yet, since it is just such an optimal setup.


As for where I plan to go with all this: I'm currently trying to wipe all easily removable/existing malware from my laptop so that it is unlikely to pose any more immediate and/or serious threats to the safety of data I've currently got on this machine. Hopefully this will be enough to get things to a stable state that won't get much worse anytime soon (especially if I prevent the machine from connecting to the net, and hence letting any background rootkits broadcast or receive any further bad stuff), which should buy me time to keep using it for any non-critical offline dev/tinkering work, to slowly and safely backup all the data, and finally to source and commission a suitable successor.

While we're here, I'd like to hear about any suggestions for some reliable portable HD's and/or LiveCD's + tools which you've found nice to use for safely extracting data from a sleeping (i.e. unbooted os) machine.


In the meantime, I'll just keep trying to recover from that nasty bout of diarrahea/stomach pain/nausea/headaches which I got on Tuesday (the MSE detection happened overnight/earlier that day, and then I get struck down with *this*) which has still been causing a few residual quibbles. All in all, a very eventful few weeks indeed!

(PS. Just now the scan I'd been running has finished, and seems to have come out clean :)

1 comment:

  1. glad to hear some progress has been made on cleaning things up :-), feel better