Monday 22 November 2010

For sale: svchost.exe virus. Excellent condition!

Blogging is a little bit like working out. It's hard to get to the gym, but after a couple of workouts you can feel it in your muscles and it makes you want to go back and work out some more. With blogging, you get the feedback from the hits and the comments and so on, and it makes you want to post more. But when you fall out of it, you kinda lose that motivation a little bit. Or at least I do. Maybe it's a post-civic election slump. Post electoral depression. It's been a week since I've posted .. which isn't much .. but I've already lost that blogging mojo.

Work got in the way last week, as well as viruses. Computer viruses. Nasty ones. Ones that my virus program can't clean and that keep coming back like that damned cat.

They're sneaky little devils. They take on the same names as legitimate windows executables: svchost.exe, shell.exe, dwm.exe, etc.. except they locate themselves in the application data of your windows profile, and other places they're not supposed to be. You can delete them, but then seconds later they're back. My Trend Micro would usually block them, but that meant a warning box was popping up literally every 3 or 4 seconds saying that something was blocked, and then another window would pop up saying svchost.exe failed to initialize.

That's annoying.

I would run my virus scan, and it did catch and quarantine a few of them, but not all. And it can't clean the quarantined files either. I tired manually deleting the bad files from safe mode, but that works for all of 18 nanoseconds. I tried running Spybot Serach & Destroy, but it mostly finds bad cookies and that sort of thing. It might have helped a little. Then I ran the CCleaner registry cleaner in the hope of cleaning whatever registry entries were causing these stupid little things to keep coming back. Then I tried Combofix. Then I tried running Trend Micro from safe mode.

Then I rebooted and I still had the Goddamned viruses.

Then I turned to the internet. Not very helpful. A bunch of sites try to get you to buy their phony product with phony reviews ("I downloaded it and now everything is perfect!") when the program you're downloading is probably loaded with more viruses than a refugee ship from Burma. There are also some sites that tell you to clean them manually by deleting autorun.ini and other files from your System32 directory, and then going into Regedit and deleting a bunch of lines in there.

Uhm. No. You first.

I finally got rid of them (I think ... mostly ...) using an internet scanner from Trend Micro called Housecall. Seemed to work well. Which makes me wonder why the Trend Micro program on my computer that I pay for can't do the same thing.

So that was my weekend. Thanks for humouring me, as I attempt to get back into the blogging groove by sharing my problems with the world.


Grant Hamilton said...

I second the Housecall recommendation -- have used it successfully in the past.

Other strategies, if you're still faced with the virus:

- boot into Windows Safe Mode before scanning. This will stop a lot of the viruses from initializing.

- download and burn a linux live CD, then boot up into that and scan from the CD. There's a good intro here:


cherenkov said...

Thanks for the tips, Grant. Do I have to buy the penguin t-shirt before I'm allowed to download Linux Live?

reedsolomon.matr1x at said...

I've used Ubuntu for years now. Using Windows for me is like using an old model Nokia cell phone. I remember what its like, but its just so ridiculously out of date.

cherenkov said...

Linux is scary. I have visions of having to manually configure drivers and ports and other such things, and I am not sure I am geeky enough to subject myself to that challenge. I know that some of the packages like Ubuntu try to make it easier for noobs like me, but it's still a big leap into the unknown.

Anonymous said...

You may wish to have a look at the Webroot products. For the most part, I use AVG free anti virus and also have SpyBot, but several years ago I had a big problem and a tech at a Wpg computer store referred me to SpySweeper. I checked it out - they have a free scan - it took hours to scan my computer but fixed it. I have subscribed since and scan regularly with no issues found. I also have Window Washer, which says it is for one year but I have never renewed and it keeps automatically updating.

cherenkov said...

Thanks for the tip.

reedsolomon.matr1x at said...

Linux isn't particularly any more difficult or scary than Windows, its just you're used to Windows failures. The phone analogy works here too. So you have a Nokia phone. Want to go to Android (based on Linux) or iphone? you'll have to learn some new things. Heck, if you have a widescreen HDTV of any quality it is probably Linux based. It's everywhere. You just don't realize it because they've hidden it away. Ubuntu generally doesn't require you to do any command line things these days. I've gotten quite lazy with it. I do remember the days of Linux installing from floppies, that was fun.

Grant Hamilton said...

Yeah, Linux is super-easy -- and a liveCD you can run right from the CD (or USB key) so there's no installation required, and you can boot back into your Windows install no fuss, no muss.

Personally, I use Macs at work, Windows at home, and the new Win7 is actually pretty good, but I try to include Linux where I can.

Ubuntu is a great bet. I second Reed's comments.

reedsolomon.matr1x at said...

I mean, if you like Windows, hey whatever. Use what you like. I'd use apple products if I didn't have a problem with their horridly closed ecosystem. OS X is quality stuff. I have Windows 7 and its decent. I don't use it, it came with my thinkpad, but its a decent OS. But remember, do you use Firefox? It exists because of Linux. Open Office? Exists thanks to Linux. Linux users forced to not run microsoft products have instead given microsoft its own best competition. Have you ever used Virtual Box? Look for it on google, its a program that lets you run another operating system inside your operating system. Install linux or another windows on top of windows, and if you get a virus on that version of windows, just delete the disk image. It's an idea, anyways.

cherenkov said...

I don't know if I like Windows. That's just what my computer came with. My PC is getting up there in age though, so I figure if I get a new one I might give Linux a go on this one.

Shaun M Wheeler said...

I had a run-in with a piece of malware calling itself "Touch Point Anti-Virus" that installed itself through Java via an exploit in Adobe Reader.

Right pain in the ass THAT was to remove... had to edit my work computer's registry by hand as it hijacked all internet connections... couldn't even download a removal tool.

/* Google Tracker Code