Sunday, May 22, 2011

Infectious Behavior

I have two computers, both of them antiquated. One is really old — say, an 1893 Duryea — while the other is merely obsolescent, maybe a 1918 Model A.

Bacteriophage #2One of the reasons I’ve been out of action most of the day today is that my newer computer picked up a social disease from the internet last night. The virus — I believe it’s called a “trojan horse” — was first launched on May 13, and is currently listed in Microsoft’s virus library, but the MS security on my machine somehow let one copy of it through, while catching and removing two additional copies.

The demon virus immediately disabled all virus protection on the machine, hijacked XP’s security software, and began masquerading as a virus warning, as if it were the XP anti-virus program. I’ve heard of these evil bugs, so I knew immediately what had happened, but I had no idea how to get rid of it.

Fortunately the future Baron has been through the same ordeal himself, and knew exactly what had to be done. It took about an hour of phone consultation this morning to go through the intitial steps: I had to download a couple of pieces of software using my Duryea, and then reboot the Model A in safe mode to execute them. After that came about seven hours of scanning and cleaning, and now the old girl is cranked up and chugging away just like new.

It wasn’t all that difficult, but it certainly was tedious and time-consuming. Hence my absence from normalcy all day.

As a matter of interest, I’m pretty sure I picked up the bug while I was looking for photos using a Google image search. That can be a risky activity, because if I see the sort of image I want — these days, often a “Camp of the Saints” photo — I have to open a page with the target website in a frame along with the thumbnail. Sometimes these sites are places that I would not normally visit, and act as malware distributors. This can happen even to geezers like me who are looking for relatively innocuous images, and not pr0n or Michael Jackson.

I search for new images several times a day, so all this is just a hazard of the trade. Next time, at least, I’ll know in advance how to correct this type of infection — thanks to the future Baron, whose college education has served him well.


The Universal Spectator said...

Buy a Mac. :-)

GeoffNewbury said...

Since you seem to revel in the fact that your computers predate the abacus, I cannot tell if you have another machine which you can dedicate to a particular use, or whether you are exaggerating the senility of your hardware. But one reasonably simple router to avoiding the sort of problem you describe, is to do your image searching from a linux based computer, which is immune to those sorts of trojans.

Two simple methods:
One, use a separate machine with linux installed or one of your usual boxes, booted to a live CD linux distro. A live distro runs from the CD and makes NO use of the hard drive. Removable storage can be a USB stick, from which you retrieve your image later. Most major linux distros provide a live cd version for download and burning of the iso image to a cd. Insert and boot.

Or, set up and run a virtual environment, whereby you install and run a linux client install using virtualbox or similar, *inside* but sandboxed from the windows host. The linux distro then exists as a 10G or so file space with no knowledge or or ability to interact with the host OS, except for the file shares which you allow. Again, no route for trojans.
Virtualization is a little more complex to set up, but faster to use once created. google 'virtualbox'

And both of these routes involve installing linux, which is FREE except for the time required to learn how to do it. And Firefox is the same on both platforms for image searches.

D@rLin|{ said...

Mac is NOT immune to that.Past are the safe days ...

DismalDave said...

When your PCs are fixed (or when you get a new) create a new User ID without Administrator privileges, change the password on the Administrator ID to something very secure (upper/lower case, numbers & a special character).

Nothing can install without Administrator rights, don't agree unless you decided to install something.

nimbus said...

Had that horrible virus myself recently. Reboot computer in safe mode (F8 repeatedly), and then run virus scan and system restore. Try more than once if first time doesn't work.

Alara said...

I do hope that "MS security" is not your only anti-virus defence and that, given the work that you do, the computers are firewalled and spyware-proofed as well!

kepiblanc said...

I agree wholehartedly with GeoffNewbury. Especially in this line of busyness, where security is paramount. Running a website like GoV on a Windows-box - and thus opening all doors and windows to random bypassers - is beyond risky. It's an invitation to Jihadist all over the planet: "come inside, please, and have a look at all our contacts, contributors and associates!".
Dear Baron, install Linux ASAP!

Hesperado said...

"I picked up the bug while I was looking for photos using a Google image search. That can be a risky activity, because if I see the sort of image I want — these days, often a “Camp of the Saints” photo — I have to open a page with the target website in a frame along with the thumbnail. Sometimes these sites are places that I would not normally visit, and act as malware distributors."

If you don't click the link that actually takes you to that website from which the image derives, but simply click "see full size image", it seems that would bypass that problem. Perhaps.

Baron Bodissey said...

Hesperado --

Unfortunately, that option is not available, as far as I can tell. To view the full-size image, you have to access a page that loads the target website in the background.

I'm going to peer more carefully at the URLs from now on when google displays them.

GeoffNewbury said...

You cannot tell from the URL! The URL can be what you expect, but the CONTENTS of the page can run obfuscated javascript (or other equivalents) which downloads the bad stuff and installs it. There may be a couple of layers of indirection and obfuscation involved including encryption of the script!
But these animals basically only exist for Winblow$ and Mac boxes.

wolf said...

The Universal Spectator is right, get a MAC! I have owned macs since 1991 and never have gotten a virus. I do have NetBarrier for a fire wall because I have cable internet and have had only 4 attempts to break in that NetBarrier stopped. I even purchased a mac clone a UMac that I still use up in Pinetop as a game machine for my kids and now my grand kids. is a great place to look for a mac, has all the specs you will ever need.I have the power mac G4/800 quick silver from 2002 and it still runs great. I would suggest a mac mini and a 4 port USB hub, takes up almost no space on your desk. Just remember if you get a Power PC based mac to run your windows apps you will need the latest version of Virtual PC for mac. If you get an intel based mac you should have boot camp that came with it to run your windows apps. OR go on EBay and get inexpensive mac apps - that's what I do.

D@rLinI is also right, I rarely but sometimes get the same message, If I can't back out to the previous page I just quit out of safari or firefox and restart the app and the problem is gone. My daughter has a Dell and got the same virus, she was on the phone with microsoft for 2 hours finally some how they helped her go back a few days and boot her system on that day and the problem was gone but so was a few days of her school work.

ib said...

Much to my surprise my Mac picked up the same Trojan Horse virus.I thought I had all the security bells & whistles but apparently not. Norton didn't prevent it, it only detected it after I decided to run a virus scan. Had to call the Norton people to rid me of it because it wouldn't be cleansed.

A few weeks later I contracted another Trojan, less deadly than the first. My computer has not been the same since the virus.

For over 10 years I have never had a virus with a Mac but those days are gone, especially if you visit counter-jihad sites. Be careful out there.