My computer was infected by a particularly nasty worm that masquerades as an anti-virus program. I have no idea how it managed to elude my real internet security software, but it got disabled during the attack. The rogue software appeared to be running a scan of my system, and it turned up 30+ "infected files" that had all kinds of scary-sounding things wrong with them. But here's the scariest thing: the scan and its results looked exactly like the real Vista security center. It was even called "Vista Internet Security," and indicated I had a trial subscription (which covered the initial scan), and said I needed to purchase a full subscription to clean up the infected files. Heck, computers come pre-loaded with so many pieces of trial software, this sounded entirely plausible. And, as I said, the scan results looked exactly like an actual Microsoft window.
The thing basically took over my internet connection. Every time I tried to launch a browser, the window filled with an official-looking warning that the browser was infected and that unless I took care of the infection my computer was vulnerable to attacks. In actuality, it turns out that the worm had simply changed/redirected my default home page in Internet Explorer. And my address window disappeared, so I couldn't simply select another website. The only option I could select was to purchase a full subscription to "Vista Internet Security." When I clicked thru to that site, it looked very much like an actual product, complete with magazine reviews and customer testimonials.
With my credit card in hand, and on the verge of paying sixty bucks for a year's subscription, I decided it wouldn't hurt to browse the web and get an independent review of this product. Fortunately, I could still access the web through the browser built into my AOL software. And, even more fortunately, when I searched on "Vista Internet Security" I immediately found a long list of sites warning that this is a nasty worm and a total scam.
But removing the rogue software from my computer was another challenge. From the other sites, I learned that there is a file called "av.exe" that's responsible. I found it, and tried deleting it, but couldn't do so because it was running. So I went to Task Manager, ended the process, and then deleted the av.exe file.
This was a huge mistake. I should've followed the instructions on some of these other sites, and tried to edit the Windows registry first. It turned out that the av.exe file had so embedded itself into my registry, it was like a brain tumor. When I knocked it out, it completely corrupted my registry. I couldn't start any of my installed software! And I couldn't even launch the system tools that enabled me to do a "system restore" back to a registry I knew to be good.
For over an hour, I was in a panic. I'd been finishing up a huge project for a client, and still had work to do last night. I was facing the prospect of having to somehow get the files off my desktop computer and onto a laptop, and finishing things up there --- but who knows how long it would take to get my computer repaired at a shop.
I tried launching the computer in Safe Mode, but still could not access the system restore utility in the normal way. Finally, by launching with Safe Mode Command Prompt, and by studying the help menus on my laptop to get the name of the executable file for System Restore, I was able to get into the utility I needed. I went back to a registry from two days ago. Fifteen minutes later, my computer was functioning perfectly. My first move was to update all virus definitions and check all settings on my Norton software, then do a full scan for any traces of "av.exe".
Why do I bring all this up? In part to give a warning to my readers: Do not fall for this scam! I consider myself to be fairly computer savvy, and this thing had me almost completely fooled.
But I also wanted to share a couple of quick reflections on crime. Yesterday, separating me from sixty bucks for a fake anti-virus subscription was probably the primary goal of whomever designed this worm. I didn't pay it, but the attempt on money is really the least of the evil done to me yesterday. For an hour and a half, I was in a state of utter anxiety. I depend on this computer for my livelihood. It is my number one tool, and allows me to support my family. Yes, I have an old desktop computer, and a laptop, as backups in a pinch. And I have Carbonite and backups on an external hard drive to protect my files. But this computer I'm typing on now is the nerve center of my professional life. When this computer doesn't work, I can't think about anything else until it's fixed. Dinner was late last night because of this issue. And I was still so upset by what I'd gone through, I couldn't eat more than a few bites. The kids lost their opportunity to spend time with me after dinner. My client didn't get the last of his project delivered until 10:30.
What I'm trying to say is that the smallest part of the criminal attack I suffered yesterday was the sixty bucks these guys were after. A criminal does far more damage in stealing a person's life from him. And a person's trust in others. And a person's peace of mind about the world. This thing looked like a genuine anti-virus program, which is supposed to protect me. It turned out to be like a rogue gang that uses police lights to get motorists to pull over, so they can take advantage of people. These are among the very worst kinds of criminals, because they steal more than just money. They steal the trust that we ought to have in those who are trying to do good and keep order.
I worried enough about my computer before...now I'm going to be even more anxious. I was very nearly without my computer for the next few days, right at a time when I'm awash in requests from clients. Mrs. Yeoman Farmer had to hold down the fort yesterday evening, when she really needed a break. Homeschooled Farm Girl threw a pessimistic fit when she saw how upset I was at not being able to fix the problem. And none of the Yeoman Farm Children can have back the hour they didn't get to spend with me last night.
This reminded me of the only other time we've been the victims of crime. Several years ago, a local farmer collected eggs and produce from several of us and took everything to a big farmers market in Chicago. We gave him a percentage of the sales for his trouble, and it was a nice arrangement for everyone. And it gave us a nice outlet for our eggs. Anyway, one week he was packing up...and turned around to discover someone had swiped the cash box. None of us got paid that week. Yes, I was upset about the money. But what made me even more angry was that the thief had taken our work from us. I'd carefully inspected and washed every egg, making sure everything was perfect for our customers. The other farmers had taken similar care in preparing their produce. The young man who manned the booth lost not only his produce and his money, but the whole day he'd spent going to and from the market. Not to get too philosophical, but in carrying out our work, we'd poured ourselves into what we'd sent to market. As John Paul II said, about the nature of work and its relation to the person who carries it out:
And so this "dominion" spoken of in the biblical text being meditated upon here refers not only to the objective dimension of work, but at the same time introduces us to an understanding of its subjective dimension. Understood as a process whereby man and the human race subdue the earth, work corresponds to this basic biblical concept only when throughout the process man manifests himself and confirms himself as the one who "dominates." This dominion, in a certain sense, refers to the subjective dimension even more than to the objective one: This dimension conditions the very ethical nature of work. In fact there is no doubt that human work has an ethical value of its own, which clearly and directly remains linked to the fact that the one who carries it out is a person, a conscious and free subject, that is to say, a subject that decides about himself.And some thief simply swiped it like it was nothing. It was a deep and troubling sense of betrayal, and greatly undermined my trust in others.
Anyway, speaking of work, I'd better get back to what I need to do and not let this criminal take any more of my time. Be on the lookout for this nasty scam! And if it does infect your computer, follow the right directions for removing it. (Use task manager to disable the av.exe process, and that should allow you to browse the web again so you can find a site with good instructions.) Things could have gone much worse for us last night than they did; hopefully the rest of you can be spared our experience entirely.
2 comments:
I spent 2 solid days last week onsite with a customer who had this exact infection. Nasty. Sorry you went through that.
Thank you for the alert. I have forwarded the info to my children.
Post a Comment