?

Log in

No account? Create an account

Previous Entry | Next Entry

PSA: virus alert

Last night, I was testing links to various SF magazines, and some time during those clickings I downloaded a file called "check.exe" that wrecked my operating system and prevented it from rebooting once I realized what was going on. Awesome.

I'm not sure where it came from, but these are the sites I suspect: the old DNA Publications page (now dead) and SyFy's website. I suggest staying away from those until I figure out where it came from - if you work at SyFy.com, I suggest you check for malicious advertisements posted last night.

While I was searching for the old SciFiction site, I noticed my drive crunching along as I downloaded the virus, and soon I was unable to launch Task Manager. I hurriedly disconnected from the internet (the hard way, by killing the router, because I couldn't stop any programs), then ran msconfig to see what had added itself to the startup programs, where I found the file(s) and that they had downloaded during the time I suspected. After deleting them and forcing a hard shutdown (it wouldn't restart as usual, of course), that was it for booting the OS.

Great timing: I was working on several files that need to be done ASAP, so of course I hadn't backed them up yet.

Now I need to figure out how to grab those files off the laptop hard drive. Anyone know if a laptop drive can be daisy-chained to a desktop drive array? Or if that's a smart idea? Should I instead try reloading Windows?

Well, I'm not too pissed, because this is the first virus I've gotten since Windows 98....

Don't know if I've mentioned lately, but Hell hath a special spot for malicious hackers, where they have to go line-by-line through the operating systems they've infected, and make those OSes inpenetrable. While Satan himself randomly hacks the machines they're using. They're told they get to leave as soon as they're done, giving them hope. Which of course is an impossible task.

PS: Oh, and on Saturday, I discovered that someone hacked my credit card and tried to order from the Apple Store and Skype. US Bank noticed right away and blocked those transactions. Wow, modern banking AI is incredible.

Chris

Comments

( 19 comments — Leave a comment )
(Deleted comment)
mckitterick
May. 3rd, 2010 06:41 pm (UTC)
Eeek, that's just creepy. I don't use IRC programs - wonder how it got on my drive?

I'll be careful. Thanks!
mckitterick
May. 3rd, 2010 06:43 pm (UTC)
Say, if I deleted those files and folders where the viruses were, is it safe to try to restore the OS using a CD, or would that only give the virus another chance?
(Deleted comment)
tully01
May. 3rd, 2010 06:29 pm (UTC)
What tanuki_green said. Get a USB laptop HD enclosure. And yank the sucker if it tries to auto-execute anything on plugin/powerup.

Also, don't automatically assume that the virus was planted the day it manifested in system lockup. Coulda been there a while, quietly stealing info, and otherwise "sleeping" with an autodestruct timer function ("initiate autodestruct virus X hours/days after forwarding data dump to hacker"). Or even a callback function that would initiate autodestruct once it got a signal that charges using the stolen info had been denied. Your hacked card incident is somewhat suggestive in that regard.

And people think I'm parnoid about not installing "chat" programs on my household computers.
mckitterick
May. 3rd, 2010 06:39 pm (UTC)
Geez, that's creepy. The only online purchases I've made lately were at Newegg.com and Hayneedle.com - oh, and PayPal - didn't install anything except security updates.

Any news if those sites have been hacked?
geekmom
May. 3rd, 2010 07:12 pm (UTC)
If it keylogged the info from your end, they wouldn't need to hack Newegg to get your CC #.
tully01
May. 3rd, 2010 07:13 pm (UTC)
The two different things may have no relation, it's the time proximity that's suggestive. But yeah, there are some sophisticated stealth Trojans that could do things like that.

We worry so much about sites being hacked, but it also could've just been an employee with larceny in their soul who scribbled the number down and passed it on. Somehow your number got out, fortunately it was contained before the damage got ugly.

With just a teeny bit of luck your HD is recoverable, or at least the files on it can be saved. Most likely it'll need a full AV sweep and an OS reinstall to be usable again in the laptop. Not a bad idea to get an external HD and a cloning program, and run it occasionally.
mckitterick
May. 4th, 2010 03:34 pm (UTC)
Yeah, it's like shoplifting: When I was a retail manager in college, we were taught that 90% of it comes from employees. I expect those same employees aren't totally ethical with credit-card receipts.

Looks like the files are recoverable, yay!
ryltar
May. 3rd, 2010 06:36 pm (UTC)
I've got a linux machine that I don't mind risking for a crash (it has a shattered screen, so it is not used much anyway). If you want, it can be used to extract the files and/or scan/fix the file structure.

I've also got a box that works for most laptop hdds that I've seen so far. The drive I use in it is 2.8in X 3.9in X 0.4in. It uses a ATA-100 interface to link to the HDD and a USB to link to the computer.

You are welcome to try both if you like. Just let me know.
mckitterick
May. 3rd, 2010 06:45 pm (UTC)
That would be awesome, thanks! Could I swing by your place, say, now-ish?
mckitterick
May. 3rd, 2010 09:30 pm (UTC)
Thanks, Matt!

PS: This wonderful fellow helped me dig up those files I was working on by using a beat-up computer with a Linux install (thus not susceptible to the same viruses). I'm thinking of keeping one of those around for similar purposes ;-)
tully01
May. 4th, 2010 03:25 pm (UTC)
Yay! Now, to scan, eradicate, and reconstruct...
jjschwabach
May. 3rd, 2010 10:13 pm (UTC)
Thanks for the alert. It makes me think that my old, out-of-date virus software that keeps whining to be updated, should be.
mckitterick
May. 4th, 2010 03:02 pm (UTC)
For sure!
professormass
May. 4th, 2010 01:35 pm (UTC)
Chris, on the Linuxy goodness -- all you really need to keep around is a copy of an Ubuntu Live CD (downloadable from Ubuntu.com) -- it'll let you boot into a damaged system, and load Linux from the CD-ROM. From there, you can setup network connections or use a USB flash drive to download your files.

It's so useful that I just keep one in my backpack, in case of such an emergency...because when you're computer-y, it's like being a doctor. "Hey, man...how's it going? Long time, no chat. Kid good? Yeah. How's work? Yeah? So...I have this virus..."
mckitterick
May. 4th, 2010 03:12 pm (UTC)
That's a great idea - I should also get a bigger hard drive to allow space to load Linux.
professormass
May. 4th, 2010 03:28 pm (UTC)

Just to be sure I was clear -- you don't need to actually put Linux on your hard drive to use a LiveCD as a recovery disk. The operating system will run perfectly well from the CD-ROM. That's the beauty of it -- it'll let you run diagnostics if the hard drive has failed or recover data from damaged drives, etc.

Of course, having a dual boot Linux system is always awesome, too. :)
mckitterick
May. 4th, 2010 03:36 pm (UTC)
Even more awesome. I'll give this a try.
( 19 comments — Leave a comment )