Wednesday, February 22, 2006

PC Hell

I am forbidden to use the Toshiba Notebook (my dad's) because the last time I did all manner of popups and malware infested the memory. Let me repeat: the computer that I am using right now, to type the word 'may not'may NOT be used. After my dereliction of duty (apparently) in February last year, my dad called in a PC detective (a real person!) to do some spring cleaning, and she got most of the spiderwebs and debris that was slowing it down out. Most. But not all. Having sowed seeds of destruction, and having appeared to my fathe rto be a wrecker of machines, I headed back to the land of Broadband (South Korea - one the foremost destinations on the planet for internetivity (internet -connectivity)).

Unbeknownst to me, every time my dear old dad turned on his notebook, after startup there was an annoying pop-up, similar (but not the same) as the one above. This served as a constant reminder of my misdemeanour. Thus, when I returned 6 months later, it should have come as no suprise that I was effectively banned from using his computer AT ALL.

The Cat's Away

But when the cat was away (and still is), the young mouse, called Nick van der Leek, got out to play, once again on his dad's Notebook. This time it was not locked away. And this time all the mouse did was check his email. And add a post to his blog. And then post something on and eeek. Suddenly, whilst checking his doings in the archive of he suddenly found the website went white, and it said FILE NOT FOUND, and the address had suddenly changed to: http:///. This rang a bell. A bell from 6 months ago.

This is not a drill

Delving into the vault of what happened then, Nicky Mouse immediately got to work, first running a Spybot Search and Destroy, and then checking to see if Windows Update needed to be updated.

A sickening feeling in his stomach.
Search and Destroy picked out:

DSO Exploit (5 entries)
and AllCyberSearch (1 entry)

Immunisation wiped them out, but once he did another sweep using Search and Destroy they all came back.
Now he used google to find out what other people had done to solve the problem.
Meanwhile, Windows Update required over 12 essential updates, and a 152MB patch called SP2. On a long drop toilet-dialup modem, this was going to take a long time (9 hours in fact).

It's Hot

With Googles help Nicky Mouse used the information from Spybot's Search and Destroy to locate the Hkeys (registry values). One by one he painstakingly went in the deep chasms of software architecture, terminating each 1004 file one by one. There were 4.
Then he downloaded hijack this, and did an info scan on anything that looked suspicious. Hijack this is a very good weapon, like an atom bomb. Problem is, if you wipe out something you want, it's never coming back. Ever. He wiped out a HOTKEY file, then downloaded Lavasoft to get rid of AllCyberSearch.
I've left a few steps out here, but long story short, the Mouse, working on borrowed time, and well into the wee hours, finally comes up with a clean Spybot scan. It's good news, except that the information on google said change the 1004 vlaues to 1003, not to delete them.
The only way the mouse will know if his attempts have done more harm than good is to reboot.

After the reboot the 'TEMP' popup that has plagued the computer has vanished. Success! But in its place is another one, asking for a HOTKEY. Google once again comes to the rescue, providing links to Toshiba. The Hotkey is actually a startup file, and has something to do with the Touchpad. It needs to be installed. He follows the white rabbit to Toshiba, and downloads, careful to download the driver under the same model as the notebook.
Now to see if it works. Restart the computer.

Same thing. Popup.
Redo from start.

Copy to Startup

He downloads a second driver, and then copies the installed filed not only onto the All Users/Startup/Programs (possibly not in that order), but under the User: Casey.
Seems like a long shot.

No Trace

Now there is no evidence that the computer is any worse than it was before, in fact, it doesn't have any popup screen to greet you when the computer boots up.
However, on his way out, he notices the icon for a picture (used to post onto this site) has an unusual icon. A small white square with three blobs of different colors. That's not right.
Finally he has all images opened on the same program (click on the box that says, 'Always open with this program').

In Summation

The bad news is that I've left a few traces of my using the computer, despite it being'banned'. The good news is, those traces are all good:

1) The computer is updated with the latest patches so is effectively immune
2) The annoying 'Temp File' popup has been squished
3) All image files, including .bmp files now open instantly on Windows Viewer as opposed to being delayed while Adobe provides the details of its patent protection

When you've been in PC Hell, it's not often that all's well, and ends well.

No comments: