Infection

My Windows PC was infected with some crazy virus yesterday. Initially it seemed to just install some spyware (SpySherrif?), but went on to install a resident program which tried to send emails all over the planet. I tracked down the resident DLL, but it seemed impossible to uninstall … it was installed as an event hook in explorer. This meant winlogin.exe and a bunch of other apps loaded the DLL. Of course, under Windows, you’re not allowed to delete/move/rename any file which is currently open/loaded. Rebooted in ‘Safe Mode’. Nope, DLL still in use. I probably could have hooked the drive up to another WinPC as a secondary mount and deleted the file. Instead, I decided to start over.

Bought a 300GB drive for $80, picked up WinXP Pro SP2 CDROM (OEM), and reinstalled XP to a new drive. Only hiccup was I needed to update the BIOS on my motherboard for the installer to recognize my SATA chip.

The most frustrating part was that Norton AntiVirus was unable to find/clean most of the problem. It may have slowed/stopped the outbound emails (not really sure), but it certainly didn’t stop the initial infection. Bad Norton.

Well, you screw up and you give room for the bench players to shine. I switch to using McAfee AntiVirus. So far I like the UI, and the controls seem to be more aggressive than Norton. I’m able to limit outbound email rates, stop ‘similar pattern’ emails from getting out, etc. Seems more complete than Norton. Also, the AV scanner seems faster and better able to catch problems.

Took me about 2 hours to get my new HDD installed and have a WinXP running with all my necessary drivers. Another 45 mins and I was back to playing WoW.