A Mind Lost

Anything and everything.

The Rapture and Malware

Supposedly today marks the End of Days for the world, with weeping and wailing and, presumably, much gnashing of teeth.

I’m not holding my breath. I seem to recall it being said somewhere in the Bible that no man would know the date of Christ’s return, although I could be mistaken.  I was raised Christian, and I’m now Agnostic with Christian tendencies (the good ones, not the bad like the pedophile clergy).

Aside from that, I had to spend a few hours fixing my son’s computer this morning.  Infected with malware and a rootkit, everything had been “hijacked”, rendering the system unusable.  Fake security and anti-virus warnings popped up at every turn, and every resulting link from a Google search was redirecting to a handful of harmful sites.

HijackThis showed nothing out of the ordinary, but MalwareBytes managed to locate and clean several items, including registry keys, task scheduler entries, and several binaries.  The programs were located in the temp subdirectory of the user profile, as well as in the Windows directory.  It had commandeered the .exe file association, as well, making it difficult to clean properly.

After running MWB, Firefox was still plagued with the hijacked search results. A bit of reading, and playing with many registry entries (as well as uninstalling Firefox, Java, Flash, and several other plugins) and I was left with the conclusion that there was a rootkit involved.  I downloaded Kaspersky’s tdsskiller, and sure enough it detected a variant of the rootkit.  One scan and reboot later and everything appeared to be working as it should.

Hopefully I managed to completely disinfect the computer, but one can never be sure that it’s entirely gone.  These things can be pretty tenacious.  I’m not even sure where my son picked it up from, but I believe it may have come from the software/driver CD that accompanied the Hip Street “Kids Camera” his grandmother got him for Christmas.  I cautioned her against it, recommending it be returned for a refund as Hip Street’s products are pretty flimsy and, to be honest, shitty.  I might give it a test in a virtual machine to see if that was the source.  The problems only started today, and my son installed the software yesterday.

I’ve a friend who has repeatedly stated his belief that hackers (the bad ones, not the good ones) and virus/malware/rootkit authors should be shot (literally), a punishment I believe to be too harsh by far.  Right now, though, I wouldn’t be adverse to knocking a few teeth loose.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: