LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices

Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

Fun with Win7 "security"

Posted 02-28-2011 at 02:30 PM by rocket357
Updated 03-30-2011 at 03:23 PM by rocket357

The other morning my neighbor stopped by and asked me if I could help him. "Sure thing.", I say. He explains that his mother's computer got a virus on it, and he's tried numerous times to fix it, but to no avail. Everytime he reboots the machine, the virus is back.

Now, I usually politely redirect requests like that to one of my many Windows-fluent friends...but my neighbor and his wife have been very good friends to us, so I want to help him out personally. I mean, his wife has babysat for us before, and he's loaned me tools so I could perform emergency bathroom appliance repairs. They're good people...*very* good people.

So I agree to take on the job. Simple enough...find and destroy a virus, and help a friend at the same time. What could go wrong?

Windows 7, that's what.

First off, I disconnect the machine from the network and boot it up. I want to see what this "virus" can do. Shortly after boot up, the background changes to some "alert" that my machine is infected and some application pops up that looks like it's scanning the hard drive...what's funnier than that is that it's "finding viruses" and warns me to activate this antivirus product or Al Gore will slap my mother...or something to that effect.

Funny, the hard drive lights aren't blinking on the box.

I laugh and right click on the taskbar to launch the task manager. "Ssshh...be vewy quiet, I'm hunting a viwus", I tell my wife.

That's when it got interesting. The application that's been "scanning" the hard drive informs me that taskmanager.exe is infected, and to protect me, it has blocked taskmanager.exe from running. (Well, thank God for that, I suppose...but now my wife is laughing at me, and that is unforgivable...even for a computer virus) After monkeying around a bit more and poking at the virus from a few different angles (all of which are met with the same "foo.exe is infected, and to protect you, we have blocked foo.exe from running"), I start to realize this isn't a run of the mill version of malware. This thing is downright annoying! (So much so, that it begs the question of whether or not this particular malware was written with the express intent of showing off how easy it is to completely disable a Windows 7 machine...) Things that make you go "hrmmmm...".

So reboot into safe mode, run AV scan. No dice. Uninstall AV...awww, can't do that because Microsoft security essentials can't uninstall in safe mode (seriously?). Crap. I have a conundrum...bug won't let me uninstall crap while running in normal mode, yet this garbage AV won't find the bug in safe mode. I hop over to my machine and start googling.

Just for the record, the problem is solvable. See, you have to download a tool to remove the virus, then rename the tool to "explorer.exe" so you can install it and scan. Let me repeat that: You have to rename the tool to "explorer.exe" so you (user with Administrator priv.) can install it and scan your own machine. All humor aside, what's wrong with this picture?

The problem is that a web-based attack can dig down deep enough into your OS (via Internet Explorer 9) to disallow an Administrator access to his/her own exes. WTF?!? Very funny, System Tool 2011, very funny. To the bastard of an author who figured out how to write code to do this (in the year 2011, no less!), my hat's off to you...and to the author who wrote the howto detailing how to remove this menace (without ROFLMAO'ing), my hat's off to you, too.

I seriously expect Windows 8 to transform computers into tiny robots hell-bent on killing everything within 5 meters...but only after being infected with System Tool 2012.
Posted in Microsoft Rants
Views 5914 Comments 2
« Prev     Main     Next »
Total Comments 2

Comments

  1. Old Comment
    I think it would have been cooler and more awesome to have used some live linux distro on a pendrive with some windows antivirus. I think it could perhaps even be safer, I don't like the idea of even booting an windows OS that has been compromised, the virus is set free to do "whatever it wants", which may be something like deleting some data or whatever. But perhaps nowadays viruses are more interested in trying to sniff credit card passwords and send them to someone else, rather than gratuitous destruction.
    Posted 10-12-2011 at 11:02 PM by the dsc the dsc is offline
  2. Old Comment
    Safer for sure...though I think I played it "safe enough". When I downloaded the removal tool, I did so onto an OpenBSD box, burned the tool to a CDR (not CDRW), and then installed via the CDR on the infected machine. It wasn't at any point connected to my network (I have a few Windows machines on my home network, so it would have been very, very bad if that annoying virus got loose...gives me the willies just thinking about it...
    Posted 10-12-2011 at 11:45 PM by rocket357 rocket357 is offline
 

  



All times are GMT -5. The time now is 04:16 PM.

Main Menu

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration