Earlier this evening I was working on a few blog posts for my boss, minding my own business. I was in what I jokingly refer to as my zone. When I’m writing, it’s actually hard to distract me. You have to yell at me, or poke me repeatedly. I’ve gotten quite good at blocking things out when I’m writing. I’ve had to do that being a work-at-home Mom. It’s not easy to get anything done if you hear every sound coming out of your teenager’s bedroom!
As I sat there writing, my zone was shattered by the yells from my daughter. She was screaming for me to “Hurry! Help me!”. Thinking for sure something horrible had happened, I nearly killed myself getting out of my chair and into her room. I crossed the doorway to see her pointing at her laptop with a completely horrified look on her face. I look down, knowing already what I would see, and sighed heavily. You guessed it… popups… of the adult variety. Great. Just lovely!
As I began to take a look at the machine, the first thing I noticed is that there were not any protection programs running. Back up a moment… what? She’s been lectured for years now. She knows those programs have to be running at all times. Apparently, my oh-so-smart fourteen year old had decided those programs were a bother, and uninstalled them. Gee – wasn’t that wonderful of her? More grumbling comes from me as I download, install and update MBAM. The scan, of course, found and removed several things. I also ran ATF Cleaner, which removed nearly 400 MB of junk from her system. Good grief! Keep in mind, this install of XP is only about five months old!
After rebooting, I noticed that the address bar in Firefox wouldn’t work. Okay, fine… let’s uninstall and reinstall. Hooray! That fixed that issue. I lectured her once again, and installed Eset Security Suite on the laptop. I came back to my desk and muttered some more to other staff members in our IRC Channel.
One of the people present, Atribune, is one of my long-time heroes in the malware community. Dave owns and runs his own website, and has been one of our tool creators for years. He suggested that I run gmer, just to be on the safe side. Fine, fine, let’s do this! I download and run the tool… only to have some very strange results pop up. Atri looked at them via the text file I pasted him, and immediately asked me to let him connect to the machine remotely. *Gulp* This cannot be a good thing…
Thankfully, all was well, and the offending files ended up being harmless. However, as all this was going on I made my daughter watch what Dave was up to during the remote session. Her eyes bugged out and she started getting seriously worried that she would lose all of her pictures. This is a teenager like all other teenage girls – she adores taking pictures of herself (and others sometimes, as well). There are hundreds upon hundreds of photos on that laptop!!
Even though everything ended up clean and all of her files are safe, my daughter still learned a very good lesson today. Mom ended up being behind on her work by about three hours, and is getting sleepier and sleepier as the minutes drag by. I’m happy to report that all of the photos are safe and sound, and the laptop is once again protected. I have a very good feeling that it will STAY that way this time around.
What horror stories do you have when it comes to infected machines? I’m especially hearing about ones where a child or novice adult didn’t realize the perils of leaving your system unprotected. How did you deal with it? Did the person involved listen to your advice, and learn to keep their files and information safe?