![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Last night, I was testing links to various SF magazines, and some time during those clickings I downloaded a file called "check.exe" that wrecked my operating system and prevented it from rebooting once I realized what was going on. Awesome.
I'm not sure where it came from, but these are the sites I suspect: the old DNA Publications page (now dead) and SyFy's website. I suggest staying away from those until I figure out where it came from - if you work at SyFy.com, I suggest you check for malicious advertisements posted last night.
While I was searching for the old SciFiction site, I noticed my drive crunching along as I downloaded the virus, and soon I was unable to launch Task Manager. I hurriedly disconnected from the internet (the hard way, by killing the router, because I couldn't stop any programs), then ran msconfig to see what had added itself to the startup programs, where I found the file(s) and that they had downloaded during the time I suspected. After deleting them and forcing a hard shutdown (it wouldn't restart as usual, of course), that was it for booting the OS.
Great timing: I was working on several files that need to be done ASAP, so of course I hadn't backed them up yet.
Now I need to figure out how to grab those files off the laptop hard drive. Anyone know if a laptop drive can be daisy-chained to a desktop drive array? Or if that's a smart idea? Should I instead try reloading Windows?
Well, I'm not too pissed, because this is the first virus I've gotten since Windows 98....
Don't know if I've mentioned lately, but Hell hath a special spot for malicious hackers, where they have to go line-by-line through the operating systems they've infected, and make those OSes inpenetrable. While Satan himself randomly hacks the machines they're using. They're told they get to leave as soon as they're done, giving them hope. Which of course is an impossible task.
PS: Oh, and on Saturday, I discovered that someone hacked my credit card and tried to order from the Apple Store and Skype. US Bank noticed right away and blocked those transactions. Wow, modern banking AI is incredible.
Chris
I'm not sure where it came from, but these are the sites I suspect: the old DNA Publications page (now dead) and SyFy's website. I suggest staying away from those until I figure out where it came from - if you work at SyFy.com, I suggest you check for malicious advertisements posted last night.
While I was searching for the old SciFiction site, I noticed my drive crunching along as I downloaded the virus, and soon I was unable to launch Task Manager. I hurriedly disconnected from the internet (the hard way, by killing the router, because I couldn't stop any programs), then ran msconfig to see what had added itself to the startup programs, where I found the file(s) and that they had downloaded during the time I suspected. After deleting them and forcing a hard shutdown (it wouldn't restart as usual, of course), that was it for booting the OS.
Great timing: I was working on several files that need to be done ASAP, so of course I hadn't backed them up yet.
Now I need to figure out how to grab those files off the laptop hard drive. Anyone know if a laptop drive can be daisy-chained to a desktop drive array? Or if that's a smart idea? Should I instead try reloading Windows?
Well, I'm not too pissed, because this is the first virus I've gotten since Windows 98....
Don't know if I've mentioned lately, but Hell hath a special spot for malicious hackers, where they have to go line-by-line through the operating systems they've infected, and make those OSes inpenetrable. While Satan himself randomly hacks the machines they're using. They're told they get to leave as soon as they're done, giving them hope. Which of course is an impossible task.
PS: Oh, and on Saturday, I discovered that someone hacked my credit card and tried to order from the Apple Store and Skype. US Bank noticed right away and blocked those transactions. Wow, modern banking AI is incredible.
Chris
Tags:
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
From:
no subject
Okay - first off, here's a little information about the Trojan that utilizes the check.exe process:
http://www.spywareremove.com/removeCheckTrojan.html
Next, you should be able to pull your laptop drive out and take it to Best Buy. They should be able to help you find the proper USB drive enclosure so you can then hook your laptop drive up to any computer using a USB cable.
Be careful that nothing auto-executes when you connect the drive as that may cause any virus to spread, and when you get the files from the drive, scan them to make sure they are clean.
If you've got any questions, please let me know.
From:
no subject
I'll be careful. Thanks!
From:
no subject
From:
no subject
Once you re-install, make sure the system gets patched to the most recent patch levels from microsoft (http://windowsupdate.microsoft.com).
And if you aren't running any virus/adware/spyware software, I'd recommend Microsoft Security Essentials. It's free, it's detected pretty much everything I've thrown at it, and it's not near the resource hog that other virus software I've run into is.
From:
no subject
Also, don't automatically assume that the virus was planted the day it manifested in system lockup. Coulda been there a while, quietly stealing info, and otherwise "sleeping" with an autodestruct timer function ("initiate autodestruct virus X hours/days after forwarding data dump to hacker"). Or even a callback function that would initiate autodestruct once it got a signal that charges using the stolen info had been denied. Your hacked card incident is somewhat suggestive in that regard.
And people think I'm parnoid about not installing "chat" programs on my household computers.
From:
no subject
Any news if those sites have been hacked?
From:
no subject
From:
no subject
We worry so much about sites being hacked, but it also could've just been an employee with larceny in their soul who scribbled the number down and passed it on. Somehow your number got out, fortunately it was contained before the damage got ugly.
With just a teeny bit of luck your HD is recoverable, or at least the files on it can be saved. Most likely it'll need a full AV sweep and an OS reinstall to be usable again in the laptop. Not a bad idea to get an external HD and a cloning program, and run it occasionally.
From:
no subject
Looks like the files are recoverable, yay!
From:
no subject
I've also got a box that works for most laptop hdds that I've seen so far. The drive I use in it is 2.8in X 3.9in X 0.4in. It uses a ATA-100 interface to link to the HDD and a USB to link to the computer.
You are welcome to try both if you like. Just let me know.
From:
no subject
From:
no subject
PS: This wonderful fellow helped me dig up those files I was working on by using a beat-up computer with a Linux install (thus not susceptible to the same viruses). I'm thinking of keeping one of those around for similar purposes ;-)
From:
no subject
From:
no subject
From:
no subject
From:
no subject
It's so useful that I just keep one in my backpack, in case of such an emergency...because when you're computer-y, it's like being a doctor. "Hey, man...how's it going? Long time, no chat. Kid good? Yeah. How's work? Yeah? So...I have this virus..."
From:
no subject
From:
no subject
Just to be sure I was clear -- you don't need to actually put Linux on your hard drive to use a LiveCD as a recovery disk. The operating system will run perfectly well from the CD-ROM. That's the beauty of it -- it'll let you run diagnostics if the hard drive has failed or recover data from damaged drives, etc.
Of course, having a dual boot Linux system is always awesome, too. :)
From:
no subject