Saturday, May 7, 2011

Multiply 365 Day 126 - Unsickly

I'm back.  Actually my laptop should be uttering those words, if laptops could talk that is.  But Then life would like some Disney/Pixar movie, and I am pretty sick of those, so I would prefer if my laptop remained quiet for the time being.

I am not sure what happened to the laptop, maybe I was looking at too many dirty pictures or something.  But whatever it was, the other day I went to fire up the laptop and after the initial Windows loading music, I got a message along the lines of a generic host process for Win32 error.  Not the best day, but not the worst either, everything seemed to be running okay.  At least I thought so until I went over to Pandora to fire up some good old fashioned blogging music.  I fire up the station and taa daa, no sound.  That can't be good.

So I try rebooting, which is better than my normal method of fixing things which involves a hammer and lots of things breaking.  It is problem solving like that that will keep me out of the IT field.  The reboot was equally bad, the same error message came up to start, so I decided to look online to see if I could find out just what that meant and why I would get no audio.  The first piece of advice I picked up was to go check and see if the audio drivers were disabled and reenable them.  That made sense to me, so I start poking around in the Control Panel, find the audio stuff I am looking for, but I have no access to anything.  It says everything is enabled, but even if it weren't, I was blocked from doing anything.  I couldn't even test the system sounds in there, the play button wouldn't work.  I am officially not liking this. 

At this point I decide to head back to Google and look up some more info, except that when I clicked on a link I got ye olde Google redirect action going on.  Google redirect is like a porn fluffer, Google does the work of providing you links for your search, but when the time is right for the money shot, you click on the link and find you have blown your load someplace else.  This is a problem that can be dealt with in a search capacity, but it is still a pain in the ass.  It meant that anytime I wanted to look into how to possibly fix the now ailing laptop I would have to right click on a link and copy \it, then paste it in a new window to make sure I ended up on the right page. 

Not that my search yielded much in the results department, lots of Hijack this logs and mumbo jumbo about using Combofix  and what not, stuff that seemed too complicated for me, using programs that would probably result in me doing more harm than good without working with a trained IT professional at my side.  So I decided to go the safe route, run Adaware and see if I could just rid myself of it that way.  Except Adaware didn't detect anything wrong.  At least it didn't tell me it did, in the back of my mind I was thinking, maybe it did do something and I just didn't realize it.  So off to try another reboot. 

We can all guess what happened, nothing.  Same error message on reboot, same issues with audio and searches.  So I figure, well Adaware sucks, lets go get something better (and free) and I manage to download a copy of Malwarebytes and after successfully installing it, I tried running a scan with it as well.  Again no dice, it picked up nothing. 

Next stop was to do more searching, see if I could get a handle on just what the hell was happening.  I came across a link to a Microsoft article on a similar issue, so I clicked through to it and in it was a link to run a program that Microsoft provides that, while is not an antivirus program (it couldn't remove anything) it could tell you if your system was infected.  Not the best of options, but at least it was something, so I went ahead and did it.  The verdict according to Microsoft was that I had TrojanDownloader:Win32/Karagany.A .  I think I would have rather been told I had herpes or something.  At least then I could have had an idea of how to treat it.  But Microsoft wasn't done being helpful, they gave some links to programs that were designed to alleviate the problem, if not the itching.  I decided to grab one of these, Microsoft Security Center.  After all, if they can diagnose it, they should be able to fix it.  But first, in order to download MSC I had to uninstall both Adaware and Malwarebytes. Fine, no problem.

I get all of the uninstalling done and reinstalling completed and then I get to a point where I can run MSC and finally rid myself of this horrid diagnosis.  Except I can't.  MSC doesn't pick up anything either.  I run it three or four separate times with no luck.  Fucking Microsft.  Bah and humbug even.  

I am running out of options here, but I try one more program, Avast Antvirus.  I go through the process of now downloading my third anti virus program in two days and I start to run it when MSC decides now would be a good time to actually detect something.  And around the same time Avast is also saying that it has found something, a virus in the rootkit and that a reboot is needed to get rid of it.  No problem, I do the reboot and the original error message (generic host yadda yadda yadda) pops up again, so nothing is gone.  MSC started automatically on the reboot, I reopened Avast and tried again and sure enough they both came up with the same messages around the same time again.  Now I don't know what the song and dance is, but I know I can't do this with both programs running and since when I went solo with MSC it picked up nothing, I figure it is probably being tripped up by Avast, so I uninstall MSC and try again to run Avast.  Again I get the messages that I have a rootkit problem and to reboot and  Avast will run a scan of the system before Windows opens.  And Avast does its scan, Windows opens and there is the Generic host error again, like that relative that you can't get away from fast enough.  So whatever I have, I still have.

Back to the searching, because at least I know the problem is in the rootkit (sector 0 to be precise, Avast was kind enough to point out where the virus was that they weren't ridding me of) and I came across some instructions on how to remove the sector and write a new boot sector, which I did and that is why I am with you this evening.  Two days, four anti virus programs, dozens of redirected links and lots of frustration later, I am here.  Which is good, because when it came to blogging material I had nothing.  But thanks to Mr. Karagany and lots of ineffective anti virus programs, I was able to weasel a few paragraphs onto the page.  Not too shabby, I should get viruses every day, then this 365 project would be a breeze.

No comments:

Post a Comment

Our inspiration (the title for this blog)

Picture Window theme. Powered by Blogger.

Where we've been