A virus to end all viruses!

 

My favorite Anti-Virus software was sullied by something this week.

 While downloading the hundreds of e-mails I get each day, my PC decided to “stall.”

 One of the reasons that we “who know these things” get paid well for what we do is this.

When a PC, server or any other piece of computer hardware fails to act as it should; is that we go through a methodical litany of troubleshooting techniques, that we know to do. 

 

  • This is a fairly old PC, is it hardware?
  • Is it software?
  • Is it operator error?

 

One of the first steps I do, is assume nothing.

 The answer to the three above questions is “possibly.”

 I check for viruses as that is what one does, checks for a virus.  If there is no smoke or other obvious hardware issue, you check for viri.

 The “only” way to do this properly is remove the hard drive from the machine, install it in an external device that hooks up to another “known good PC” with good anti-virus on it, and scan it.  I could explain why but it would add several paragraphs, so just trust me.

 One of the first mistakes one makes is use a machine that has the anti-virus on it that you already use.  Hello…. If it is a virus and it got past your anti-virus what makes you think it won’t screw up this machine as well?

As a professional, I have several top of the line packages that I purchase and keep up as there is “no silver bullet.”  I don’t screw with free, as free is not worth what you pay for it!  Anyone that does is playing with fire!

 This process can take hours, so I use the time to blow out the machine, check for bad caps, lethargic fans, change the CMOS battery, dust out the CD-ROMS and so forth.

 As part of the process I noticed that the video card fan was running, but not up to speed.  This was not an expensive card so I took this opportunity to upgrade it to something newer, faster, onboard GPU and a killer fan.

 Problem: Newer video cards need more power than the old 300Watt Dell power supply can muster; must change the power supply as well.

 Problem: Dell uses proprietary power supplies.  Getting a higher power, power-supply from Dell, if they even make one for this PC, would be cost-prohibitive.

Plan B: What exactly is different about this power supply vs. the standard off the shelf power supply?  The placement of the power receptacle is lower, and there is an off-on switch on a “generic” power supply.  The case has metal where that would be.

It did not take long to modify the case to accept a generic, higher power, power-supply with a larger fan and double the watts!  There is a tool called a “nibbler” that you can get that will allow you to remove small chunks of metal at a time until you make a suitable hole for the new power-supply.  I also used a dremel tool to smooth the metal, so there were no sharp edges.

After finishing the hardware upgrade with a larger power-supply and a video card that is really meant for gaming; as well as replacing the CMOS battery, the diagnostic screen came up just perfectly.  Removing lots of dust did not hurt things either.  The drive was still scanning, so a wait was still in order.  At 75%, Trend Micro had found no viruses….

 Finally; about 3 hours after the start, the drive was pronounced clean by Trend Micro so now it was back to possibly a hardware issue, or was it?

 Installing the drive upon boot up I was presented with the options of safe-mode or regular boot.  Always choose safe.  In safe mode you can poke around without all of the other files loaded.

 Once booted in safe, I installed the new video drivers and was happy that “in safe mode” the PC behaved as expected.

 Reboot to normal, normal quickly turned to atypical to say the least.

 I like to have the widgets on my desktop that show me the processor usage and the memory usage.  I know what they should look like so if they change, I can quickly react vs. waiting until things just die.

 Watching the widgets, the processor usage would tank at 100% and the memory usage would gradually increase until the PC was non-responsive.  That is the earmark of a virus, or a program that is behaving badly. 

 Manually shutting off the machine and bringing it back in safe mode I use something called CCleaner.  I actually pay these folks for this program as it is that good!  You can get it for free but anyone that writes a program like this I will support them.

 www.piriform.com

 I allow it to clean; which removes all kinds of crap hence “crap cleaner.”

I then run the registry cleaner and allow it to do its thing.

 After that I go through which programs and services I want to allow to start than kill everything that I don’t recognize.  I am different from the normal folk; as I recognize what those programs and services are.  If you are not sure about this; research with another computer what you are killing.  Failure to do so could result in you killing your operating system.

 The trick is to get rid of all the “junk in the trunk.”

 

“Junk in the trunk”

 

I use the analogy of hauling rocks in your trunk. 

 

Many years ago Lucy from the “I Love Lucy Show” and her husband made a movie called the “Long Long Trailer.”  If you have not seen it I will not spoil it but, part of the plot is that Lucy wanted to collect a rock from each place that her and her husband went on their honeymoon, while pulling this travel trailer with a car that was probably ill equipped for the task.  While the rocks in this case were in the trailer, the metaphor still works, as this car was now pulling more than it could possibly handle while traversing the mountains!

 

We do that with our PC’s every day!  We load them down with all kinds of programs that live in the tray. We have lots of different things running at one time, and unfortunately we have to add to this load an anti-virus software and anti-malware software and god only knows what else, just to surf the web!

 

Depending upon your car, Mustang with a 5.0 or Prius, it will allow you to haul some stuff.  As far as I am concerned, I want a PC that will get the job done and handle the software necessary to keep the computer safe and allow me to run production apps.  I drive a full size truck with lots of power.  My PC is not a gaming PC but, it could play WOW or some other graphic intensive game, if I so chose to do so.

 

If you are a gamer, you want a Ferrari or Lamborghini.  I advise those shopping for a new PC to get one that will play games; even if you don’t intend to use it for that.  Why?

 

If it will play games, it will run your production apps and the necessary stuff to keep it safe from the bad guys!

 

Having a sport car does not give you license to drive down the road faster than traffic or the speed limit; it merely gives you the ability to do so.  Just because you have a PC with lots of power, there is no need to install a bunch of stuff like “weather bug.”

 A PC is kind of like a baby.  Every thing that you do to it or with it from the day it is “virgin software” changes it.  Loading all kinds of stuff on your PC, even getting updates from the different software vendor’s “change it.”  PC’s are very dynamic and that is why it is important to use the widgets like I spoke of earlier.  Know what normal for your PC, and when it is not normal, get some help.  When your car’s temperature gauge goes out of the normal range; you take it to the shop don’t you?  If not, you certainly should.  Someone needs to write into the operating system a “check engine light.”

 Diagnostic software came about with the PC years ago; the first that I remember was PCTools. 

 After removing all of the junk, booting my PC back up into normal mode still left me with a PC that had a runaway program that slowly degraded the performance of the PC until it died.

 Another boot to safe and than another boot to normal allowed me to quickly bring up task-manager before the eventual slow down, so I could monitor all processes “from all other sources besides just my login.”  That is key as some services and processes will not show up under what you have loaded under your profile.

 Long story short, ESET was the malfunctioning process.  ESET would eventually use up over a Gig of ram and most of the CPU horse power and…the mystery still is that it was sending something over the internet or at the very least causing all sorts of network traffic.  I no longer have a hub so loading a protocol analyzer on another PC would have only shown me broadcast traffic.  I elected to simply uninstall ESET from “safe mode” and see what happened then.  That fixed the problem.  I installed Trend Micro and have run the PC for over a week with no issues.

 My guess is that someone wrote a program specifically to attack the anti-virus software and ESET was not equipped to handle it.  Next week or next month it may very well be Trend that fails.  There are many on the market and there is “No Silver Bullet.”  It came in through e-mail I suspect.

 

Moral of this sad tale is this: backup those things that you care about and back up often.

 

I would love to know what attacked ESET NODE32, so if anyone else has a similar story please share it.  I will make certain to share it with my readers.

Call me paranoid but here is my suspicion.  There are many different anti-virus programs out there all trying to get your dollar.  There are some really good programs and than there are some programs that are not so good.  While free is better than none, it is not much better.  You get what you pay for.

I suspect and this of course is coming from a 30 plus year veteran of working with this stuff, that someone who works for or worked for one of these companies wrote and released this bug.  Someone writes these things and if they don’t get remuneration from it, why do it?

Why in God’s name would someone sit around in their mother’s basement in their underwear writing programs that are meant to disrupt or destroy people’s software or ability to get on the internet or work or what have you?   Sorry for the visual but I can just see some pimple faced kid with empty candy wrappers, half empty red bull cans and possibly an ash tray full of butts and old pizza boxes typing away at the computer till the wee hours, trying to outdo his buddy.  I think I see roaches too…Another bug!  

I understand writing software to steal an identity and sell those things to the highest bidder. 

I understand robots to use millions of computer to attack some target with a DOS.

If a virus was written to attack a specific anti-virus package; that action would bespeak of an inside job, or possibly someone that had a grudge against that company.

 

Full disclosure: I do disaster recovery planning for companies.  Having been in this field since before the Internet, Bill Gates and Mr. Jobs, I have seen much, done much, and carry a wealth of both computer and business skills and acumen with me to the clients site.  

 

When I got out of school, the secretarial pool was still in vogue; and Greg Shorthand was still practiced.  I put dictation equipment on executive’s desk and later computers, replacing the all day process of creating a document to the executive typing his or her own document or e-mail.

I am also a science fiction / fantasy writer who enjoys blogging…

-Best

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s