Monday, November 24, 2008

A Pestilential Plague

Now, don't run away. You can't catch the cooties through your internet browser, or at least that's what my hubby says. Not that I completely agree. After all, it was a simple search and innocent click on a site that professed to offer some song lyrics that triggered it all. But the infection may have been residing for long in some innocuous email that was in my inbox, waiting for the magic key that opened the Pandora's box to my internet browser.

Weird popups of unmentionable human parts, that I frantically clicked on the little X to get rid of, advertisements advising me that my PC was infected and needed their services pronto to get rid of the infestation, then poltergeisty happenings on my PC such as ghostly openings of the CD tray, excessive hard disk accesses. Yikes, my PC is possessed! Call in the Ghostbusters!

After a fair amount of head-scratching and cautious readings of Wikipedia, runnings and rerunnings of my antiviral and antispyware software, I've come to the conclusion that it's much easier to find a needle in a haystack than to catch a Trojan that hides/changes its name and lurks in your c:/windows/system32 folder.

I only think that the bug has gone away, when it jumps up again, showing up as different weirdly named files on my system. I can watch the shenanigans, but can't delete these completely no matter how hard I try. "Out damned spot" say I, a latter day Lady Macbeth. Alas, the spot will not out.

I'm still hopeful that a fancy new update of my antiviral and antispyware software will come out any day now and deal with the Trojan like a providential St.George slaying the dragon (Please pardon all the overdose on mixed metaphors, that's what happens to one's brain out of sheer boredom when all I've been seeing on screen for the last few days is the never ending hunt for Spybot Search and Destroy's nemesis.)

Failing that, I will have no option but radical surgery, cut off the offending part by reformatting the disk and reinstalling my operating system and other applications. It's 'hard werk' but I'm prepared to do it for the benefit of the country and the world at large.


Lekhni said...

Hmm..I use ZoneAlarm and AVG Antivirus-cum-antispyware to make sure nothing gets in and every site I visit is checked. They sometimes need a little hand-holding (although you can change that if you like) but they are very effective - and free.

Spybot is good, but try cleaning with 2 or 3 antispyware to make sure it's gone. CNET's has all the reviews of what software is good.

Sujatha said...

I'm using a combination of Symantec AntiVirus Suite and Spybot and between the most recent updates, they seem to be doing a better job of catching and quarantining whatever the trojan is generating. I just keep updating it frequently (as in every 12 hours, if an update is available.) My browser has been popup free for a couple of days now, and I've since updated the browser and the Java version as well, since that eliminates the chance for the trojan to use an older version of Java to take over.
Right now, I'm in a cautious 'Think it's gone' mode. I'll try ZoneAlarm and AVG if it shows up again.

Lekhni said...

Symantec and Spybot are great. But you'll still need Zonealarm. I was using Symantec until last month and there were still intrusions that ZA was blocking. Also, if you use Firefox, get the NoScript addon.

Amit said...

If you're using Firefox, there's AdBlock and NoScript add-ons which take care of all the usual pop-up irritants as well as graphic ads within a website. Not sure if the trojan will be defeated by them, but if it's affecting net surfing, it's worth a shot.

Sujatha said...

Lekhni, Amit: Thanks for the suggestions. I've added the NoScript add-on (already have been using AdBlock), so that helps take care of pages landed on while Googling.

The trojan appears to be gone right now: many of its artefacts are still quarantined, but maybe I will try out ZA to see if it can help get rid of those. Do you know if any conflicts could occur with a ZA installation on a Symantec auto-protected machine? Should I deinstall one to install the other?