As a neighborhood computer technician, often I find myself working on machines that are old and neglected. A lot of people simply don't pay much attention to the dangers of operating a computer in the toxic tangle of sewer pipes we fondly know as the internet.
Ironically, many PC users have no idea that they can get all the protections their computer needs for free, if they know where to look. Sadly, that's a big 'if,' and a lot of them simply don't care. I wish they did.
What's funny is that the notebook he handed me wasn't completely bogged down. Later I figured out why.
The first thing I noticed when I fired up Windows XP was that the machine somehow was connecting to the net through my WiFi router, despite not having the password. Very odd...how? Possibly a clever "back-door" exploit, a buddy told me. So much for WEP encryption.
Nervously, I disabled the notebook's internal WiFi card. Next, I installed a free anti-virus product called AVG, then I ran a scan without updating its virus database. The infection counter quickly registered a handful of hits, paused for a moment, then found some more, and more...
After awhile, it was like the mother-lode of virus infections. I had seen as many as 250 or so infections before, but nothing prepared me to see literally thousands of viruses on one machine. 13,514?? Jesus, if those were votes, this computer could have beaten Rick Santorum!
Realizing that I faced a full-blown, man-on-dog computer exorcism, I called the customer back and asked him if he had his system disks, in case the operating system needed to be re-loaded. No luck, of course. Once again, I was working without a safety net.
The difference between me and a company IT guy is that the company guy gets to simply reformat the hard drive, and then reinstall everything. Me, I have to try to purge Satan's evil armada from a computer, and then try to salvage a working system from the smoking remains. It's an art.
Not too surprisingly, AVG wasn't able to remove the infections; they had their hooks in too deep for a simple solution. A computer exorcism basically requires a lot of time and a diverse set of tools. You throw everything you can find at the malware, running scan after scan until you gradually whittle the virus load down to zero. I have yet to find any single tool that can detect and remove everything bad that can infect a Windows system...other than a [name your destructive tool here].
Here's a partial list of the tools I used, in no particular order, and usually multiple times: AVG, F-Secure's online scanner, Panda's online scanner, BitDefender's online scanner, HijackThis!, ewido, Trend's online scanner, Windows Defender, Spybot Search & Destroy, Spyware Doctor, and eTrust's online scanner. I also used jv16 Power Tools to scan the Registry for bad entries.
Besides using scanners, I also removed entire folders manually, including one that contained the bulk of the viruses from A to Z, stored as .zip files. Some of the folders refused to be deleted for reasons I could not determine. Somehow the bad guys were protecting their stash behind the scenes.
After a full day of running scans, I removed the hard drive and attached it to my own system via an external enclosure, then resumed scanning. Again I encountered numerous infections, this time exposed by the drive's passive state. I managed to delete a folder full of unknown files slowly, one by one. A final scan with Spyware Doctor apparently broke through the last resistance, and by the end of the second day, the detected infections were down to zero.
Around 3am of the second day, I put the hard drive back into the notebook computer and ran another scan. More infections, but now it was just a handful, quickly removed by AVG.
Victory. I downloaded all the Windows updates, installed IE7 and FireFox 2, Media Player 11 and a few more things, then called the guy who was (once again) the owner of the machine. Tough way to earn a hundred bucks, but I figured I was probably doing a public service.
This machine wasn't bogged down because I figure it was being used as a warehouse, a storage and distribution tool for malware being spewed out over the internet by a nasty hacker. The asshole in question wasn't particularly interested in the financial data on the machine, because he didn't want to risk losing the use of this ideal resource. This PC was a Typhoid Mary of computers, not so much a victim as a carrier of disease. Nonetheless I urged the owner to check on his credit cards and consider getting new ones. Every bit of data on that machine was compromised.
As he walked out the door, I wondered in disgust why we all don't just go out and buy MacIntoshes. These Windows security nightmares are just getting to be too damn much!