August 12, 2002
From the desk of Jane Galt:I'm tired. Tired, tired, tired.
I'm tired. Tired, tired, tired. And the reason that I am tired is that in the course of installing a network in a client's office, I discovered that the place is infested with viruses. (Virii? Vira? Dr. Weevil, where are you?)
Despite the fact that the client had previously had no network on which to spread them, the computers had apparently accumulated a truly impressive collection of viruses and worms. There were four or five different ones resident on the network, and there were several machines that were "hot zones" containing every one. You small business owners out there: this is why even small offices need networks. Your employees swear that they are backing up their machines, updating their virus files, and all the rest of it. This is a vicious lie which you will only discover when their machine fails and they look at you with wide, sorrowful eyes and say "But I forgot" and you have to figure out how to reconstruct 10 years worth of accounting data from your dead tree files. Plus, for those of you who live in the New York/New Jersey/Pennsylvania/Connecticut area, I'm available at reasonable rates. How jealous would your friends be if you could tell them that your network was installed by the operator of the nation's premiere political-economy-and-bullmastiff weblog?
Anyway, they had a couple of clever little worms. In machines based on the Windows 95 architecture, they move into the auto-recovery files; Windows will not let you delete, modify, fold, spindle or mutilate these. The solution, of course, is to boot up in safe mode, disable auto-recovery, and delete 'em yourself. At least, it would be if the fiendishly clever designers of the particular variant we had did not have access to the same anti-virus web sites we did. The dang thing had managed to rig it so that the "disable auto-recovery" option was already checked in the system manager, even though it was clearly still on because the virus software couldn't clean the files. On machines with NT-based architecture, it colonized "Explorer.exe", which of course couldn't be cleaned either. It had also created a FixKlez.com file to interfere with the virus fix, FixKlez.exe, that I downloaded from Norton. Even more diabolically, it kept finding and disabling or corrupting my anti-virus software, although it took me a little while to figure this out. Yet the command line scanner McAfee gave us was too big to fit on a floppy. Eventually I had to copy the command line files locally and rename scan.exe to "fred.exe" (The anti-virus sites recommend renaming it to "clean.exe". Yet the people who make these worms also read the sites. Guess what happens if you try to execute "clean.exe" with one of the newer worms we had?). Cleaning the computers manually seemed to work, although some of the users lost data. Which then had to be reconstructed. Virus scanners had to be reinstalled. The wall had to be kicked, repeatedly, while I intoned, in a loud voice, words not suitable for a family website.
All of this took hours. What was supposed to be a simple little job ended with me getting home around midnight. Which wouldn't be so bad, really, if I didn't have to get up at 5:00 am to go to work. Sigh. There's nothing like hours spent battling a virus to make you want to find any 14-year old boy who can type faster than 30 WPM and just pound the snot out of 'em.
Posted by Jane Galt at August 12, 2002 7:04 AM | TrackBack | Technorati inbound links