« Coincidence
Halifax Harbour »

The perils of the dark side

So, if you are the sort of person who has a fair bit of interaction with the shady computer underworld–you know where to find a download of anything, or a way to find a crack or a serial number for anything, etc, it is almost unavoidable that at some point you’re going to step into the crap and run into a Trojan or a virus or something.

Not that I am such a person, of course.

On the other hand, I did just spend six hours de-virusing my laptop. This is the first time I’ve really had anything serious–and man, are those things tenacious these days: trojans that register themselves with WinLogon, kernel mode drivers to prevent you from altering the registry to unregister them, rootkits, hidden filesystems, alternate data streams, etc.

Man, I wish I could just work on Linux–just for the whole “not running everything as root” thing. (That being said, I am partly to blame for this, since I did kind of fail to uncheck the “run after unzipping” checkbox. Damn it.)

I have no idea how someone without a really deep nerd understanding of Windows, and a really good toolkit, would remove some of these things–all the standard removal tools failed and I had to do some deep magic by hand.

While I am now certain my machine is back to its pristine state, I am going to have nightmares about this. Not least about what’s going to happen when something like this hits my Mom and I have to try to resolve it over the phone.

Tags: ,,,

This entry was posted on Monday, November 12th, 2007 at 11:40 pm and is filed under Science and Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “The perils of the dark side”

  1. Biff Says:
    November 14th, 2007 at 11:14 am
    1

    This might not help you help your mom, but you should consider using VM’s for surfing questionable content. If something ‘bad’ happens, you just delete the VM, copy a fresh one and start again.
    Once you have satisfied yourself that whatever you downloaded is ok, move it to your normal working environment.

  2. Mr. McLaren Says:
    November 14th, 2007 at 2:07 pm
    2

    That’s a good idea, but probably too much work for the amount of evil I get into.

    The day-to-day stuff I have in place stops 100% of problems unless I do something dumb-assed. And since the threat model is “I am a dumb-ass” any scheme that requires me to know ahead of time that I’m engaging in a risky activity is kind of moot :)

    Still, I should put that on the list. Along with running a P4 server to version my personal files. I still need to get that set up.

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Quicktags:

The odds are very good that comments submitted with JavaScript turned off will be flagged as spam.