Yesterday around 9 A.M., one of my co-workers called to inform me that they had a “popup” message on their computer while browsing the web.  First thought through my head was: “Here we go again…”.  Before I even connected to the remote machine I knew what I was going to see.  Another fake virus/malware/infection warning.  I was right.  As soon as I connected, I saw the warning: “You’re running unprotected, please click here to subscribe and removed the following infections.”

GAH! I’m am sick and tired of wasting my time cleaning this garbage up!  Why can’t this stuff be stopped?

So, after spending 3 hours on the machine via PCAnywhere, I came to the conclusion that remote cleaning wasn’t going to work.  I dispatched a person from each office to meet half-way to deliver the machine back to me.  Around 2:30 yesterday afternoon I finally got a few moments to look at it.

Problem is, once the machine booted Windows, the keyboard and mouse became non-responsive.  Either Windows had locked up, or the malware didn’t like being disconnected from the Internet (because I refuse to plug the NIC up until it is clean or temporarily running some other operating system).  Either case, as it stood the machine was useless.

This morning I’m sitting in front of it watching it run a ‘dd’ from the Ubuntu Live CD, duplicating its hard drive onto another for further analysis.  I don’t know how successful I’ll be, but I’m going to try to bring this machine back from “windows death”.

I know I may end up blowing the hard drive away and re-loading the system, but I want to at least try to find out what this malware did and how the machine got infected.  I’m tired of not knowing and simply formatting and reloading.  I want to get to the bottom of this.

Enhanced by Zemanta