Thursday, June 05, 2008


I haven’t written in a while, and I had some very good reasons. Reasons that I won’t write about here because I haven’t made them up yet.

We got a virus on our computer at home, and it was a particularly nasty one. I was doing a deployment on Tuesday night, and Andrea called me around 9:00PM to tell me that we had it. When I got home at 12:30, she was still trying to get it off the computer; AVG wasn’t having any success. We were up until 1:30 trying to get it off, with no luck.

I was reading about it on the Internet. It’s some company that produces anti-virus software, and created this virus to drive people to them, to have it cleaned off. Every couple of minutes it would launch a browser, going to the company’s site; it changed Andrea’s desktop to some horrible red page, saying that our computer is infected, and to clean it we should “click here”; it created little icons in the taskbar, emulating Windows Security Centre, saying that our computer was infected with malware. Very intrusive. And all of the instructions I read didn’t work: I was told to remove a particular directory, but the directory didn’t exist; I was told to go to Task Manager, to shut down the process, but the virus disabled Task Manager; I was told to remove certain registry entries, but the virus disabled the registry editor(s).

We shut off the computer and went to bed, and then on Wednesday I got an email (and a phone call) from our ISP, telling us that one of our computers had been sending out a bunch of spam emails, meaning that we probably had a virus, and if we didn’t get the virus cleaned off within forty-eight hours, they’d shut down our service.

Finally I had to do the following:

  1. Reboot the computer in Safe Mode (without networking)
  2. Run AVG again. This time it was able to clean the virus, because in Safe Mode, the virus wasn’t active
  3. Do a System Restore, to fix the Windows DLLs that the virus had modified
That seems to have done the trick.

Luckily, I talked to the people at our ISP’s Tech Support, and they indicated that the emails our computer was trying to send didn’t actually get anywhere; the ISP caught them and stopped them. So it’s not like all the people in our address books got these emails. That would have been embarrassing.

My faith in AVG was starting to wane, when it couldn’t initially clean the virus off, but it was restored when AVG was able to do it in Safe Mode.


Anonymous said...

"We were up until 1:30 trying to get it off, with no luck."


That is all.