So .. last week, my sister's computer fell sick ...
Viruses are insidious nowadays, secretly copying stuff into your most secret folders and disguising themselves as legitimate applications. Through the course of slapping the evil virus out of the system, I learnt several things.
1. Task Manager is stupid. Why show only the executable? Is it so hard to have one more column showing the path of the file? That way you can immediately know whether that svchost.exe is the real McCoy or not.
2. Outpost Firewall is the best.
After clearing out several of the evil spyware, I discovered there was one more ... the most powerful of all. It was autostarting Internet Explorer on startup, in invisible mode, attempting to access two URLs: happy8888.3322.org and happy10000.3322.org, based in Korea (hosted by an IIS server). It was also hijacking, or disguising, or somehow causing IE to be listening on fifty billion ports.
I immediately clamped down access to that site, and Explorer too, which was also being used to visit that site.
3. Autostart Explorer is uber.
It took a long while to find the mysterious process which was autostarting IE. I peeked into the registry, into the start menu .. win.ini .. didn't see it at all. However, fortuitously, I happened to stumble on this application - Autostart Explorer. Though it seemed to be an old app, it listed down EVERY application which autostarted with Windows. Peering at the list let me to discover an odd application which was being auto started.
Deleted it, and voila! Fixed.
Phew.
Sigh still, the most secure measures don't count for crap when users are being dumb.
No comments:
Post a Comment