Saved by firefox and Ubuntu
One of the dangers and annoyances of using windows is the ever present threat of viruses, malware, spyware and such junk. And I manage to get one every 6 months or so. This time i had to use IE for a web site and it managed to get a very clever virus on the machine. The trend av software can point to the DLL but can't remove it or quarantine it. And of course you can't remove it manually, even in safe mode command prompt. I couldn't even unregister the DLL. Removing most of the entries in the registry is easy but some keep coming back and i've combed through and can't find where it is hiding the re-entry point - it seems to have attached itself to windows logon, a process that can't be shut down without rebooting.
I can take the process out of the registry startup list and remove the notify entry from the windows NT logon entry but the thing keeps recreating helpers all over the place. Clever but evil.
I removed the machine from the network while it stews. Kind of funny to watch the anti virus software keep spinning and reporting i have a virus while suggesting i delete the file! dumb and dumber, and me dumb for paying $$$ for anti virus software in the first place...
Anyway this is not a disaster as all the files are not stored on the machine, just the OS - which can be re-installed (the usual xp fix). However, the most useful stuff these days is in the web browser but since i use firefox with the FEBE extension i just exported all my data out to a usb stick and brought it to the old compaq evo dual p3 machine that used to be a server. Restored the data to firefox and we are productive again.
However, the loss to time to windows folly is very annoying - if i did not have to keep a windows machine around for work-related tasks it would be gone immediately.
The solution to the very pesky virus was to pull the hard drive out of the machine, put in in a portable drive case and hook it to the Ubuntu machine. It mounted the NTFS partition on the desktop and i went in and deleted the offending .DLL that was attached to winlogon and then deleted the copies it placed in the system restore folders (which windows let it do - but would not let me delete) and deleted the files in placed in a .username hidden folder. Once everything was deleted i returned the drive to the original machine and restarted up in safe mode and ran regedit and deleted the last remaining entries.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment