The Virus

By Shamus Posted Thursday May 5, 2011

Filed under: Personal 400 comments

I don’t expect this will be interesting to many of you, but I started talking about this in Twitter and the subject got too big and there were Too Many Questions, so here is the full story.

This machine has gone for five years without any virus protection on it. It’s been clean & safe in all that time. I know anti-virus companies like to spook you and convince you that the Internet is brimming with malicious code that magically comes down the wire through no fault of the user, but this is not quite the case.

I hang out in very safe areas of the ‘net. Most dangerous code comes from:

  • Porn sites
  • Pirate sites
  • Social networking scams. (The “Adult content Viewer for MySpace” is a good example of this.
  • Email attacks.

I don’t go to those sort of websites, and I can spot a dangerous email a mile away. So, I’ve run for years with no protection and my machine has remained secure. Every few months I’d install a random Anti-Spyware / Malware program, give the machine a once over, and un-install it. Security programs are generally slow, bossy, nagging, resource hogs, so I saw no reason to let one lay around in memory, taking up space. I like to run lean.

Well, it was a good plan while it lasted.

About a week ago I was looking for cheats for New Vegas. I wanted to see just how much of an impact leveling / skills had on combat performance, because… Geeze. I don’t know. Seemed like a laugh. But cheat sites are generally infused with seedy ads. One gave me a popup (even though Firefox has built-in popup blocking) that was an obviously fake virus warning. One of those ones that pretends to be scanning your computer, but is just filling up a progress bar and generating bullshit scare messages. It actually placed itself slightly off-screen, so the REAL close button wasn’t visible. I wasn’t falling for that. I grabbed the title bar, dragged the window back into view, tried to clicked on the close button, and missed. I clicked inside the window.

Now, this should not be enough to get Bad Things on your computer, but it was. Or at least, if I made any other mistakes, I can’t sort them out. Clicking IN that window launched a lot of other windows, and some of them weren’t browser windows, but just regulars Windows windows, and I knew I’d messed up. I was screwed.

I gave the machine a scrub-down and waited a few days. I treated the machine like a public terminal and I’ve been acting like I have a keylogger installed, just to be sure. (So I’m not typing my password directly, ever.) The machine seemed okay at first, but there were still symptoms:

  1. Task manager shows iexplore.exe running on startup, despite the fact that I un-installed all versions of Internet Explorer. There actually isn’t an executable named “iexplore” anywhere on my machine.
  2. If I do a Google search in either Firefox or Chrome, and then click on the search results, I’ll get a strange error message popup labeled proc:click. It spews a bunch of Javascript out, and then the search is redirected to a spam portal. So, I have to copy & paste search results. Re-installing Chrome fixes this until the next reboot.
  3. All Flash-based content is missing in Chrome. Again, re-installing Chrome fixes this until the next reboot.
  4. In trying to resolve problem #1, I found Program Files/Internet Explorer/IEDW.EXE on my machine. Suspicious, considering IE shouldn’t be there at all. I’d assume this is just Microsoft sloppyness, but if I delete IEDW.EXE, it magically re-appears. That’s a virus.

Note that while all of this was going on, Ad-Aware, SUPERAntiSpyWare, HiJackThis, MalwareBytes, and SpyBot Search & Destroy all gave my machine a clean bill of health. So whatever I’ve got, it’s either hiding itself or it’s not appearing in any virus database.

I rebooted into DOS and used the Arcane Techniques to cleanse the machine of IEDW.EXE. (There were several copies of the file lurking in there under different names. I nuked them all.) When I rebooted, the above problems seem to be alleviated. So… fixed?

I sat there for a few minutes and asked myself, “Do I really trust this machine? Do I feel safe entering my passwords?”

I do not.

I don’t see any way around it. It’s time to get out the Windows XP CD and Start over. So that’s what I’m doing today.

And to head you off: No, I am not installing any Linux. Yes, I know it’s more secure. Yes, I know it runs lots of stuff. My wife uses Ubuntu, I’ve seen it. It’s nice. But it can’t run the games I need to run. It can’t run my comic authoring software. It can’t (easily) use my TV Tuner card to let me play console games. It can’t run Paint Shop Pro. Yes, there are OS alternatives to some of these things. But I’m not going to ride all of those different learning curves and completely change my work pipeline. All of that would be far, far more disruptive than this virus was. Ubuntu is cool, but my relationship with Windows in entrenched. Thank you.

I may update this as my adventure continues. My data backup is nearly done. Time to begin the Ritual of Cleansing.

2:10PM: XP is installed. Managed to install XP Home instead of XP Professional. I can’t imagine I’ll notice the difference. (Using Laptop to type this.) Windows could not identify my ‘net adapter, so no internet. Told it to search for drivers. It didn’t find any. Asked me if I would like to connect to the internet to look for drivers. Heh. You can TRY.

2:39PM: I installed XP to the D: drive. The old Windows drive is still there, just in case I need to go back to it. I guess once the transition is over I could format c: and install Ubuntu, just for laughs. Currently I’m gathering up all the drivers I need. Also need to replace the default background before I kill myself.

2:49PM: Yay, sound! Also, I forgot how FAST a new install is. 2-year-old installs always have that minute of grunting and sweating after XP appears. The machine LOOKS ready, but it’s not going to do anything but thrash the HD for a minute and a half.


2:54PM: Time to get my service packs on.


2:58PM: Once again, I want to commend Microsoft for Internet Explorer. It really is a top-notch tool for downloading Firefox.

3:12PM: Okay, display drivers installed. No longer using Windows XP: LARGE PRINT EDITION.

3:13PM: Windows Update wants to know if I want Internet Explorer 8. On one hand, it’s the best version of IE ever. On the other hand: Duh, No.

3:19PM: Time for the tough stuff. Need to install my WAMP server so I can serve myself webpages. Can’t live without that thing. On the other hand, it’s a bit fiddly to install and I can never remember the proper steps until I’ve puzzled through them again.

3:35PM: Service Pack 3 is downloading. Still can’t remember how to install WAMP. Going to have to find the website and RTFM. Sigh. Stupid failing memory.

4:25PM:Had a bite to eat and a rest. Back at it.

4:33PM: Wow. Glad I grabbed the new WAMP. Latest version was completely turnkey. Boom! Webserver. (WAMP stands for Windows, Apache, MySQL, PHP. It’s the basic stuff you need on pretty much any webserver. I use it for working on this site. I have a mirror of this blog on my local machine, so I can experiment with changes without breaking things while people are trying to use the site. Er. Okay, I DID have a mirror. That’s gone now. Need to get that set up again. Still… Boom!)

6:42PM: It’s almost seven o’clock? Well, em… Minecraft works, I’ll say that much. YouTube operates it’s usual time-devouring magic with no difficulties. I’ve got steam re-installed. Now I just need to re-download a terrabyte or so of games.


From The Archives:

400 thoughts on “The Virus

  1. cadrys says:

    …for, lo, the scoopable kitty litter must occasionally be dumped in its entirety, and a fresh layer placed within the box. Meditate upon this truth now, class. Oooohhhhhhhmmmmmmmmmmmmmmm.

    (Shamus, not going to jump to Win 7?)

    1. Shamus says:

      Tempting. But I don’t have the scratch for that right now, and I’ve got a STACK of friggin’ XP disks here, so…

      1. Daemian Lucifer says:

        You can try it out for…6 months I think?

      2. James Schend says:

        If you’re worried about security, XP lacks about 48 (ass-pull, but it’s a lot) security features that are in Vista and Windows 7. Like a sandbox, for one, which would have saved your ass right here based on what you wrote in your post.

        Also, when you use Vista or 7, you can install Microsoft Security Essentials for free, which is a very good anti-virus that doesn’t have any of the negatives you mentioned– it doesn’t slow your computer down, it doesn’t take up memory, it never nags you (unless you prevent it from updating regularly). It’s free, and it’s by the maker of the OS.

        Also, you should mention the vast, vast majority of viruses come from Adobe products, especially Flash (but also PDF Reader). Sun/Oracle’s Java runtime is also rife with security holes. If you install those two, your computer is about a third as secure as it was before.

        Lastly, even if you decide not to run a resident virus scanner (but you should run Microsoft Security Essentials!), you could still use McAfee’s Stinger tool to give your computer regular checkups… a lot of (the well-written) viruses are subtle, and you might have had one for months without knowing if you don’t regularly check.

        Lastly part 2, don’t wait for you to get a virus to do a backup! Backup regularly, install something like Mozy if you’re lazy, and just let it do backups for you with zero effort on your part.

        End lecture.

        1. Gantidae says:

          I found an alternative .pdf reader called Foxit to use instead of Adobe. Is there any alternative to Java?

          1. ferryman says:

            even Foxit got a bit bloated recently and split into more products. I found XChange-pdf viewer which is rather minimal. loads quickly and really that’s all I care about.

            there sure are plenty of alternatives to Java, the language, but that’s not the issue here, it’s Sun’s ubiquitous JVM. Sun kinda has a monopoly on java for end users and it’s probably a good thing too: it’s universal. it’s rather convenient to just click a link and have the java environment installed for you and not have to give it another thought (save for the odd update). I imagine it also saves devs like notch from a whole lot of stress too. before some other company makes a complete solution for running Java like Sun has, we’re stuck with it.

            1. MarkHawk says:

              There are other JVMs out there, but I dont know if any are fit for use as a general replacement for sun’s.


              edit: also, Its oracle’s JVM now. God, I hate oracle so much. PL/SQL is the devil.

            2. Eric says:

              Yeah, unfortunately there are no alternative Flash or Java clients out there, at least none that work very well or are even remotely feature-competitive.

              Also, for a simple, fast PDF reader, I recommend SumatraPDF. The image processing isn’t quite as good, but it’s portable and extremely lightweight.

        2. Clint Olson says:

          For what it’s worth, you can use Microsoft Security Essentials just fine on XP. I’m doing so now.

        3. lazlo says:

          I use MS Security Essentials on all my XP boxes. MS has never charged me for them… And I’d also have to argue with you on “Doesn’t slow your computer down” and “Doesn’t take up memory”. It does, and it does. However much it slows down the computer is imperceptible to me, but I *know* that it’s using some clock cycles here and there, and it *has* to use some memory. On my system it’s currently using about 5Mb which, while pretty well insignificant, is still technically more than “none”.

          So I guess I’m just being nitpicky here…. I think security essentials is really good, and prefer to see people laud it *accurately*. :) Kind of like how harsh Yatzee is on Portal 2.

          And Shamus, an important addition to your list of the sources of computer viruses is trusted sites that themselves get hacked. Gone are the good old days when, if your favorite site’s SQL input validation wasn’t quite up to par, you might find their main page replaced by a blink-tag enclosed exclamation of “Woohoo! I’m a super l33t haxor! I just totally pwned this site! Booyah!” Now if a hacker finds a flaw in a popular site, they’re much more likely to replace its home page with… an exact copy of that same page, with the minor addition of some obfuscated javascript whose only purpose is to make your computer into the internet version of Clairvius Narcisse, only with less sugar farming and more spam sending.

        4. Magnesium says:

          Even though I currently use Vista, I have only pity and a grim sense of gallows brotherhood for those who join me in that respect.

      3. Ben says:

        I got a similar virus to what you have a few months back and the only reason I was able to get away without a full reinstall was Windows 7. The thing with most of those drive by viruses is they are designed to install without prompting a UAC elevation so they can go unnoticed. That means if you are using proper security practices and running a standard account day to day with an admin account just for elevation purpose (basically ape the Unix security model) the virus can’t spread beyond that one account.

        If you log into another account the virus won’t be there and you can pick at in relative safety without having to resort to working in DOS.

      4. MichaelG says:

        I just run NoScript under Firefox. It’s annoying that Javascript has security problems, but the thing has been a trashcan of poorly tested features from the start. No surprise.

      5. SteveDJ says:

        I seem to recall some other virus around on the internet a few years back that exploited a hole in windows and just auto plugged itself into your system. I forget the name, but I do recall that it required XP sp2 (or later) to plug the hole.

        I even had a machine at work get infected mere seconds after installing XP (sp ZERO) and then connecting to the internet to try to download sp2 (latest at the time). The only solution was to install an XP that was already equiped with SP2.

        Don’t know if that virus is still hanging around, but I’d be very concerned that you connected your fresh XP machine, pre SPs, to the internet to download service packs. Or – does your XP disk also contain sp2?

    2. Moriarty says:

      yeah, windows 7 is far less crappy than you’d think. I changed to mac after xp because vista was hell, but I’ve got win7 on my gaming pc and it’s kinda okay.

      Didn’t have any bluescreens since release either.

      1. MrWhales says:

        I haven’t had a bluescreen or anything close, not even virus problems, ever since i had a computer a very long time ago with windows 98… And I will admit i use porn and pirate sites. Yet i am clean :) and yes, i know there may be something lurking. But no I don’t. My mom was degree’d in the art of internets(networking). And(this is my slight admission of youth) I grew up when the internet was just booming. Towards the end(the part i can remember, bad memory(pun)) Disney and other game-sites would have those dumb little games that taguht you “internet security” and that actually works… I kind of rambled, but you get my point. Because i don’t remember it.

      2. Sumanai says:

        “Kinda okay” is a pretty good description for Windows 7.

    3. Kdansky says:

      I have switched to Win7 very early, mainly because I bought a new machine at that time, and wanted to try it out, after having been burned by Vista. So I’ve been using it for a few years now.

      But sometimes, I have to remotely administer a machine of one of our clients, and they frequently run XP. I curse every single time. Windows 7 has exactly two annoying bugs* and is far better in all other ways, especially in the system settings and security department. I would really recommend to switch now, when you have to re-install anyway.

      *1: Scrolling behaviour in Explorer, which you can fix by installing classic shell.
      *2: If you have Japanese IME installed, install a US keyboard on top of that (and run something else as default), then delete the US keyboard, it doesn’t really go away. It’s a bit silly ;)

      1. Ian says:

        To elaborate on the scrolling behavior in Explorer, Windows 7 does not allow you to scroll horizontally in your folder list, nor does it attempt to automatically scroll ala Vista. Using the standard settings with no additional software, you have to increase the size of the folder pane to see deep trees.

        I really wish I knew why they thought that would be a good idea.

      2. Sumanai says:

        I’ve had Win7 suddenly decide that Steam hasn’t ran properly and set up a compatibility mode that I had to disable from the registry (didn’t appear in Properties).

      3. Uristqwerty says:

        Ever try setting up a custom file association?

        Here’s a hint: Unless you want to download something, or dive into the registry, Windows 7 doesn’t have a way for you to do it.

        Sure, you can set the program that something opens with, but if you want to have an “edit” option that opens a separate program from the “open” option, you won’t find that functionality in the usual Folder Options -> File Types, it’s G O N E.

        It’s the tiny things like that that make me think that windows 7 wasn’t designed for people like me, who like to customize everything but would rather not trust some outside utility. It seems as if Windows 7 was designed mainly for people who wanted to game on windows but don’t want to be bothered with how the system works underneath the UI.

        1. Ian says:

          There’s actually a pretty good reason for the removal of the file types tab. It didn’t work in all cases, and the implementation of the security features of Windows Vista and 7 delivered the killing blow.

          You can read more about it here:

    4. Noah C. says:

      If it’s the Starter Edition, I think that would kill Shamus. You can’t. Even. Change. The. Desktop. Background. ‘Nuff said.

      Seriously though, there is a lot of other junk I think Shamus would hate. Ooh, I forgot- on Starter edition, it will not let you delete IE. You don’t need to update it, but there will always be a message popping up, asking you to update it. Not being able to remove software would give him an aneurism. That’s just an example- Professional Edition might be better, at least, in a few aspects. But 7 also abandons a lot of support for older file types- like, for example, the HELP section of a program. Kind of important, that.

  2. IronCastKnight says:

    Yes! Burn the fields, salt the earth, irradiate the soil with gamma rays! Leave no leaf unburnt, no stone unboiled, no snow unyellowed!

    Also, when one needs a fast, reliable OS for editing and game playing, 7 isn’t it. Just because it’s better than Vista doesn’t make it as good as XP.

    1. Elec0 says:

      I could never go back to XP after being on 7 for as long as I have. It just has so many little convenience things that I’ve come to expect and use all the time, along with the fact that it’s just been a complete rewrite of Windows.. And 7 looks a lot prettier than XP.
      Anyway, it always sucks to have to reformat your machine because of viruses, just be thankful that you can still access your data to back it up. :/

    2. Gantidae says:

      That’s funny. My computer runs much better now that I have Windows 7. XP was great. I used it for a long time. I only started using 7 about two months ago. I’d never go back now.

      1. Khizan says:

        To be fair, this is quite possibly because you’re sitting on a 2 month old Win7 install as compared to a god-knows-how-long XP install. I’m sure that switching to 7 would see a vast increase for me in performance. I’m equally sure that I’d see a performance increase from just reinstalling XP, though.

        1. Winter says:

          Win7 is actually better about not rotting away in my experience. Vista was an atrocity, but Win7 is pretty solid.

    3. poiumty says:

      What, exactly, is “good”? If you have the hardware specs for it, 7 is much more convenient and reliable than XP, at least on 64-bit. There’s no real reason not to switch to 7 assuming you’ve got more than 2 GB of RAM.

      1. Nick-B says:

        crappy 64 bit drivers, perhaps? let alone crappy 64 bit windows 7 drivers? Half the time I use my microphone, I sound like I’m sitting in front of a fan because dang creative labs thinks people would never use more than 3 GB of memory on their SB Audigy 2 series and never made drivers that work well in it.

        Well known problem by users, solution provided is always: Upgrade.

        If I sigh and think for a moment, I really can’t complain too much about 7 64 bit. I’m just a bitter XP user. That had to hack the crap out of windows in order to get the ability to turn OFF auto-arrange.

        1. poiumty says:

          I have never had any problem with 64bit drivers for Windows 7.


        2. Peter H. Coffin says:

          The microphone driver problem could be contended to mean not that Windows 7 sucks but rather that Creative sucks.

      2. Ian says:

        I use a netbook with 1GB of RAM where I work and it handles Windows 7 shockingly well. I also downgraded my last personal laptop to 1GB of RAM and Windows 7 took everything in stride.

        That being said, the main thing that I used that last laptop for was “normal people stuff,” like web browsing and the occasional word processing venture. The netbook got quite a bit more of a workout and still managed to run well without doing a lot of crazy swapping.

    4. Trix says:

      XP is showing its age, good as it might be. I’ve not had any problems with 7 running anything I need it to, and I can’t help but be slightly disappointed going back to XP on my work computer.

    5. Soylent Dave says:

      After working through various versions of Windows, I remember being thrilled with XP (after the service packs, obviously) – it hardly ever crashed, it looked quite pretty, it still ran most of my old games.

      I would never have thought that I could possibly have enjoyed Windows 7 more… I do though. It has yet to crash, I’ve been able to run all the old games I’ve tried so far (without fannying about with compatibility modes, even), and it’s astonishingly user friendly.

      Don’t get me wrong – this is basic stuff that we should expect as a matter of course from an OS; it’s just the fact that windows has historically been so shit that makes Windows 7 seem great (at least, the 64-bit version is. On my PC.)

      And, as Shamus pointed out, it isn’t exactly free.

      1. Velkrin says:

        Getting an OEM copy of Windows 7 does help knock that price right down though. I think my copy was about $100 less than the regular retail price.

        1. Gantidae says:

          OEM forever. Buying a retail copy is just silly.

          1. krellen says:

            Legally, you’re only supposed to be able to buy OEM in additional to a hardware purchase. I suppose you could have a bunch of spare hard drives/motherboards sitting around your house, but why?

            1. Jabor says:

              You can never have too many hard drives.

            2. Gantidae says:

              I bought my copy of Win 7 when I built my new rig. So, yes, my purchase was perfectly legal.

            3. Lanthanide says:

              No, they got rid of the hardware purchase stipulation. The stipulation was “purchase with hardware”. Lots of companies took this to the extreme – you would ‘buy’ a 50 cent mouse ball or CD-ROM audio cable, and they’d discount the OEM copy by 50 cents and say you “bought hardware” with it.

              Microsoft never ever policed it anyway. So eventually they just got rid of it. Around the time of Vista, actually.

              Also, you can actually buy an Upgrade copy of Vista or Windows 7, and use it to install a full-fresh version of Vista or W7, as if you had bought OEM or Retail, and it’s cheaper. When asked for comment on it, Microsoft said this was intentional. It’s a little bit of fiddling around, but might work out cheaper for you, or be useful if a relative already bought an ‘upgrade’ copy thinking they were doing the right thing, or you got an OEM upgrade DVD that they sent out with with ‘Vista capable’ PCs that were released running XP before Vista came out. Note: I have done the clean upgrade install, and works 100% identically to a real clean install.

              1. Bubble181 says:

                Because the CD content is the same. The reasons for them just selling discs with the full version on it as upgrade discs with a little checking tool thrown in is similar to what Shamus talked about recently with chips :-P

      2. Retsam says:

        Hey, Windows 7 isn’t that cheap, but I bet if every person who said “Shamus Young should get Windows 7” gave $.50, he’d be halfway there.

    6. Kdansky says:

      The only people against Win7 and in favour of WinXP are those that have not used Win7. It is better by a long shot, especially as a developer.

      Also: More than 3.5 GB or RAM due to 64bit sytem. WinXP-64 is hell, you won’t find drivers, and quite a few things (such as installing dlls) can be really tricky. I would not go below 6-8 GB any more, it’s dirt cheap anyway.

      1. Steve says:

        Driver? WTF is a driver? Oh right, the things I used to worry about before I switched to a real operating system.

        1. Jabor says:

          I honestly don’t see how “I don’t need drivers because my OS only runs on one very specific hardware configuration that I cannot upgrade” is actually a better alternative.

          1. sab says:

            Must… Not… Feed… Troll….

            Silly Linux Myths Exposed: Linux Has Great Hardware Support. Damnit. The spirit is willing, but the flesh is weak.
            That being said, even I have to admit that windows is still the number one platform for pc gaming purposes.

            1. Audacity says:

              Correction my dear Sir, Linux running Windows XP as a virtual machine is the number one platform for everything.

              1. scragar says:

                As a Linux user myself I call this rubbish.

                A virtual machine is terrible for playing any modern game, and depending on what hardware acceleration you have going it could be running much slower(not GOG slow, with modern hardware anyway, but certainly too slow for Portal 2.

                And don’t you dare try claiming that WINE has it covered, although many games do play it’s support is still very subpar.

            2. Winter says:

              That’s all true, but linux audio tends to make me want to stab myself in the arm with a fork. A good trade-off, however, is that if you have old hardware you generally get much better support under linux than windows. Windows’s approach is “why you using old stuff? Buy more stuff!”

              1. X2-Eliah says:

                Really? For the normal user, the people support is much better in Windows than in Linux. You got a problem with windows, you’ll get ~20 replies, with at least 4 of them having real, normal, easy solutions. You got a problem with Linux, you’ll get 3 replies – one will be ‘rtf –man u nub’, other will be an instruction how to rebuild kernel with exotic packages, messing up support for half ‘unnecessary’ stuff you need, and third will be a mod locking the thread due to lack of replies.

                1. Sumanai says:

                  You have a good luck with finding help for Windows problems. I usually find about 20 responses, of which 9 are mentions that they have the same problem, 9 are unhelpful and don’t make any sense and two that fix another, slightly different, problem. Granted it’s roughly the same for Linux, with the exception that the solution is to edit some text file (even if the setting is, or should be, in a GUI).

            3. Sumanai says:

              I think Jabor was talking about MacOS.

              1. Ian says:


                I use a 27″ iMac at work and, while I like it and enjoy using it, I can’t get even close to the same uptimes as I do on my Windows 7 machine at home (which is under far more duress) before Mac OS starts flipping out, acting oddly, and essentially requiring a restart to get it to calm down. This is on a fairly sane install of Snow Leopard, too, with no third-party extensions.

                SMB support is particularly bad. I haven’t been brave enough to try this recently, but if I tried connecting to SMB shares and trying to do any serious work Finder would freak out and give a cryptic numeric error code. As much as I tried wrestling control back from the system, the only thing that allowed me to log out and get back to my work was holding the power button and rebooting.

                I remember numerous other people having this problem and having to go through the same “solution.” My solution, if you could call it that, was loading Windows 7 into a Parallels VM and doing network file transfers with that. Just bloody ridiculous.

                Also, to be perfectly fair, Windows does *NOT* get a pass for that ridiculous issue that crops up sometimes when XP machines try to talk to Vista machines using SMB2. That issue is equally stupid and is nearly as much of a time-waster (though at least it’s “fixable” by disabling SMB2 in the registry on the Vista box).

                1. Sumanai says:

                  Heh. Virtualization seems to be the word of today.

                  1. Ian says:

                    It is. And it’s beautiful. :D

        2. Ian says:

          Yeah, I love having all of those extra kernel modules just taking up space. It really helps when I decide to plug the XT keyboard into my i7 and boot from the drives off of my SCSI-1 card while I output sound to my Gravis Ultrasound and watch some video on my Rage II. And I’m only slightly exaggerating. Most distros install drivers for antiquated crap like that by default.

          Sure, you could recompile your kernel to get rid of the unnecessary bloat that distros like to install (oh, and forget to clean up — do a “du -s /lib/modules/*” to get an idea of how much space kernel updates waste if your distro just keeps installing new kernels without clearing out the old ones), but then you suddenly have to start worrying about drivers in a big way.

          It also sounds like you’ve never had to do much configuration with the NVIDIA/ATI binary drivers. Do me a favor and set up a dual-monitor setup with the primary monitor on the right side, then give me your honest opinion on how fun the process was to get working well.

          Bottom line: all operating systems suck.

          1. Andrew B says:

            Oh my God. Gravis Ultrasound. I am suddenly back in 1995. Wow. That’s a real blast from the past. I’m impressed!

            1. Ian says:

              I do what I can. 8)

              I never actually owned a Gravis Ultrasound. I was just one of those SB16 owners with GUS envy. I was a demo/tracker scene enthusiast at the time and always shed a few years when I’d run into something that required GUS.

    7. Eric says:

      Windows XP is a security nightmare, a bitch to maintain that requires frequent reinstalls to run smoothly, it crashes relatively frequently, and is no longer officially supported by many companies. On average you’re looking at maybe a couple extra frames per second in games performance-wise due to the lower overhead (with new drivers this might not even be an issue, I haven’t seen a comparison made since the RC), and *maybe* faster boot times (though my system starts in less than a minute using Windows 7). There’s literally no advantage to it today that makes it worth using, unless you’re a business relying on certain software that can’t be upgraded, in which case, I’d say dual boot anyway.

      1. Simon Buchan says:

        Or use Win7’s Windows XP Mode, which runs a full seperate XP install in Win7’s integrated Virtual PC. It even exports the windows to your shiny 7 desktop, with Fisher-Price window frames and all (it looks freaky as all heck!). I use it for debugging the (thankfully small) HTML work I do on IE6, and it works great.

        1. Sumanai says:

          But it’s Windows 7 Professional or Ultimate only and those cost quite a bit more that Home.

    8. Ian says:

      XP has poor support for newer standards (go ahead and install XP on an AHCI/RAID system without a floppy disk. Have fun with nLite!), it has a poor security model, it has an aging UI, an inflexible and outdated power management model, it doesn’t use extra resources effectively, and it has no 64-bit support (XP x64 is actually Server 2003 x64, hence the reason that there is no SP3 available for it and why it’s not well supported by…well, anyone).

      I’m not set out to destroy XP based on all of that alone. There’s a good reason for all of that. Namely, that it’s a decade old and that backporting features to it would probably be a monumental affair. XP is so old at this point that installing it on a modern system would be like loading up a brand new Mac with OS X 10.1, or a system based on Linux 2.2.

      While I never had an issue with Vista (though I did have a reasonably grunty system at the time), I can certainly understand why people would skip it. With Windows 7 bringing Vista’s new technologies to a trimmer platform, there’s really no reason to stick with XP. What are you going to do when everyone stops supporting it? It’s already starting to happen and that’s not going to change.

      As for the speed argument, I can’t argue with that. XP is lightning fast after all. However, Windows 98 is even faster than XP, yet nobody seriously suggests using that in 2011.

      As far as reliability is concerned, you’re clearly forgetting the early days of XP. The shift from classic Windows to NT led to as many crummy, slapped-together drivers as the shift from NT 5 to NT 6. The days of dealing with crappy Vista drivers have long since been over, and as a result Windows 7 is easily as reliable as XP, if not more so.

      1. krellen says:

        Reason to stick with XP: You don’t have a new system.

        1. Ian says:

          That only covers a fraction of my arguments against XP, but sure. If you have a system that’s too old to run 7, you’re going to spend more money upgrading it than you would just buying a new system.

          Right now I have it running perfectly fine on a pre-Vista laptop (an Inspiron E1705) and, before that, I had it running on an even older laptop (Inspiron 9300) without Aero enabled. Both systems were mid- to upper-mid-range laptops when they were released.

          So, no, you really don’t need a “new” system to run 7 well. You just have to have a decent system.

  3. Sekundaari says:

    Quick, semi-related question: wouldn’t these and other console commands have sufficed for your purposes? The Bethesda Gamebryo games are nice that way, the console can do more than most cheats could.

    1. Shamus says:

      Yeah, the console commands were what I was after. Yeah, I should have searched for “Fallout wiki”. I think I searched for “cheats”. The first result was some slow pig like IGN. I had to go few results down to get the goods.

  4. illyrus says:

    Do you use NoScript with Firefox? If not I suggest you try it. It’s annoying for the first week or so while you right click “Allow” for your commonly viewed sites but can save you quite a bit from some malicious scripts.

    1. Christopher says:

      After hearing lots of people rave about NoScript, I decided to give it a try, and now I’m one of the people who raves about NoScript. It’s the best protection you can have while surfing. I wouldn’t recommend it for non-technical people (at least not without a few caveats), but for those of us who are, it’s a godsend.

      1. poiumty says:

        I am also one of the people raving about NoScript. Join us, Shamus.

        One of us. One of us.

      2. Gantidae says:

        I’ll throw my endorsement for No Script here as well.

      3. Trix says:

        I have to unfortunately say I don’t like NoScript that much…mostly because it kept interfering with certain things I’d gotten used to seeing. That and I got lazy about updating it.

        It is certainly useful for preventing this sort of thing, but I’ve definitively dealt with significant infections in the past so I’m not as concerned (and I don’t go to those kinds of sites anyways).

      4. NihilCredo says:

        Thirded. I’ll also add RequestPolicy in there – it doubles the hassle of NoScript, but it’s probably just as powerful for security. It’s an addon that stops all third-party content until whitelisted, so that cannot embed stuff from in the page.

      5. Neko says:

        I love NoScript so much for saving me from the kind of crap javascript ou find everywhere that pulls in more javascript from advertising partners that litters pages with flash objects and slows everything down to a crawl.

        If I trust a site, it gets to use javascript. If not, and it can’t display a few paragraphs of useful information without javascript, then screw it, there are better sites available.

    2. X2-Eliah says:

      This assumes you’d want to use Firefox. Which frankly nowadays is just an IE under another skin.

      1. Pete says:

        Any facts to back up that claim? Because if there are Id like to hear them. Knowing is half the battle and all that.

        1. X2-Eliah says:

          Loading speeds, very widespread and thus priority target right after ie, obtuse ui, annoying default setup…

          Anyway, I just wanted to say – I don’t see FF as any better than latest IE, same could apply for other people. Deal with it.

          1. Nick says:

            Microsoft is responsible for fixing it if it goes wrong.

            That’s all the reason to stick with Firefox I’ll ever need

            1. Ian says:

              Microsoft has made more progress between IE 8 and IE 9 than Mozilla has made with Firefox in quite some time. The fact that they took their layout engine and made it quite respectable within a couple of years shows that they’re finally starting to give a damn again.

              I’ll admit that Firefox 4 performs much better than Firefox 3.6, but it’s still pretty slow compared to most WebKit browsers. Chrome starts up almost instantly on my system with 8 pinned tabs open on startup. FF4 takes several seconds with two pinned tabs (that being said, Firefox 3.6 took closer to 10 seconds, so that’s quite an improvement; still not as fast as Chrome/IE9 though). The main reason I even still have Firefox is because of its rich addon support.

              Oh, and its private browsing support really, really blows.

              1. Zak McKracken says:

                Last time I tried IE, it took 2 or more seconds to open an _empty_ tab. Displayed the tab-thing with a message “loading new tab”. For two seconds, before I could start entering an adress in the adress field.

                … is it still doing that?

                1. X2-Eliah says:

                  Just ran a quick test. Firefox 3.6, with noscript and adblock (and nothing else), homepage set to google dot com. IE9 – homepage set to google dot com, and ‘skype live blahblah’ extension disabled, rest as default.

                  Launching the browser itself: IE9: ~1 second. FF3.6: ~6 seconds.
                  Opening a new tab: instant on both.

                  You know what you do? When IE first asks you about the speedup thing, you don’t close it, you don’t tell it to ask you later, you open it ONCE and then press DONE. Obviously you will have slower system if you haven’t finished even setting up the browser in the first place.
                  If you are not referring to the extension enable/disable notification, but your tab opening is really that slow… Well, no, afaik IE doesn’t do that.

                  //Disclaimer – Google Chrome is even faster.

                  1. Zak McKracken says:

                    I’m not even sure if that was IE8, and it wasn’t on my own computer (I run Linux at work and at home, mostly, except on my gaming machine, but that’s very very neglected lately.) I saw it on a windows machine at work I had to use, and it had only this one IE version installed, stupid company policy … try to avoid using windows even more now :)
                    Apart from that, I’m long-time Opera user. If you need an avalanche of reasons to use Opera, ask me :)

                2. Ian says:

                  @Zak: I haven’t experienced that at all, but I’ve seen plenty of my company’s customers’ systems doing that. It’s generally because there are too many addons or ActiveX controls loading up when you pop open the tab. Rather than keeping everything in one process, IE8 opens every tab in a separate process, ala Chrome, so if there’s an addon that takes three seconds to load, it’s going to take three seconds per tab.

                  @X2-Eliah: I’m going to break character and do one of these:

                  //Disclaimer ““ Google Chrome is even faster.

                  QFT. ;)

    3. Moridin says:

      NoScript would likely have stopped the virus although it can be a bit of a hassle until you get used to it(for one thing, it feels like almost all sites require disabling it on their address to fully use them).

      And I tried to resist saying anything about Linux, but… you do realize that it’s not a dichotomy, right? You can install Windows and then install Linux on some small partition(shouldn’t require much more than 10 gigs or even considerably less if you’re willing to use some less easy-to-use distro without all bells and whistles already installed) and then use Linux when you’re not going to anything that you’d need Windows for or if you need to visit some shady sites for whatever reason.

    4. ccesarano says:

      As a web developer I feel obligated to say SCREW NO SCRIPT.

      The only way to design a fully functional site that can work around JavaScript being turned off is to do it as your full time job (oh how I wish I was). As it is, I only have time to write clean functional websites assuming people have that functionality at least.

      True, someone can always just say “okay, run this anyway”, but in the event someone is paranoid you have to make sure your site isn’t crippled just because they have JavaScript off.

      1. poiumty says:

        There’s always a “please enable javascript or turn off noscript for this site” notification you can show. Chances are if people are interested in your site for more than a passing glance they’ll allow scripts for your particular site.

      2. lupis42 says:

        I’m sorry it’s difficult to make websites that don’t work without executing your code on my computer. Would you like us to send you credit card info in plaintext so you don’t have to go to the trouble and expense of getting an SSL cert as well?

        1. blue_painted says:

          And what exactly do you think your browser is doing when it renders HTML …?

      3. macil says:

        (edit: this was a reply to the main thread, not sure why it got put here.)

      4. Steve C says:

        As a web surfer I feel obligated to say SCREW DEVELOPERS WHO SAY SCREW NO SCRIPT.

        This is a security vs usability issue. If you choose to screw over my security to make it easier on you then… shame! I’m not going to let someone make that choice for me. I’ll continue using NoScript, Flashblock and anything else I think protects me. It’s your choice how to design your website and it’s your choice to design your website to be hard to use. Most websites actually want people to go them so the user has the power here.

        BTW I wonder if the PSN developers had the same opinion when they were thinking about ease of use vs security?

        1. Alexander The 1st says:

          You act like there isn’t a security issue with just accessing the website, despite advertisers able to use HTTP requests to track you cross-website, cookie data being served and potentially containing viruses, cross-cookie sniffing, browser-sniffing (If you want your code to work cross-platform, that last one’s kind of required), corrupted images, corrupted MIDI.

          Just suck it up and disable your NoScript. Or enable Flash (Without admin privileges, for ‘security’ sake), and enjoy all the Flash websites trying to solve the issue of a broken internet because of browser incompatibility.

          The rest of us want things outside of our browser than lolcats and text.

          1. Steve C says:

            Let’s look at your list and how it reacts in my case:

            use HTTP requests to track you cross-website

            cookie data being served and potentially containing viruses
            -3rd party cookies BLOCKED, all cookies deleted every session

            cross-cookie sniffing

            -FALSE ANSWER GIVEN (I answer this one but my browser is set up to lie)

            corrupted images
            -3rd party images BLOCKED

            corrupted MIDI.
            -ALL MIDI BLOCKED (MIDI is just annoying in the best of cases)

            I’m willing to live with the drawbacks of this. For example I don’t have flash installed. (I’m not crazy about Steve Jobs but he’s absolutely right about Flash.)

            If you are a web designer and want me to trust you to turn on those features then you MUST EARN that trust. If I decide that your website is too much of a problem for me before you earn that trust then I’m going to go somewhere else. And there’s =always= somewhere else I can go. The website I load up always needs me more than I need it.

            Web developers that can’t be bothered to develop for security minded individuals obviously don’t want my business. If a site doesn’t want to take security seriously on the front end, then no way I’m going to trust you on the back end with my personal data or credit card info. Best for me not to waste my time. I’ll go somewhere else.

      5. Jabor says:

        Have you ever wondered how your sites look to Googlebot? Or to vision-impaired people?

        1. ccesarano says:

          I’ve actually been sure to use tags that help translate data to those browsing who are vision-impaired, and have tried a few other usability tricks for just such things. Unfortunately, I do not have the personal time to work that stuff on my own projects.

          Still, there’s a difference between “Oh, we should make sure our site works for the blind or even color blind” rather than “There’s a bunch of paranoid people out there afraid someone’s going to use some JavaScript to steal the name of their favorite dog. Let’s make sure every little bit of JavaScript that’s meant to make our site easier to use doesn’t interfere with those folks”.

          Then again, I already mentioned in the Facebook topic that I feel there’s a difference in being careful and outright paranoid. Turning off JavaScript and avoiding Facebook, etc. is like building a bunker and filling it with canned goods, water and weaponry in case the Martians form a treaty with the Communists to invade America.

          That said, at work, it is a professional obligation to make sure sites work for as many people as possible, no matter what their lifestyle or browsing preferences. You’d be surprised how many websites don’t customize a CSS for printing pages. Do you know how much ink could be saved if this basic rule was followed? (though if you thought consistency between browsers was a pain already, try getting a print CSS to work cross-browser). My frustration towards NoScript and such is the same as my frustration towards people using Internet Explorer. Unprofessional and out of a sense of wanting to do less work.

          1. Shamus says:

            This is an interesting experiment: I’m using the built-in NoScript of Chrome now, but I’m not actually trying to USE the net without scripting. I just have it off by default and whitelist as I go, in case I end up in a dark alley of the internet. It’s a pretty good system so far.

    5. Deadfast says:

      I was actually just going to suggest just this. Obviously some pages don’t work without JavaScript, but that’s what the Allow or Temporarily allow options are for. In a few weeks you’ll have all the usual pages you visit whitelisted and you won’t even notice it anymore.

      Also, Process Explorer will – in contrary to Task Manager – display the full path to the processes. Gosh, who would have thought that could come in handy.

    6. Eric says:

      NoScript is amazing. It practically turns your browser into a sandbox environment just like an operating system, and has certain security features and anti-tracking measures that many full-cost suites don’t offer. Definitely worth using for anyone who’s concerned with security or even just controlling their usability experience on the web.

    7. Interestingly, it’s not clear that Noscript would have saved Shamus in this case. Just this morning I was trying to sort out some things on my gaming PC and stumbled upon this rather enraging warning at

      TDLR for the link: Windows Update silently installs .NET framework assistant (aka ActiveX redux) as a non-removable FF extension, resulting in pwnage next time you click in the wrong window. Based on Shamus’ account, it sounds like this is what could have bit him.

  5. Droid says:

    Here’s a trick I use: any account you use to check email or browse the web should be a basic User account, not an Administrator or Power User.

    I install all my software on the Administrator account, which sometimes (due to poor coding practices) means there’s no start menu icon in the basic user account. Or, worse, the program requires Admin permissions to run.

    You can work around those things and deal with a little more frustration due to setting things up that way but it reduces the chance of an infection a lot, since most of them anticipate having admin access to system files and the registry.

    1. Kdansky says:

      He was on XP. You don’t want to do that on XP.

      1. MrPyro says:

        Why not? While XP does not have UAC, you can still choose to elevate privileges on a lot of programs by right-clicking and choosing “Run As” (admittedly this doesn’t work for an irritating number of system settings).

        I used to run like this in Windows 2000 (back in the day; I’d forgotten how long ago that was).

        1. Ian says:

          It probably won’t be as much of an issue now, but the majority of the problems that you’d run into were because of poorly designed programs that do silly things like keep per-user settings in HKLM or their program directories.

          I’m glad UAC wound up happening, since it finally forced developers to design their software to work with the NT security model (only took about 16 years! Woo!).

  6. Ben says:

    I feel your pain. I had a similar experience a few years ago, where a foolish misstep changed my plans for the next few days to involve a lot of software installation.

    However, Windows XP? That’s ten years old, requires a huge amount of patching, and is nearly unsupported at this point. Unless your current software/hardware is not compatible with newer Windows, you really owe it to yourself to switch to Windows 7 while you’ve got the opportunity forced upon you.

    I know, it’s money and a bit of a learning curve, but 7 is by a significant margin the most impressive and capable Microsoft operating system yet. It’s attractive and easy to use, and while it does have slightly imposing system requirements, once you cross that threshold it actually seems to run better than XP would on the same hardware. It manages memory properly, has great built-in tools for system backup, and understands an SSD, if you ever want to head that direction.

    It also installs a lot faster than XP, and figures out most of the drivers for you, saving you a bunch of time with your motherboard’s driver CD.

    1. Kevin C says:

      Windows 7 can also be tweaked with about a half-hours worth of work (if you don’t know it at all) to look / act like XP. I do that on my systems.

    2. NihilCredo says:

      I have Windows 7 myself and agree that it’s definitely superior to XP, but if I had to pay for a retail copy I’m not sure the improvements would be worth it – it’s still almost the price of two good games. Most of Win7’s features can be replicated with freeware third-party tools if necessary.

      1. Kyte says:

        But third-party tools are never as properly integrated as the OS-native ones. And the meat of 7’s (and Vista’s) improvement was under the hood, where no third-party will ever reach.

  7. Shadow2336 says:

    Just remember to sacrifice a few goats when you’re wiping the machine. The fresh blood seems to appease the God of the Computer.

  8. matt says:

    I suggest installing AdBlock plus. It can be configured to let ads on your favorite sites through, but it will block shady stuff like this. I also run with no antivirus, and thanks to ABP, I’ve never got anything bad.

    1. Gantidae says:

      Another good plugin.

    2. Chris B Chikin says:

      II think Shamus implied that he ran AdBlock when he said that “Firefox has built-in popup blocking.”

      I switched to Chrome a few months ago and although I prefer the interface (I’m on a netbook so it’s nice not having half the screen eaten by the toolbar) one of the biggest pains is that the Chrome equivalent of AdBlock is just nowhere near as good. It blocks adverts in-browser but it absolutely pathetic when it comes to pop-ups or ad windows that get opened when you do something like watch Megavideo.

      Course, I probably shouldn’t be watching most of the stuff I see on megavideo anyway, so…

      [EDIT] Also Shamus, I use Avast! for my virus protection. It’s free and, although I’m not too clued up on this stuff, my friends have said that it’s an excellent piece of software and I think it’s won some awards. Just thought you’d appreciate the suggestion when armouring your resurrected phoenix (or some other less cheesy metaphor).

      1. krellen says:

        I refuse to use Chrome until they fix the issue with it installing into a specific user’s Local Settings folder instead of in the proper place for programs.

        1. Chris B Chikin says:

          Can’t you decide where it installs to or just move it?

          Like I say, I’m not too tech-savvy but I can’t see why it would be that difficult.

          1. krellen says:

            Nope; it doesn’t ask where to install, and moving it causes it to stop working, even after ample registry editing.

            1. Avilan says:

              I use Chromium, the browser that Chrome is based on. I also use Asblock Plus, Flashblock and block all 3rd person cookies out of principle.

              1. Eric says:

                Chromium is way better than Chrome, mostly because it doesn’t have any of Google’s spyware built into it (they track every site you visit and give your computer a unique ID, giving them full access to your entire browsing history). Previously I wouldn’t have recommended it because of its limited add-on functionality, however now that Adblock Plus and NotScripts are available, it’s pretty much just as capable and fast as even the newest Firefox nightlies (maybe a bit slower, but so what). If for some reason you prefer Chrome, I highly recommend installing Chromium instead.

                1. Avilan says:

                  I second this obviously; I prefer it to FF4, even.
                  I use FF4 for Pr0n and nothing else, and Chromium for everything else.

                  One thing though; if you use Chromium, install the addon Chromium Updater* since it unlike Chrome can’t update itself.

                  *All this does is to link you to the latest build as an .exe or ZIP file.

                2. Psithief says:

                  Chrome’s usage tracking can be disabled easily! I think it’s even opt-in.

                  It’s the RLZ tracking you can’t disable – and that only works when google is your default search provider.

                  Hasn’t changed in 3 years:

        2. Sheer_Falacy says:

          I’m pretty sure the version installed with installs in the standard location.

        3. Kdansky says:

          Why are you bothered by that? It’s just a browser. As long as it works, it really doesn’t matter where the .exe wants to be.

          1. Zukhramm says:

            Because we like some organization and not having programs spread out all over the place?

          2. X2-Eliah says:

            Why are people bothered about steam installing all games in one place?

            People just like to be in control of their systems, that’s all.

            1. StranaMente says:

              I was thinking about that… I hate you steam, and I’ll find a way to put some order in this mess.

              1. Deadfast says:

                Symbolic links (or directory junctions as Windows calls them) should work… Thanks, Steam!

          3. krellen says:

            Because I work IT for a living, and installing a browser to a specific user’s file means no one else can use it. It’s really quite inconvenient if you ever have to deal with public machines, as I do every single day.

        4. MrWhales says:

          Please inform the ignorant of these words you speak.

      2. StranaMente says:

        If the interface was a put-down for you, firefox recently released a 4.0 version, which is very similar to the one in chrome (or you can make it look like it).
        I prefer Firefox mainly because of the live feed buttons. From what I understood, chrome still doesn’t have them.

        1. X2-Eliah says:

          Hehehe.. Opening the firefox 4 download link in chrome makes the ff site think you already have the latest version.

  9. Falcon says:

    I feel for you Shamus, I really do. I follow the same basic virus security you do, and have not had problems myself either. Thing is AV software is notorious for not really stopping virii either.

    During a previous employment I was part of (and often THE) IT crew for a small company with about 40 terminals, and 5 servers. Thanks to my predecessor the AV software of choice was Symantec Endpoint, one of the worst kind of resource hogs out there. It was necessary though from keeping the common stuff away, since most people there treated the computer as a magic box.

    Anyhow, mid 2009 or so a new flavor of virus popped up that really turned me on my head. It sounds fairly similar to the one you got too. It called itself Antivirus 2009. This sucker embedded itself DEEP. A slash and burn technique of deleting everything modified in the last 2 days, along with replacing many system files from the i386 directory, doing a complete system rollback 1 week and numerous ancient Cherokee health chants got the system in working order.

    Variants of it popped up a few more times, and each time it was easier to dispatch, but the first time was an unholy nightmare. Restoring from CD was possible, but with people so tech unsavy doing so would have destroyed their productivity for weeks.

    Makes you want to commit heinous acts of violence against the viruses creators.

    1. Shamus says:

      That’s the one. I had AntiVirus 2011. (And 2010. Redundancy!)

      Nice to know the assholes are keeping their poison up-to-date.

      1. Trix says:

        2010 for me IIRC.

        Hijack This really helped in removing everything cleanly.

      2. Falcon says:

        Hey what’s the point of being an asshole like that if you’re simply going to let your bundle of joy be outdated. You’ve got a reputation to uphold! You don’t get the title of ‘mouthbreathing villanous pox on humanity’ by not improving your baby.

        1. Sekundaari says:

          So they’re classholes then. Got it!

      3. Eric says:

        False anti-virus and anti-spyware programs (which are often geared to trick the user into sending their credit card information to buy a “Pro” version of the software and so their info can be stolen) are one of the older and more common forms of malware out there. There are often dozens of variants of the same version, too, released under new names as soon as they’re detected by proper security programs. It goes without saying, but always be vigilant and thoroughly investigate any anti-virus program you might want to install. You never know.

      4. scowdich says:

        I’m working in IT support right now, and these seem to be popping up more and more lately. One of the workstations in our support office got it, even. Nasty stuff. Fortunately it was within a Parallels install, so cleaning it up was fairly painless. No chicken entrails at all.

        1. MrPyro says:

          Yeah, I’ve been seeing them a lot recently as well. Fortunately our users are limited accounts only, so the infection can’t spread too far, and is relatively easy to clean up. If they get in as an admin user they can be utter sods to get rid of.

          We also had a machine get a serious infection recently from Spotify; someone manages to upload an infected advert to it.

      5. Mayhem says:

        Yep, the GM in our office got this a few weeks back.
        Cleaned it up, or so I thought, but then found alerts on every other machine with an open share. Fortunately McAfee corporate will pick up the incoming worms and delete them. Unfortunately, it doesn’t do squat for the initial infection – that software hooks itself in good and fast.

        That being said, it only infects the active profile, so the problem goes away if you log in as another user. You can then delete the original to gain a measure of safety.

        We just blew away his profile on the server, then reimaged his desktop. Take off and nuke the site from orbit, the traditional IT way.

        1. Alexander The 1st says:

          Sounds like the Avatar way – since that’s how a LOT of people felt the movie should have gone at the end.

    2. psivamp says:

      I encountered this somewhere, it infects FAST. Then it tries to get you to pay them and keeps you from getting legitimate anti-virus software. Happened on a netbook, luckily I had an external CD drive from a past laptop that needed it and I was able to wipe and reinstall.

      1. MintSkittle says:

        We got hit with this at our work a couple years ago because one of our (former) employees spent his break times browsing lesbian chat rooms. We had to deep six that computer, and had our IT drive out from the parent company to purge the system.

    3. RTBones says:

      Makes you want to scream. My approach to security is similar to yours, Shamus. For me, the best defense has always been to know the machine, not hide behind mountains of software.

      In a previous work life, I worked IT on a university campus, and have over the years done the “family PC tech” routine. Dealt with one last year that went so far as to attempt to prevent any anti-malware/scanners/anti-virus programs from running. You could try to launch your AV program but nothing would happen, thanks in part to some “creative renaming” and program substitution by the virus. When you eventually got the machine into a state that was close to normal and rebooted, it started all over again. Booting into DOS and manually whacking all the moles was the only way to get it gone.

      No, I didn’t trust the machine either – and went through what you are going through right now.

    4. LMR says:

      Care to share any of those ancient Cherokee health chants, in case it helps?

    5. Soylent Dave says:

      Yeah, I had to take the same slash & burn approach to cutting that one out of my son’s PC last year. I hadn’t seen a virus embed itself so deeply and resiliently before.

    6. Eltanin says:

      I often fight these things as part of my job and they always end up making me look like a fool. Viruses are a rabbit hole from which there is almost no return if one is so foolish as to jump in.

      I can’t tell you how many times I think, “Ok, just try for an hour – hour and a half tops, then wipe the machine.” After an hour and a half of fighting it comes the thought, “Well, I’m really making progress. I’ve almost got it. Let me try a couple more things.” 5 hours later I realize that I’ve spent waaaaay too long on this and that the client is never going to pay for all that time to clean a virus.

      So I hang my head in shame and wipe the machine like I probably should have after the first 30 minutes.

      That said, may I direct you to

      It’s a great site and they have specific guides for removing various strains. They also have ComboFix which is a must-have tool for fighting this junk, though like anything it isn’t always effective. It also comes with big hairy warnings about not using it unless directed. So..yeah, be careful? I don’t know, I’ve never had a problem. I think that they just don’t want to hear you crying if your machine dies because ComboFix killed something essential.

    7. Rayen says:

      been dealing with this stuff like this since summer 2010. usually a backup and system restore would cure the worst of the problems. really the worst part for me is i regularly check DeviantArt and that wretched hide of scum and villainy is infested with the suckers.

      Also had one recently that would hijack IE and not met me go anywhere… Spybot took care of it as far as i know…

  10. poiumty says:

    Ad-Aware, SUPERAntiSpyWare, HiJackThis, MalwareBytes, and SpyBot Search & Destroy – I don’t think these are qualified as antivirus programs. You’d probably need an ACTUAL antivirus program (for instance, a free one like Avast or AVG) to get rid of actual viruses.

    I keep avast on at all times. It doesn’t bother me at all (silent/gaming mode is on) and has notified me a few times in the past. Mostly because I use a flash drive to bring schoolwork home with me, and computers there are old and unkempt.

    1. krellen says:

      MalwareBytes usually gets rid of this particular virus when the idiots I work with install it at work; it does a better job than the enterprise antivirus we’re required to install due to University guidelines.

      1. MrPyro says:

        MalwareBytes is pretty good; I’m a big fan of HijackThis as long as you know what you’re doing, since rather than try to be smart it just searches the registry for anything that runs at startup and gives them to you in a big list; lets the user determine what is dodgy and what is legit.

        1. Alexander The 1st says:

          And if you don’t, it invalidates your Adobe licenses. <_<

    2. Sagretti says:

      Yeah, anti-viruses, even completely updated ones, don’t catch the crap these kind of malware spit out. MalwareBytes and Spybot usually are your two best tools with these things, if one doesn’t catch it, the other will.

    3. Volatar says:

      I have stopped using Avast on my laptop and gone the Shamus route because, even when you disable all the scanners, it still is a huge memory hog.

    4. Rosseloh says:

      Yeah, as Krellen mentions, MalwareBytes is good for virii (it’s the second step in our cleaning process at work). But you’re right, the rest of them are more generic “malware” removers than actual virus scanners.

    5. Heron says:

      AVG has a nifty “rescue cd” they give away for free that you can burn to a CD (or install on a flash drive). You boot off of it, it downloads the latest virus definitions (and if you’re booting off a flash drive, it stores them for next time), and scans your computer and fixes things. I used it to bring a friend’s old laptop back from the brink of death.

      I actually wrote a blog post on this very subject in March. The short of it is, if you avoid the types of sites Shamus mentioned in his post here, and don’t click on every spam email that shows up in your inbox, it’s not difficult to remain virus-free.

    6. Eric says:

      Since we’re doing anti-virus recommendations… ESET Smart Security. It is by far the most thorough anti-virus program I have ever used, and it is incredibly fast – you won’t even notice it’s running. The amount of control it gives you over how it scans, what files it looks for, etc. is second to none, and its firewall is pretty much perfect, stopping every single thing from accessing the Internet if you tell it to (if you ever somehow get a virus installed, it won’t even be able to phone home unless you say it can). The system scan times are a little on the slow side, I guess, but just run it overnight and you’re fine. The caveat is that it does cost money, but compared to other free solutions it’s really, really worth the subscription.

    7. Thom (talzaroff) says:

      Well, I want to share my view aswell. I’m using the free Avira AntiVir Personal to keep my pc and laptop clean from viruses. Best thing about this one (apart from it bein free ofcourse) is that it barely uses any system resources. Mine’s running on Vista, with a mere 13 Mb mem use. When you d/l anything, insert any external storage device, the memuse goes up for a short while to scan it, but it’s still fast and doesn’t spoil resources.
      To make sure my laptop is clean, I run MalwareBytes every now and then, but it barely ever finds anything…

  11. Kevin C says:

    Once you have your system rebuilt, image it. I use PING to create the images and save them elsewhere. If / when I need to, I go back and use that to do a restore. (That URL if it doesn’t show up/work: )

    I’d suggest one when the OS and drivers are all installed, another when you have all your apps installed, and every couple of 3-to-6-months after that…as you deem fitting.

  12. The Gecko says:

    The Ripley approach is absolutely the correct approach here: “Take off and nuke the site from orbit. It’s the only way to be sure.”

    As soon as malicious code has run with admin privileges on your computer, the computer is no longer yours. The task viewer you’re using to view processes may be replaced with one engineered to not display malicious processes. The kernel may have been patched (or some kind of driver loaded) to hide processes, files, etc. You can’t trust the tools you’re using to diagnose, because the tools themselves may have been compromised.

    As for the linux/other OS thing, I hear you. I use Linux as my main desktop OS, but also keep a windows computer for gaming. Sure, WINE works well enough for a lot of things, but when it comes to gaming, I’d rather just fire up a game and play rather than worry about trivial compatibility issues that might cause problems. Especially when games are what you do for a living, running on a native client (OS) is 100% worth the trouble. Personally, I just treat my windows system like a console – fire it up to play a game, close it down when I’m done. It has the nice advantage, too, of being able to run stuff fullscreen, but keeping browsers, IM clients, IRC open on the other system and not having to worry about tabbing out or windows shifting around when the game switches resolution.

    Anyway, if you were considering AV this time around, I’d give the Microsoft Security Essentials a shot. It’s surprisingly lightweight compared to other AV suites, and from what I understand, effective, although I have never had to put it to the test. This is probably because it’s a free program, so they don’t have to keep adding feature-creepy bloatware to keep you buying new versions year after year (I’m looking at you, Symantec!)

    1. RTBones says:

      I can second MS Security Essentials. It’s saved me at least once. I was skeptical as to its size and intrusiveness (this is a Microsoft product….) But from what I have seen – it’s lightweight and effective.

    2. X2-Eliah says:

      Does MSE fully work on XP, though?

      1. RTBones says:

        Per Microsoft:

        “Microsoft Security Essentials is a new, free consumer anti-malware solution for your computer. It helps protect against viruses, spyware, and other malicious software. It’s available as a no-cost download for Windows XP SP2 and higher, Windows Vista, and Windows 7. “

        1. X2-Eliah says:


  13. karln says:

    It’s pretty tangential, but just out of interest, how did you manage to enter passwords without directly keying them in at any point? Do you use a password manager? Did you have them saved in cleartext somewhere so that you were able to copy-and-paste them? Did you use an on-screen keyboard? I can’t think of any solution I’d really be happy with, although I suppose anything is better than just keying them on a compromised machine.

    (speaking personally, the best I can come up with (other than abandoning the compromised OS immediately) would be to use a different machine to create a KeePass 2 database containing *only* the passwords I need, set the software to request the master password via a ‘secure desktop’ which allegedly can’t be keylogged, and use KP’s obfuscated auto-type function to enter my passwords for me on the compromised box)

    Good luck with your earth-salting and rebuilding endeavours today.

    1. poiumty says:

      He probably had them saved, but not all viruses are keyloggers.

    2. The Gecko says:

      Could also be a password manager utility like KeePass.

    3. Shamus says:

      Yep. To be double-safe, copy & paste it in two parts. So if the pwd is


      Paste “time99”, move the carat to the beginning, and paste “party”.

      It’s still a horrible fig-leaf solution, but it’s better than nothing.

      1. Shamus says:

        Also, partytime99 is a horrible password and you should change it.

        1. Hal says:

          Hey, that’s the password on my luggage!

          1. Daemian Lucifer says:

            Bah,too complicated.12345 is the way to go.

        2. Trix says:

          But that’s the same password that I have on my luggage!

          (Edit: Bah, beaten to the punch!)

        3. Chris B Chikin says:

          What about “batman”?

          (Uh…Not that that’s my password or anything, uh…I was just wondering..?)

          1. Michael says:

            What you REALLY need is a randomly generated 256 character password with upper and lowercase Cyrillic, Hebrew, and Navajo letters.

            It’s one of the safest passwords available. The Hebrew letters need to be entered backwards and the Navajo have no written language.


            1. kreek says:

              untill you forget it

              then it becomes protection from YOU

              1. Jarenth says:

                Which may be the best possible way to keep any system virus-free.

                1. Avilan says:

                  I remember when I worked as a network administrator for a small office.

                  Basically there are two ways of thinking when it comes to network stability and security: The admin wishes he could run the site without those pesky users. The users are usually of the opinion that the admin should stop installing stuff (like windows updates and service packs) since “it ain’t broke so don’t fix it” and “You changed it now it sucks” (to borrow from TVtropes).

                  1. Alexander The 1st says:

                    And the business manager wants both groups to work “synergistly”.

        4. HeroOfHyla says:

          I read some thing about how 3 dictionary words + some numbers can be a great password, because it’s easy to remember, and long and complex enough that it won’t get it quickly with a dictionary attack or just going through all possible letter combinations.

          1. Eric says:

            Or you use a password manager like LastPass and only have to remember one password, ever.

            1. Moridin says:

              Until the service goes offline and you lose all your passwords(which you can’t remember) forever.

            2. Peter H. Coffin says:

              Or maybe two passwords. Possibly three, if they have to do this again.


          2. karln says:

            On the wordy-passwords front, Diceware is worth a look. The default usage has you roll 5 dice to select a word from a list of 7,776, then repeat until you have the required number of words. They reckon 5 or 6 words is fine, assuming you’re not protecting something important enough that you keep your computer equipment in a vault, destroy all removable media after using it with your PC, etc.

            For passwords with a shorter maximum length, they describe variations that add random symbols in random locations, and discuss how the entropy gained from that compares to adding more words.

            The passwords are easy to type (if you can type well) and reasonably memorisable, particularly if you’re familiar with a few mnemonic techniques. Personally I invent mental images linking each pair of adjacent words, and/or a little story built around a longer sequence.

  14. Gantidae says:

    Shamus, I ran into a very similar problem. I was looking for a patch for an old game of mine. I found a file that looked like said patch. After I clicked it I got the little hourglass icon for a few seconds then nothing. I knew I was in trouble then. My only recourse was to nuke the machine and start over.

    I’ve since started using Kaspersky AV. Who knows if it’s actually doing anything. I still use strict, even stricter now, procedures while surfing to avoid viruses though. Kaspersky right now is taking up 3,488K of my system’s 8G of memory. I can live with that. It’s far less than Steam uses that’s for sure.

    As far as cheats for games go try They normally have what you’re looking for. With New Vegas console commands work well for experimentation. I like to run various experiments myself with games using console commands. Here’s a link directly to some console commands for New Vegas.

  15. Brandon Walker says:

    I find that after you’ve installed and uninstalled enough programs and run Windows XP for more than about 3 years on the same machine, even if carefully and conscientiously, XP usually needs a wipe and reinstall anyway. Perhaps you’ll be surprised at the change in performance. And truth told, that’s how I usually get something, on the rare (once every 4 years or so) occasion my computer turns up with a virus. Autoruns and Process Explorer are your friend.

    1. Cradok says:

      I do exactly the same thing. Sure, it can be tedious to get stuff reinstalled and reconfigured the way you like it, but it’s well worth it in the end.

  16. NihilCredo says:

    With the price of hard disk space nowaday, I just won’t even bother with reinstalling. I have a full compressed image of my system/application disk elsewhere (taken right after I had finished installing all the important stuff), so if I ever catch a virus, I’m just restoring that from a live boot OS.

    1. psivamp says:

      Oh, crap… I just realized it’s been forever since I took an image of my Windows partition. I should probably do that…

  17. Newbie says:

    Due to a nice advert on your site I saw this. ‘Iexplore.exe is a system process which comes included with Microsoft Internet Explorer. The official process name is Microsoft Internet Explorer. File sizes will differ from computer to computer but documented file sizes are 93,184 bytes (55% of all occurrence), 91,136 bytes and 625,152 bytes. Iexplore.exe should not be disabled or removed because it’s an essential file required by your computer’s Windows Operating system. But Iexplore.exe may be damaged and corrupt causing errors, high CPU usage and slow computer performance.’

    DON’T REMOVE IT SHAMUS!!! I don’t understand how it is NEEDED by the OS but it says it is. Maybe you are doing wrong by removing it. Or not.

    1. DanMan says:

      It is needed by the OS, because it is tied to the way the OS browses your file system. Back in IE6 and XP, you could be in an internet explorer window and browse the files on your c:\ drive.

      iexplorer.exe and explorer.exe do very similar stuff and Microsoft has tied them together.

      There’s actually an anti-trust lawsuit in Europe about this. Basically, the EU is saying that Microsoft is propogating a monopoly by forcing users to have IE installed on their operating system. They’re in the process of re-writing some of Windows 7 to break that tie

      1. Chris B Chikin says:

        (Scots Law student doing IT & Law as an Honours course chiming in here)

        Microsoft already lost the case – It got mentioned in one of my Competition Law classes last year. I can’t remember the specifics because it was too complicated for me to bother revising but I think the problem was to do with including Internet Explorer and a bunch of the other included software on the same disk with Windows whether you want it or not.

        Microsoft’s solution? Sell another disk with plain Windows on it, but charge the same as it would cost for the disk with Internet Explorer. That way they’re not making a monopoly since the consumer has a choice but there would be no reason to buy the disk with less stuff on it so usage of Internet Explorer goes unaffected.

        1. Soylent Dave says:

          And when you first connect to the internet on a new OS via IE in the EU (acronyms ahoy!) you get diverted to a website explaining that there are alternatives to Internet Explorer, look here are their websites why not try them out?

          Which is nice.

          1. Zukhramm says:

            Somehow I find it very odd that Microsoft would not be allowed to include a browser, I mean, all the other OSes still include their own browser, right? And then they also have to advertise their competition?!

            1. Chris B Chikin says:

              There is a justification for it that makes sense but I can’t really remember it. At Ordinary level, Competition law was part of a larger course in Commercial Law and in spite of being complicated it wasn’t a necessity to passing the exam so I never really found any reason to read up on it. If Shamus had posted this about three weeks from now I would have gone to look it up for you but as it is I’m about to embark on another block of exams and can’t be bothered with the extra work.

              Sorry guys!

              1. krellen says:

                I believe the short, layman’s explanation is “the law works a bit differently when you’re a monopoly.”

            2. Soylent Dave says:

              Microsoft are allowed to include a browser – they just have to tell you that alternatives exist (and also make it possible for you to purchase the OS without the browser, or to uninstall IE from your system).

              Basically, Microsoft had created a situation where the end user could easily have believed that Internet Explorer was the only way to access the internet, and that they had to use it (and in fact they did make IE impossible to separate from the OS).

              The legislation is intended to stop Microsoft using their near-monopoly on operating systems to directly control a further monopoly in web browsers.

              It is a bit weird – but it is also bad for an industry if a single company finds a way to prevent other companies competing; it limits innovation, and the quality of the end product ends up lower (and more expensive).

              Here’s the browser choice site, by the way (in case you were interested. (The browsers appear in a different order each time the page is loaded!))

              1. Zukhramm says:

                What exactly lead people to believe it was the only way to access the internet? And why is a browser so special. Windows includes a lot of programs. People might think paint is the onnly way to edit images and notepad is the only way to edit text. Shouldn’t they be made to show that not only do alternative browsers exist, but alternative window managers and calculator programs also exist?

                I know how the choice page lokos because that’s the version of Windows I have. And I know about the reason behind this, but that doesn’t mean I like or agree with it.

                1. MrPyro says:

                  Paint gets away with it because Paint is a very limited program; same with Notepad. You need to install third-party software if you want to do anything complicated in those spheres.

                  IE is a fully functional browser (quiet at the back), which makes it a different situation. My legal and economic understanding of this isn’t perfect, but as I understand it the fact that Microsoft has an OS monopoly makes the OS market a failed market; there’s so little competition that Microsoft can afford to sit on their laurels and not produce anything and still rake in cash, meaning less innovation, which is bad for the economy. Therefore the law (Sherman Act in the US) tries to stop this market failure from spreading to other markets, such as the browser market, by limiting how monopolies in one market can move into other markets.

                  When Microsoft did dominate the browser market, we had IE6 (widely considered to be one of the worst browsers ever) for 5 years.

                  1. Alexander The 1st says:

                    I don’t know – I know that PC World considered IE6 better than Netscape by a LONG shot. They even had a test comparision between IE6 and Netscape on current-gen websites, with vanilla installation, and it was clear why IE6 won to them.

                    I for one, am glad Netscape dropped out – their browser WAS horrible.

                2. krellen says:

                  “What exactly lead people to believe it was the only way to access the internet?”

                  People are incredibly stupid. Seriously, mind-bogglingly dumb.

                  I kid not: one of the people at my work thinks she “doesn’t have internet” if Internet Explorer doesn’t open up to the MSN home page. By default, folks get our own website set as their home page, and when she had this reset on her account, she complained about not having “regular internet”, thinking she just had “our university stuff” instead.

                  Never underestimate how dumb people can be.

              2. Bubble181 says:

                But the order isn’t entirely random – I reloaded it a gazillion times (plus-minus a gazillion), and IE, Chrome, Firefox and Safari were always 4 of the first 5 – just not in the same order.
                Poor K-meleon.

      2. Raygereio says:

        “iexplorer.exe and explorer.exe do very similar stuff and Microsoft has tied them together.”
        Microsoft hasn’t tied them together as much as made it one aplication that handles both surfing on the interwebs and surfing along the files on your hard drive. Have Task Manager open, then open This Computer and type in in the adres bar. Now watch as the instance of explorer.exe transformes into iexplorer.exe. Magic!

        Also, Newbie (what an apt name in this case ^_O); various malware attempt to disguises itself as a legitimate proces. Since Shamus is running Firefox I somehow doubt he also had internet explorer open, thus the instance of iexplorer.exe should raise more then a few red flags.

        1. Newbie says:

          Obvious joke was obvious. But the fact it was saying it was needed was my only query. Also Newbie is a very appropriate name.

        2. Moriarty says:

          if I type “” into the adress bar of the explorer, a new tab with google opens in chrome.


  18. psivamp says:

    I’m not an evangelical linux guy. It’s good for some things, but too much of a hassle for many others.

    Ubuntu is getting unwieldy these days. I just updated to 11.04 and Canonical’s custom UI components just aren’t stable. They apparently have some spat with the Gnome 3 crew and decided to go off in their own direction, but it’s not working too well.

    1. Tizzy says:

      When I started playing with Linux, getting anything to install was always a complete puzzle. Now, you can just slip in a disk or whatever your favorite install method is. The puzzle has become: “What the hell is the deal with all these distros, and why should I even care to find out?”.

      Unfortunately, that one has no answer…

      1. psivamp says:

        I put my first couple of years as a linux user running Slackware and eventually converted to bulkier and (then) easier Ubuntu. Now, with the switch to Unity UI plugins and the resultant decrease in the stability of my X server, I’m considering distro shopping. Not sure I want to go all the way back to Slack, but since stability and reliability are my biggest pro’s for running linux at all, Ubuntu needs to go.

        1. Ian says:

          I’ve had very good luck with Gentoo and, incidentally, I keep going back to it. Its main disadvantage is that you do have to wait for it to compile, but it’s really not so bad if you have a multicore processor. Most of the major packages compile reasonably quickly and most of the massive ones (hi, OpenOffice) have binary packages available.

          The few times that I tried switching away from Gentoo led me to Ubuntu (which I despised), Fedora, (which has the stability of a 100 story tower made of silly putty in a rain storm, yet I still liked more than Ubuntu), and SuSE (meh).

          I really love Debian as well, but I think it’s a little bit too conservative to be practical on modern systems. I use it all the time on servers and things of that nature, but I found myself having to jump to the unstable tree a bit too often for my liking when I tried to run it as a desktop OS.

          1. psivamp says:

            I’m going to play with Debian and Slack. distrowatch says that Gentoo’s community is in decline, and I’m not necessarily looking to compile everything — although I will pretty much have to for Slack — aww, screw it, Gentoo’s on the list.

            1. Ian says:

              Heh. :p

              Well, if you decide to take the plunge, have fun! Installation is still a bit on the manual side, but it does a good job of introducing the package manager and where the system’s configuration lives.

              The compilation isn’t too bad after you get all of your main system packages up. Most of my heavy, heavy Gentoo usage was done on a Pentium 4 2.8GHz desktop and a Pentium M 1.73GHz laptop. The more cores/threads you have the better your experience will be, so if you have a newer processor it shouldn’t be too painful. Like I said, binaries are available for common packages with long compilation times, like Firefox and OpenOffice, so that will help cut back on compile times significantly. The worst bit will probably be compiling your desktop environment, but if prefer something lightweight like Xfce it’ll be a fairly quick process.

              Configuring and compiling your kernel is optional, so you don’t need to become intimately familiar with your hardware if you don’t want to.

              Finally, Gentoo is versionless. You don’t have to worry about upgrade issues outside of ones brought on by installed software; just update the tree and run an update. Major system upgrades, such as bumping up to a new glibc release, can sometimes require complete system rebuilds. Fortunately, I’ve never seen a system-wide ABI breakage happen automatically, so you do have time to react.

              1. MrPyro says:

                I used to love Gentoo when I had the free time on my hands; my main problems occurred when I left updating for a while; you could end up in some nasty dependancy snarls where versions had been added, had things set to depend on them, then deleted; it was fine if you’d updated at the time, but if you left it you’d end up with package A not being to update because of old package B, package B not able to update because of old package C, and C not able to update because of old package A.

                I knew enough to fix them, but in the end I got tired of it.

                1. Ian says:

                  I only recall having one circular dependency issue with Gentoo after not upgrading for a while. I think the Portage developers consider those to be bugs regardless of how regularly you keep everything updated, so I imagine that would only get better as time goes on. The time I had an issue was probably in 2008, just to give you an idea.

                  1. MrPyro says:

                    2008 was about the time I quit using Gentoo, so it could have been the same issue that finally killed it for me.

                    1. Ian says:

                      Ah, gotcha.

                      I don’t really remember what package it was, but I do remember that took some time to compile. I was only on a P4 at the time, too.

                      I just shrugged it off. After dealing with RPM packages in the 90s I think I can deal with almost anything. ;)

              2. psivamp says:

                I’m having issues with Gentoo’s install. It’s been eons since I wrote my own inits and the default kernel doesn’t recognize my keyboard when running on my physical machine — still trying to get it to work in VirtualBox before I commit to any changes to my physical drive.

              3. psivamp says:

                Successfully installed Gentoo in a VirtualBox. Building X. See if I can’t get linux inside of linux inside of linux…

                1. Ian says:

                  So you were able to resolve the keyboard issue, I assume? If so, what was it?

      2. Eric says:

        I tried installing Linux to dual boot a while back just for the heck of it. I couldn’t get any distros to run stably on my overclocked system for some reason (they all crashed on boot, despite being 100% stable in Windows), and I accidentally ended up wiping out my boot sector. Fun times!

        1. Sumanai says:

          This is why I installed Linux on a separate hard disk, while the Win7 disk was disconnected.

    2. fenix says:

      Yeah, 11.04 and Unity are definitely not ready. On the other hand 10.10 is an amazing release. I think I’m gonna stick with it for a while (got Firefox 4 through their PPA so I’m set).

      Maybe in the next LTS the problems will be ironed out (as well as the power management bug in the main linux kernel).

      1. psivamp says:

        I can’t believe they rolled it out at all. I have windows minimized that continue to capture mouse and keyboard events. Crazy artifacting on the window borders… I’m using one program per workspace because I’ve got something running that I can’t just log out and boot back into the standard, stable gnome 2 environment.

        1. Ian says:

          Meh, I remember one version of Ubuntu shipping with a beta version of Firefox.

          I can’t say that I’m too surprised to see them continue to ship it with unfinished products.

  19. yd says:

    Another option is treat web browsing as a “game”, and run your Web machine in a virtual machine. Install Linux in that, and you have a fairly segmented machine that does the interacting with the outside world, but Windows handles all of the hardware, games, etc. In a way this is really ideal, since you’ll not be installing as much on the Windows box.

    The virtual machine then gets you lots of cool functionality/control of the “web” machine. For example, you could suspend your entire system and bring it back days later in the same state. Or you could snapshot before doing something really risky, and then roll back to the snapshot.

    Virtual machines are seriously cool tech.

    1. X2-Eliah says:

      It’s also slower, more obtuse, complex and annoying. Fun.

      1. Ian says:

        They were definitely slow several years ago, but it’s really not that bad now.

        I’ve been using VMs for dirty work for a few years ago and they really scream on modern systems, especially if they support VT-x/AMD-V. I’ve been using a VM to sync my iPod since I got the thing since I don’t want iTunes anywhere near my production installation.

        About the only thing that’s going to be appreciably slower is probably stuff like Flash content, though the fact that every modern VM supports graphics acceleration is going to mitigate any sort of slowdown quite a bit.

    2. Heron says:

      That’s what I did, until Ubuntu’s 10.10 update hosed my VM. I haven’t bothered to reinstall.

  20. X2-Eliah says:

    Yeah, I was just going to say this – iexplore.exe is part of the core windows OS, so technically you [i]can’t[/i] uninstall IE from XP fully. I thought it was a basic 101 all XP users knew.

    Second, why the heck are you using anti-adware stuff to treat a full-blown virus? Nuke it with kaspersky, with nod, heck, with avira, but don’t use a fork to eat a soup.

    Edit 3 – why didn’t you righclick and ‘Close’ the pop-up window from the taskbar? I think it might be safer, no?

    1. PhilWal says:

      Or just Alt-F4.

    2. Ian says:

      The last (and only) time something like that happened to me I just decided to hit the Big Red Button™: launch a nuke and kill the process from the task manager.

  21. Daemian Lucifer says:

    Might I suggest gamefaqs for further cheats.It usually is pretty up to date with games,and seems clean.

    Or,for big games like new vegas,the wikis usually have it all.

    1. poiumty says:

      There’s also, but really, gamefaqs is all you need. I’ve been using that since forever, and still visit it from time to time if I need to check a guide or walkthrough. As far as I know it’s the biggest volunteer guide site on the net.

    2. Trix says:

      Gamefaqs tends to be my #1 for things that don’t have wikis or whatnot. It’s definitely been safe enough for me.

  22. rrgg says:

    I actually run my computer off of a separate non-admin account for the most part now so that it has to ask for an administrator password every time something wants to make a major change. Last time I got a serious virus (one posing as an antivirus program) I was able to go to my admin account and simply delete the infected one.

    1. That’s what I do too. Fully separate Admin and Normal (limited privileges) user accounts.
      Anyone who is using a Admin account as their daily account are just playing with fire.
      With Linux, Vista/Win7 one should not use a admin account normally.
      XP defaulting to a admin account is why so many viruses are targeted at Windows. (and why so many programs choke on Vista/Win7 when they try to write to system/OS folders (like Program Files etc.)

  23. Factoid says:

    I used to be in charge of a University student help desk. It was run by students for students.

    The test that I gave all my techs was to clean a computer I had intentionally littered with the worst viruses I could find.

    The way I graded their test was to put the system on a semi-private network (just that PC, mine and an internet connection) and put a packet sniffer on there. I knew from experience with those viruses what kind of info they sent back home, if any.

    I’ve never personally encountered a keylogger that encrypted its data before transmitting, but it’s entirely possible someone has done that by now.

    It made sniffing for the data really easy. Just type in a password into a website and search your sniffed packets for the string. No hits means the keylogger was toasted.

    That said we still generally did not clean viruses. We always recommended a full wipe and reinstall. Never trust a system that’s had a virus, ever…but there are circumstances where a person is willing to run that risk and pay for the labor of cleaning a system, so we had to make sure our techs were up to the task.

    The sniff method is fairly reliable. Even if you aren’t looking for keylogger data you can see if the suspect computer is making unauthorized connections to outside sites, or probing the network indiscriminately looking for vulnerable hosts.

  24. DanMan says:

    This is actually one of the reasons that Steve Jobs went off on Adobe a few months ago. Viruses makers have been writing viruses in flash, which is used in a huge number of adverts these days.

    It’s dangerous because many browsers automatically receive and even start playing flash videos without asking the user first. It’s kinda like the javascript function embedded in images. The browser automatically executes the request for the image, which is actually javascript instead of a true link to a .jpg or something.

    All that to say, just accidentally clicking on something does have the ability to start downloading willy-nilly nonsense.

    1. Raygereio says:

      Addendum to the above post:
      As an experiment a while ago I took a computer with a perfectly clean version of XP on it, without any anti-malware software on it and started surfing the Internet on it for a week.
      All I visited were safe sites such as, and somehow at the end of the week I still ended up with a metric assload of various malware.

      Crazy world we live in, no?

  25. Topaz Wolf says:

    I may be assuming entire too much, but why don’t you just do a restore from a restore point or, failing that, an entire system restore?

    1. Cradok says:

      He may have turned off or limited system restore. It may have just crapped out, it can happen, especially when something’s pissed all over your OS. Or he may just not trust it to actually get rid of the stuff.

    2. Ian says:

      Restore points can be compromised by malware infections, so that’s not a good option. Your best bet is to nuke them as part of a malware cleanup process.

      A complete system restore is essentially what Shamus is in the middle of.

      1. Topaz Wolf says:

        To be fair, when I said that he was still in the decision making process.

        1. Ian says:

          Touché. I didn’t check the time of your post before I said that. :)

  26. randomreader says:

    Don’t know if you’ve already dropped the nuke, but this might be convenient for your once in a while scans in any case.

    Install-free virus scanner, based on MS Security Essentials (which is probably one of the better scanners out there itself).

    I’ve only tried it once, just out of curiosity (I’m also a brain-based-security user) and my only issue was that it could use a bit more options. Better targeted scans (ie: picking multiple directories), and the ability to not automatically search .zip/.rar archives, etc.
    The download expires every 7 days (it has no autoupdates or anything, it is really just a download and run deal), so they may have already fixed these minor issues, but I don’t know.

    Also flashblock plugin (for firefox) might be a good idea, although thats probably already been suggested (if not; it just turns flash into a click once to activate affair, it just looks sort of like a missing plugin type block if not clicked)

  27. Sagretti says:

    You know, you might have gotten it from the Fallout Wiki, because I was looking up Fallout information this weekend and ended up with the exact same malware. Unfortunately, my four year old hard drive couldn’t take the stress from eliminating the thing, seized up and died. I might be able to revive it, but I have to fight that urge to finally replace the old girl with a computer that actually runs all the games I got in the last Steam Christmas sale.

    1. Vipermagi says:

      It’s very unlikely to have come from the Vaultwiki (or Fallout Wiki if you will). They are hosted by Wikia, who host dozens upon dozens of wikis, and have hosted the unofficial GuildWars Wiki and WoWwiki. I somehow doubt the host of three very large wikis would get you infected.

      Also, the way I read his comment above, Shamus hadn’t found the vaultwiki, but that’s just the impression I got.

      1. Khizan says:

        I’ve been infected by wikia sites before. It’s not that the site is intentionally infecting you, it’s that an infected ad made it through their filters. It happens more often than you think.

        1. Vipermagi says:

          True. I did not say it was impossible, but that it was unlikely.

          1. Klay F. says:

            One thing that pisses me off to no end if that sometimes one wikia or another will have a type of advert running on literally every single page, that my ad blocker will simply refuse to block. Worse, its the most annoying kind of advert, the kind that just won’t shut up.

  28. Eljacko says:

    Good luck Shamus! Your time has come.

  29. PersonalMoniker says:

    While I imagine you’re well into your re-install by now, I spent a few years as a phone-tech for a company that specialized in over-the-internet virus removal. We were awesome that way. Anyways, my go-to program on machines with all of the malware in that family was SDFix and its relatives. It’s a good tool to have in your kit when you’re attacking a virus. is an utterly fantastic resource for getting rid of these.

    @Topaz Wolf – XP’s restore feature is, at best, not worth the space its binaries take up on your drive. It wasn’t until Win7 that we got a useful system restore variant. Adding insult to injury, many/most modern infections inject themselves into your system restore files to prevent that fix from being effective.

  30. Vadimir says:

    I don’t know if you tried this in your quest for an virus free computer, but there’s a fun program built into your PC called MSConfig. If you run that you can kill a good chunk of those tricky things that boot on startup.

    And if they aren’t dead? Find process in another fun program called procexp (for XP, not sure if there’s a Win7 version) it lets you know what it things are suspect processes and you can Google the processes to know what it actually does. Then after you kill it you can manually kill it from your drive.

    I had a friend who’s computer had a virus on it that took over his Windows Protection Center on 7 and I had to use that method without the benefit of the procexp and had to just use process explorer to do it.

    1. Ian says:

      MSConfig doesn’t show enough locations to clear out newer malware. Some of them are downright devious when it comes to hiding themselves.

      Some sophisticated rootkits even latch onto valid drivers. Kill the driver, your system won’t boot. Leave it in, you’ll still be infected.

  31. Matt says:

    If your definition for “virus” is “any .exe that magically reappears on reboot after being deleted”, then you’ll have to put Windows on that list as well.

    1. Alexander The 1st says:

      Technically, that’s a safety feature (Not a virus).

      I’ve actually had a scenario where I was trying to save harddrive space (Back when, you know, that mattered), and was snoping around the Windows directory. A few too many files to delete, and I literally could not boot the computer anymore. Not even in Safe Mode, not even to the BIOS – we couldn’t even re-install. Oops. I mean sure, the computer was on its last legs, but it’s like that scene in That 70’s Show where Eric(?) tells his grandmother that it would kill her to be nice – and then she dies of a stroke.


      Oh, and if Firefox stored your passwords, you should probably consider those compromised. Especially if the virus is “undefined” by other anti-virus software.

      Sounds like fun.

  32. RCN says:

    And to think the worst Virus I’ve ever dealt with was Norton.

    That piece of crap…

    1. krellen says:

      Try installing McAfee on top of Norton. That’s loads of fun.

      1. Avilan says:

        Hey I have had enough problem UNinstalling Norton over the years.

        1. Soylent Dave says:

          I’m pretty sure Norton is actually one of the most sophisticated viruses out there – it cripples systems, and is spectacularly difficult to fully remove.

          1. X2-Eliah says:

            It even makes the infected pay for it. That’s a damn successful virus – a bit territorial, of course (sometimes growls at other virususes).

          2. krellen says:

            If you install McAfee on top of Norton (or Norton on top of McAfee; the order is unimportant), they consider one another to be a virus and start trying to shut each other down. This process snowballs and eventually shuts down the system. Perhaps had this happened on a machine with a bit sturdier specs I could have cleaned one or the other off, but since it was a fairly old machine I ran into this problem on, I ended up having to just wipe the whole thing and start over.

            (I wasn’t the one that did the installing; one of our users had managed to do so.)

            1. Klay F. says:

              I mean hey, double the anti-virus programs means double the security right? *smirk*

  33. Factoid says:

    If you’re in the market for a cool backup system give Genie Timeline a try. It’s what I use at home. It’s a continuous data backup system (if you want it to be)

    Basically every few minutes it takes any blocks of data that have changed and backs them up. Or every hour. Or every day. Whatever you want basically.

    The version I have will do it up to once every 30 minutes. The pro version can do up to once every 3 minutes.

    I have a router with custom firmware and a USB port, so I basically turned my router into a file server by plugging in a 2TB hard drive. My computers map that drive and that’s where the backups land.

    Restores are as fast as you can stream off a USB hard drive basically. I did a restore on my laptop once and it took a couple hours for 200ish gigs. But it was 100% back in commission.

    There’s a free version if you want to try it out.

  34. asterismW says:

    I’m computer savvy, but I still have antivirus software because, as Shamus found out the hard way, accidents happen, even to Internet gurus. But I hate McAfee, Trend, and Symantec (::couBLOATWAREgh::), and I don’t trust free AV software. So when I came across Vipre, I was overjoyed. I’ve used it for two years now and love it. It’s small and doesn’t get in the way of me actually using my computer. It runs $30/yr, but if you have 3 or more computers, you can cover them all for just $50/yr.

    1. Dumbledorito says:

      I like Nod32 from Eset, m’self.

  35. Meredith says:

    Don’t you hate that moment between realising you clicked too quickly and the horrible result? I feel your pain. I don’t go to any of those sites or even consider looking at suspicious e-mails either and I had a virus recently too. No idea where it came from, but it took over my e-mail so that was fun. Luckily, my anti-virus software wiped it out and I didn’t have to do the dreaded re-install. I don’t back-up my stuff anywhere near often enough; I’d lose so much! I’m not even sure where my OS discs are to be honest…I should probably find those.

  36. guy says:

    I had that one about a year ago. If it’s the same one, it’s called Virtumonde, and is generally bad news. It actually disabled safe mode and the task manager. The reason your scanners turned up nothing may be because it altered them into non-functionality. Also, downloading a new one directly might have caused it to cancel the download.

    Like I said, bad news.

    Personally, I’ve been using Avast! ever since. It’s bounced some viruses I ran into via doing stupid stuff.

  37. Avilan says:

    I feel your pain.
    I haven’t been infected for years but I do know it sucks.

    As for virus scanners… we run Comodo Internet security Premium (free version) and I have no problems with it whatsoever. The only thing you have to do is to turn off a number of irritating overzealous features like the sandbox mode after installing it or the 1000 dialogue bubbles drives you nuts.

    Oh and I am visiting a number of porn sites several times a week.

    1. Shamus says:

      Here is a thing about that:

      I notice the people who get nailed with pron viruses tend to be young. (Late teens, early 20’s) Other people, who openly consume porn (I mean, not like, in public, that would be weird) don’t get them. Maybe they do get viruses and don’t talk about it, but it’s also possible that the key is PAYING for porn makes it safe, and the FREE porn sites are dangerous. Not going to investigate myself, obviously, but I do wonder about that.

      The key word driven ads on this post are going to be NUTS.

      1. Avilan says:

        Ah. sorry about that (the ads) wasn’t thinking.

        Anyway… Not paying. ;)

        Not that it interests anyone but i use FF for “those sites” and Chromium for everything else.

      2. RTBones says:

        Makes sense. Pron is big business. If everybody that paid for it got infected all the time they likely wouldn’t be customers for very long.

        1. says:

          Great analogy. You Sir, made my day :D

      3. Khizan says:

        Look at it this way.

        A legit pay porn site is making money off of their customers, and they’re only going to be getting ads that want to advertise on a porn site, if they’re going to use advertisements at all. Since porn is always the first thing to be blamed for viruses, I’d imagine they’d work pretty hard to keep clean.

        I think that the legitimate pay-for-porn sites would probably be among the cleaner of them internet sites(at least where computer viruses are considered; they’re probably not “clean” in other senses of the world(if they’re any good)).

        1. Avilan says:

          There are literary hundreds of free Pr0n sites that are serious, too (apart from the copyright issue, of course).

      4. StranaMente says:

        I was wondering if there were other people who weren’t so virtuous to venture in those dark corners.
        I’m bit ashamed to admit that I usually go to pron sites, cheat and hacker sites or similar, but still only 1 virus passed through, and was easily dispatched.
        For your curiosity I can tell you that I use firefox to sail near those dangerous coasts, in anonymous mode (actually that does little, but it’s always better than nothing). I use adblock plus and have nod32 always active.
        If you know where to look you’ll find that there are almost no virus there, especially in free pron, as it’s made to entice, more than to scare people. A happy customer can become a paying customer there.
        The place where my av usually find virus are crack sites, or serial sites, where they usually hide some trojan. Until now nod32 was able to block and delete everything (at least I think so) as soon as it landed in the temp directory.
        At the end of these rides I close FF and run ccleaner.
        From time to time I give a go to spybot.

        Funnily enough I encounter most of the viruses from allegedly normal sites, where you’d expect them the less. For example Facebook related pages tried that twice at least, just in this year alone.
        This is why you want an antivirus.

        1. krellen says:

          Facebook is anything but “normal”. If porn sites are well-regulated cathouses, Facebook is the neighbourhood slut.

          1. Haha, that just has to be the quote of the year. Nice one Krellen.

      5. Blake says:

        I’ve sailed anti-virus free for around 5 years myself, in that time my computer has remained virus free.
        I’ve had to help friends remove viruses before (The most painful of which loaded itself as a DLL into explorer.exe (and everything else) meaning that by the time the computer was booted the system was using it and you couldn’t delete it, programmer knowledge saved the day), but my computer has always remained safe because of my browsing habits.

        As a young 20-something I have no problem accessing pr0n sites, you just need to know when a site says you need to run ‘video.exe’ in order to watch something it’s probably lying to you.

        Sites with free JPGs and FLVs are usually fine, just don’t follow any external links.

        Needing to download all your games again? I’m surprised they weren’t just on their own partition or drive.

        1. guy says:

          Uh, that’s not exactly a 100% reliable method. People can and have embedded viruses in JPEGs. So don’t get too overconfident.

    2. Tse says:

      I also use comodo, the anti-virus is average, but the firewall is very good. I need an anti-virus because I print/plot a lot of files and my memory stick gets infected in most copy centers.

      1. Avilan says:

        I am very pleased with it (Comodo). I know the anti-virus isn’t the best one out there, but it seems good enough.

      2. Blake says:

        You should vaccinate your USB drive if it’s going to be out in public like that

        1. Mayhem says:

          Or you could just turn off auto run for USB media.

          Marking it as Read Only works well too

          1. Tse says:

            Of course autorun is off. I just don’t want to spread the virus any further, there are still some clean places left.

  38. Irridium says:

    I feel as though I should share this:

    Good luck though. I was hit by a virus like this about 3 or so years ago. Wasn’t fun.

    (posted this twice before. I think, not showing up on the site. Which is weird)

  39. macil says:

    Yeah, the problem is that even if you manage to get rid of the thing via anti-virus and/or arcane voodoo, the real question (as you pointed out):

    Can I ever trust this machine EVER AGAIN?

    I’ve been infected before and of course, the answer is HELL NO … unless you nuke the site from orbit.

    Its the only way to be sure.

    1. Alexander The 1st says:

      It’s like a Zombie turned party member. You don’t see that in RPGs for a reason.

      Though from what I’ve heard, you can do something like that in Starcraft II for Kerrigan, right?[/obvious spoiler-block indicating exactly who I’m talking about <_<]

  40. Nathon says:

    I haven’t used IE since the ’90s, but I was under the impression that IE9 was the best version ever. Maybe it doesn’t run on XP? I don’t know, I haven’t installed Windows since 2001, before XP came out.

    1. Avilan says:

      XP can only handle IE8, not 9 AFAIK.

  41. Cradok says:

    The differences between XP Home and Pro for the end user are small, but annoying. You’ll probably start finding things you’re used to doing or taking for granted are now different.

  42. nilus says:

    I actually got hit really hard with a bug a few months back that dogged me for a while. What I finally discovered is it managed to write some strange routes into my router. I ended up having to reformat that with the latest firmware to clean it out.

  43. Smejki says:

    you never know from where the virus will come. Never caught anything from evil-ish porn and warez sites, yet a year ago the unofficial faculty students forum got infected a nd the bitch gone even so far that after reboot the Windows were unusable. Some 30% students had to reinstall their Wins :D. Lost only my firefox bookmarks but just because I forgot to backup it. God bless “dual system” and “system only and data only partitions” philosophy.

    TIP: for FNV/F3 cheats search “console commands” on Fallout Wikia

  44. Steve C says:

    Shamus, I love your take on anti-virus security. IE “Don’t do anything stupid.” It’s exactly the same as my own. I don’t run antivirus software either except once every blue moon and instead rely on my brain to detect intrusions before they happen. I always like it when I hear people more computer savvy than myself are doing the same thing.

    I don’t use Linux, but unlike you I want to use it. I don’t have someone to teach me though. (Yes yes, it’s easy… fell for that once. Not easy if you are completely trying to self teach from nothing.) I’d kill to have a cool Linux wife.

    1. fenix says:

      What I’d suggest is download a copy of ubuntu 10.04 (not 11.04 (the gui in it is terrible)) and burn it to a disc. Then boot into it and just play around for a bit (don’t need to install it (the miracles of livecds)).

      As someone who went from Windows into Linux without having anyone to hold my hand the best thing I can say beyond that is, if you do install it, play with your install for a week (don’t worry about being careful) and after that reinstall it and use what you learned.

      Also, depending on how long ago you used it, things have gotten a TON better in the last 2 years (I started using Ubuntu 3 years ago) (including driver support).

      I do keep Windows installed on a secondary hard drive exclusively for gaming though. However Wine has come a long way fast (Dead Space 2 ran perfectly out of the box).

      1. psivamp says:

        You can use the normal gnome2 gui without the new Unity plugins by selecting Ubuntu Classic as your login type at the login screen. That’s what I’m doing now. Unity isn’t stable. I don’t know why that released it, I get artifacting, minimized windows capturing mouse events intended for other windows that are actually shown, etc.

        I’m also using VirtualBox to test drive other distributions because I don’t think I want to stick with Ubuntu if they’re going to write their own UI code this poorly and then roll it out to their users.

  45. Tse says:

    I once caught a nice ad package. Several different viruses and a new start page that led me to the site of a certain paid anti-virus program (was a long time ago, I’ve forgotten which one, wasn’t a major one, though). Cleaned it with several different free programs, one of which was Unlocker, because some of the viruses were undeletable files! Most were easier to remove, but there were a few trickier ones. Today I would remove them in a much faster way: PIRATING the anti-virus from the bastards that infected my PC.

    1. X2-Eliah says:

      Uh. The ‘paid anti-virus’ that is linked to by viruses is definitely not an anti-virus of any kind. In fact, paying for the product a virus wants you to pay for is the very last thing you want to do – right after even using the product a virus wants you to pay for.

    2. Alexander The 1st says:

      Fun fact: By pirating, you *technically* put yourself at more risk – there’s a chance the pirated version contains malware within it, in place of the DRM.

      EDIT: Or, as X2-Eliah mentioned, the ‘paid’ antivirus was also virused to be begin with.

      1. Tse says:

        If the anti-virus is not a real program it won’t be on any legitimate pirate site :) Piracy is the same as porn, not dangerous if you know where to look.
        P.S. This is a rare case of piracy being justified, though. It’s not in most other cases.
        P.P.S Unlike porn, which is always justified :)

      2. Eric says:

        I can tell you that there are plenty of ways to pirate anti-virus programs at no risk. There’s dozens of sites for them that offer free serial numbers, for instance. Some utilities exist that simply remove the part of the software that checks for the expiry date, or give it an improbable date 500 years from now. You could always keep running the trial version of the paid one too, by signing up with another account. Not endorsing piracy, mind, it’s just worth noting that it’s not necessarily dangerous in all cases.

    3. Khizan says:

      As has been said, that wasn’t a legitimate anti-virus program at all. Paying them only makes the program stop spamming you with fake warnings. It doesn’t actually do anything else.

      1. Tse says:

        I would never pay for it, I would pirate it if it’s real. If it isn’t, I wouldn’t find a pirated version of it.

      2. Eric says:

        If you’re lucky. Most of them actually just install even more viruses.

  46. Steve C says:

    I’ve come across scam windows that change the boarders like the one you’ve described. The best way to deal with it is to simply close down your browser. Here’s what I follow and I think everyone else should too:

    It’s never worth trying to use and outsmart a website that is actively trying to scam/trick you. If it gets by your first stage browser defenses then it’s a sophisticated attack. Whatever it was you wanted on that site it’s not worth it. It will always be available somewhere else for less pain.

  47. Unbeliever says:

    This advice comes far too late, as you’ve already reinstalled the OS, but intelligent use of “Hijack This” plus Google can pretty much wipe out any virus known to man.

    I have personally used it to wipe out an “Antivirus” variant on a friend’s laptop. (Though it DID almost beat me. IIRC, “Antivirus” kills any “Hijack This” process instantly, and put up a damn good struggle to avoid letting me boot into Safe Mode…)

    Of course, virus or no, reinstalling the OS every few years is a good idea anyway, as you have just reminded yourself. Ah, the joys of a fresh OS install…

    [Also: YES to AdBlock Plus, and YES to NoScript. Use these. Then whitelist your common websites. Future Shamus will thank you.]

    1. Tse says:

      About AdBlock Plus: It’s nice to load websites faster, but it’s not the best thing about it. The best thing is the fact that it blocks commercials in blip and livestream. It’s really annoying to have to watch a 30 second commercial for videos under 15 minutes.

  48. HeroOfHyla says:

    I don’t think I ever managed to get WAMP installed on my windows computer properly. PHP or mySQL always failed to work right. I wound up using VirtualBox to run a virtual Ubuntu machine inside Windows to do all my web design stuff.

  49. F0nz13 says:

    I know it’s been asked once already, but I’m interested to know why you didn’t go for a system restore? It’s a bit brute force, sure, but the only time it hasn’t solved a virus problem for me is when the virus itself removed every single restore point (alongside every single non-vital .exe on the computer… and oddly enough, every single text document [I guess there’s a reason for this, I’m not computer wizard!]).

    Would be interested to know. I don’t get to hear the magic wisdom of the PC master race very often :P

    1. Volatar says:

      My mother had a version of this virus on her laptop. Restore did nothing, nor did a Windows Repair.

      Had to nuke it from orbit. She wasn’t happy, but it worked.

    1. X2-Eliah says:

      Shamus hasn’t reached level 7 yet, he feels the need for more XP.

  50. Fat Tony says:

    I JUST CANT FUCKING SHIFT IT! I’VE NO INSTALL DISKS! NO NADA (of anything you mentined at least) AND TO USE GOOGLE etc. I HAVE TO BE STUPID! (open in new tab, TWICE so the first is re-directed and the secind isn’t) But at least it doesn’t seem to have a key-logger as nothing has ever been fiddle with so your saftey sense is better than mine as I’d never thought of that ’til now. = (

    Hopefully getting a new PC soon though so my 2 years of a devestatingly annoying virus on a 8 yr old pc is nearing an end.

    1. krellen says:

      Give a (fully updated) MalwareBytes Anti-Malware scan a try. You may need to rename the executable, but I’ve had that program remove viruses of this exact nature many times.

  51. Eric says:

    Also, since nobody has recommended it, have you considered using a different DNS? OpenDNS offers an option to sign up for an account and control which sites it allows access… including many, many malicious sites. It’s probably the closest thing you can get to simply not encountering any evil software while browsing the web, but of course you still will want something else for backup.

  52. Abnaxis says:

    “…Managed to install XP Home instead of XP Professional. I can't imagine I'll notice the difference….”

    Whoo boy…Unless it has changed with some update (which I doubt), XP Home doesn’t support multiple core processors (which I’m assuming you system has, since you’re using it for gaming). XP Pro, OTOH, will at least use a dual core CPU. Not sure about quad core, since I haven’t tried it yet :P

    Sorry if I just invalidated all the work you’ve done so far. Wish I had had a chance to give this response sooner…

    1. Eric says:

      Uh. What? Of course it has multi-core support, it just pales next to Vista’s.

      1. Abnaxis says:

        Not in my experience, it just listed all the cores after the first as inactive in the task manager…

        EDIT: Never mind, apparently it actually is something worked out in an update, and it was only really an issue with AMD chips anyway. I guess that explains the behavior I was seeing before…

        So I guess…well, at least check and make sure the system isn’t ignoring the other cores. It caught me by surprise once, because I guess sometimes XP takes a little coaxing to work properly with multi-core systems

        1. Bai Shen says:

          I’ve never seen any issues with CPU support between Home and Pro. The only issue I’ve encountered has been Remote Desktop support. You can remote into a pro machine, but not a home one. And that only matters if you want to use the native windows RDP.

  53. I know you’ve already done the reinstall, but I really have to echo the people suggesting you upgrade. Windows 7 is a big improvement over XP, and it’s not prohibitively expensive if your hardware can handle it. (I got Home Premium OEM online for around $100.)

    Just having a newer version of Windows that doesn’t default you to run as administrator might have saved you from the virus. That’s doubly important if you share the computer with wife/kids as I need to do.

  54. Mephane says:

    Actually, it might be a good thing not to uninstall Internet Explorer this time. Windows keeps multiple redundant ones of its main executable file (and possible other files) in various places and if the original one ever gets changed, deleted or replace, in a second the real one is there again. If that virus you caught really tried to impersonate IE, Windows would probably have killed and overwritten it in a heartbeat. I am not saying that this would have saved you or restored any trust in the machine (I’d done a fresh installation myself, too), but it might be more secure to actually leave it there.

    And on the topic of antivirus – my scanner gives me an alert like once every couple of months, typically when browsing a seemingly safe site. The last one was an internet shop for TCG cards which seemed fine, but when I clicked on the link for their prices and conditions, my AV instantly went up and killed the connection. Then I found out that Google also reports it as a malicious link, so there you go. I suppose the site was hacked, or some add was malicious, I don’t care, but these are the cases where having protection is actually helpful. I know some people have been saying that AV software is just snake oil all the time, but it is only as long as you believe that it makes you immune.
    Of course it does not. It’s like the immune system of the human body – it defends yourself against a vast number of known intruders, but of course there will always be something it cannot handle, or something that will take over the immune system itself. But for those things you might catch, even if you’re cautious, you’re glad to have it with you all the time.

  55. Fists says:

    You could have used your wife’s linux boot to clean your computer, those viruses can only protect themselves like that while your using the boot they infected so deleting it while on another boot works. Using another clean windows boot is pretty risky and you may well just bugger that too but if you do it from a completely different OS (Linux or Mac) you’re fairly safe. Although using linux like that is a slippery slope and you may end up loving it :P

    (If its unclear I mean plug the infected drive into your wifes as an additional storage HDD)

    1. Steve C says:

      I mean plug the infected drive into your wifes as an additional storage HDD

      Bwhaahaha. Yeah. I’m sure she’d love that. Next you can use her curling iron to do some soldiering.

      If you want to do something like that use a Live boot CD. A virus cannot infect an already burned CD/DVD no matter what it does. I keep a Bart’s PE Builder handy for just such cases. (Awesome program.)

      1. Fists says:

        Even better, good point.
        Still, if she is anything like the majority of linux users then she’ll think its indestructible so it’s more like asking her to open a packet of chips with her adimantium claws

    2. superglucose says:

      *blink* what? Reformatting a harddrive gets rid of viruses on the harddrive… I am so confused as to what you’re trying to say here…

      1. scowdich says:

        1. Plug hard drive as a slave into a non-windows operating system.
        2. Use command line tools to clean virus.
        3. Remove hard drive, place theoretically-clean drive in original computer.
        4. Go have a pint.

        1. Fists says:

          step 2 is more complicated than it needs to be, you can still just use right click ->delete so long as you have identified the file. I use it when my anti virus tries and fails

          1. Avilan says:

            Exactly; to a linux of mac computer the virus is just another file to delete.

  56. Peter Olson says:

    If you want a really easy local web site host, I’d suggest XAMPP. It’s a standalone apache with PHP and mysql, that you can just run, or have start with windows, your choice. I’ve never had any big project, but several times that I’ve played with php and found this to be by far the easiest path.

    You can just download the zip, extract, and run the startup script. Without any installing, you now have a local web server running, that you can configure as needed.

  57. sab says:

    3:13PM: Windows Update wants to know if I want Internet Explorer 8. On one hand, it's the best version of IE ever. On the other hand: Duh, No.
    Hey now, you haven’t tried IE9. It’s almost as good as the firefox that came out 1.5 years ago!

    1. Eric says:

      Actually, it’s significantly better, but never mind that.

      I will say, though, that not updating Internet Explorer is stupid, even if you never use it. Many programs rely on it and it is tightly integrated with the computer’s operating system, so vulnerabilities in old versions still exist and can be exploited. Uninstalling it is the next best bet, but then you run into programs not working properly (and even Windows features like Windows Update).

      1. Simon Buchan says:

        I *REALLY* have to emphisise this. Specifically, ‘IE’ updates include updates to some extremely commonly used dlls: winhttp.dll, dnsapi.dll and mshtml.dll, the first two loaded by nearly all programs that have anything at all to networks. Of course, at this point, you *really* want to be running IE9:

        “The April 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. ”

        I’ve done some quick reaserch on browser vunerability comparisons, since basicly absoultely nothing you do in a browser short of downloading an executable and running it should allow your system to be infected, and the internet’s information is horribly out of date, but there was basicly no consensus for the latest information, circa 2007, where IE and Firefox had basically comparible vunerability rates. I have heard the current security expert’s advice is to run either IE or Chrome, with Flash uninstalled, but I can’t find a reference :(.

        PS: I have an key for Win7 Ultimate I’m not using if you want to take it, Shamus.

        1. Shamus says:

          ” I have an key for Win7 Ultimate I'm not using if you want to take it, Shamus.”


          I hate to start over now that I got this machine working, but I’d also LOVE to be able to get my hands on my last GB of memory. Yeah. [email protected]

          1. Simon Buchan says:

            Sent. Now it’s SLEEPY TIME.

            EDIT: I tried to link the aforementioned trial for the image on, but couldn’t find it, does someone else know where it is?

            1. Simon Buchan says:

              Bah. Looks like the digital purchase download link is one-time use (though I was using my MSDN subcription DVD – long story). You might have to beg, borrow or steal someone’s DVD, or find an .iso in … some other manner (though I would recommend validating the checksums!)

              1. Ian says:

                I have a physical disc for Windows 7 Ultimate. It’s pristine OEM media, but it should install and activate with any product key.

                1. Simon Buchan says:

                  I should note the actual DVD version doesn’t matter: Using an Ultimate key will make any Windows 7 install into Ultimate (maybe barring Starter or the N or K versions?)

                  1. Ian says:

                    Not always. Some pressings of the disc have a little file called ei.cfg that will cause keys from different SKUs to be rejected. I believe the main reason is for branding and so that people don’t have to select which edition they want to install.

                    Fortunately, wiping out that file is simple enough. There’s even a tool (I think it’s called “eicfg remover”) that’ll zap the file from a given ISO.

          2. Bai Shen says:

            Windows 7 vs XP doesn’t matter for your memory. It’s a 32-bit vs 64 bit issue.

            Speaking of which, you can install either version with the same key. You just need the appropriate disc.

            1. X2-Eliah says:

              This would be true if the 64-bit version of XP was anything other than a joke.

              1. poiumty says:

                I have a friend who says he “never had any problems” with XP x64. He’s still using it, so I dunno.
                Though I’d still recommend windows 7 x64. Just swipe the installer off a torrent somewhere and burn it to a DVD. It ain’t cheatin’!

              2. Bai Shen says:

                I agree that W7 is the first viable 64-bit Windows. Just saying that W7 by itself isn’t the issue with memory.

      2. krellen says:

        not updating Internet Explorer is stupid

        There do actually exist things that are incompatible with newer versions of IE. Some of the accounting systems we use at my work, for instance, won’t run in IE8 without a hack (overwriting a file in the Windows directory). We still don’t have it working for IE9 at all.

        Newer is not always better.

        1. X2-Eliah says:

          Yeah, the same goes for 16-bit executables that don’t work with 64-bit OSses. But then you got to wonder, whose fault exactly is it now – the ones that keep improving and developing, or the ones that stay on ancient versions and refuse to update their software?

          1. krellen says:

            I was reflecting to myself on this this morning, actually, and came to the conclusion that our ability to utilise technology no longer keeps pace with our ability to improve technology. We’re basically at a point where we get just about everything we want out of our existing technology, and until someone dreams up a few new never-before-considered uses, making sure you have a new technology (as opposed to, say, five-year-old technology) is mostly one of status, not of usability.

            Those 16-bit executables do exactly what we need them to do. Why do we have to redesign them just to keep “updated”? No one’s seen a need to redesign the hammer lately.

  58. Mari says:

    Thank you for restoring my confidence. My mother-in-law called on Friday with the same variety of virus. She doesn’t run much in the way of virus protection but unlike you she has no clue how to surf safely despite my repeated instructions. The lack of protection is because every time I clean up her computer I install security software again and within two days she’s disabled it because it makes things too slow.

    Anyway, I tried to clean this sucker up. The software that I re-enabled claimed it was all fixed. But it obviously lied. I felt the lie so I ran my usual Hijack This and could clearly see evidence of the malicious code. But nothing was killing it. Luckily, the woman has one saving grace with computers. She saves the disc to EVERYTHING. We’re talking about a woman who has an original set of Windows 3 floppies beside the desk, despite the fact that her last THREE computers haven’t had floppy drives. So we did the ritual cleansing and exorcised all the code demons.

    But I was feeling like I had lost my mojo when I saw in your Twitter feed that Spybot had done the trick for you. Good to know I still got the juice as much as anybody.

  59. B.J. says:

    Whenever I see those virus popups I just kill the entire browser. Too risky to click anywhere near them.

    1. Mari says:

      LOL I’m paranoid. I kill the browser through the task manager. At the same time I start checking for suspicious processes. Then I run a couple of scans. Then I double check with Hijack This. Then I go back to threat level green and resume normal operations. The funny thing is, I’ve never had a computer trashed due to viruses. I’ve cleaned up the smoking remains of other people’s devastated hard drives (ok, that was a metaphor) but I’ve never been hit so hard on my own box that I couldn’t clean it up fast and dirty. I’m just paranoid.

  60. Rayen says:

    What is the difference between Firefox and Internet Explorer and why are people so vindictive and fanatical about which is to be used? I downloaded Firefox to see what all the fuss was about. I still see Adds, i still have to type URLs, i still surf the web as i once did. It isn’t, I repeat IS NOT, better. It is different. In fact on my machine FF takes up more memory than IE.

    I guess it isn’t made by Microsoft and therefore not the instrument of “the MAN” keeping us unwashed masses in line.

    1. GTRichey says:

      Firefox is better for it’s adherence to web standards. This is very important, because it saves a lot of time for web development and allows web developers to do a lot more and often with less effort. Microsoft uses a proprietary rendering engine for IE which means it handles a lot of things very different from other browsers (Chrome, Safari, Firefox). As a user you’re not often going to notice a lot of differences on web pages, but browsers like IE cause a lot of headaches.

      That said Microsoft is getting closer to adhering to web standards appropriately with more recent efforts, though they’re still a long way off (last I heard IE still didn’t get 100 on Acid3 which every other common browser has for years now, including mobile phone browsers).

      1. Mari says:

        Opera used to be the most compliant with web standards (not sure anymore). Sadly, hardly any websites coded for it to the point that I finally had to stop using it when TurboTax wouldn’t even let me do my taxes anymore without using a different browser. I miss my Opera, but FF is pretty awesome.

        1. GTRichey says:

          I personally find firefox too much. I use Chrome in windows and Safari when I’m not in windows. The industry seems to be heading toward Webkit being standard. Which is never a good thing because it’ll kill innovation. It’s not surprising though since most pre-installed mobile browsers are based on Webkit and two of the four main desktop browsers are. I’d personally love to see a simplified Gecko-based browser… I don’t need all the extensions and such and Firefox just isn’t as fast as others.

          Can’t remember what Opera is based on, but I think it is pretty standards compliant… they also tend to pioneer a lot of cool features (that don’t mess with rendering).

          1. Ian says:

            Opera is based on Opera Software’s own layout engine, called Presto. It’s pretty awesome. I was actually using Opera quite a bit this weekend while I installed Gentoo Linux on my laptop and desktop, since it’s the best browser that the LiveDVD comes with, and I really remember why I used to like that browser so much.

            I do recall its rendering engine breaking rather badly on non-standard compliant sites. I’m pretty sure that’s why I stopped using it way back when.

            As for a lightweight Gecko browser, I think K-Meleon is the best that you’re going to be able to do. It still supports extensions and stuff like that, but it might prove to be a bit more trim that Firefox. Firefox 4 is also significantly faster than 3.6, so if you haven’t tried it yet you may want to give it a go to see if it works a bit better for you.

      2. Ian says:

        To be fair, Firefox doesn’t score 100 on Acid3, either. In fact, it’s only 2 points ahead of IE9. The only major layout engines that pass it are Presto (Opera) and WebKit (Safari, Chrome, etc).

        That being said, Acid3 isn’t a very good test of practical adherence to web standards. You’re better off sticking with a more focused, better explained set of tests, like the HTML5 test or, if you have a lot of time on your hands, the official W3C CSS test suite.

        1. GTRichey says:

          True there isn’t any one test that can really tell you all you need to know. The main point is that Microsoft has been the worst offender. IE9 is by all accounts much better about this, but I’ll stick with Chrome/Safari myself. At this point there really are a large number of decent browsers which is always a good thing for consumers (though I’ll throw in that I think open source is the way to go for rendering engines).

        2. Deadfast says:

          The sole reason why Firefox doesn’t have 100/100 points on Acid3 is that Firefox doesn’t have support for SVG fonts.

          1. Ian says:

            Yep. That’s one of my primary complaints as to the validity of Acid3 as a web test. I didn’t remember exactly which feature Firefox didn’t support, but I knew that the feature that it didn’t support was largely unnecessary.

            Another issue that I have with tests like Acid3 is that they aren’t always correct right out of the gate. When Opera and Safari boasted a 100/100 pass originally, it took the Mozilla team to point out that one of the tests were actually implemented incorrectly.

            1. GTRichey says:

              See above, obviously no test is going to tell you all you need to know. It still remains that MS has always done pretty miserably in the area of standards compliance and while that’s by many accounts better with IE9, it’s not enough to sway me.

              1. Ian says:

                Yeah, no one test is going to cover everything, but people who write highly publicized tests should focus on what is practical. That’s the real issue here.

                In the rush to pass Acid3, some browsers shipped with broken support for standards because the test itself was wrong. That’s far worse than failing the test.

    2. Blake says:

      To me Firefox is all about the extensions, customize the entire thing to your browsing habits.
      Get extensions to block videos auto-playing, get Greasemonkey to add your own javascript to any page (to disable auto-redirects for instance), change tabs from the top to the side, use ad-block to block ads from many sources, add mouse gestures to any command you want, give yourself the ability to right click any word and have it take you to wikipedia, make all links in the browser actually tell you where they’re linking you instead of lying and saying they’re going elsewhere, turn any URL into a link automatically, the list is endless.

      If you ever have something you wish it could do but can’t find an extension for it, write your own!

  61. Scott Richmond says:

    This post makes me angry.
    I can understand and have myself been having the exact same experience in regards to virus-free internet by being smart. But it makes me angry to read the latter half of your post about how long it takes to install Windows XP. I mean, for gods sake, that right there is old-man-stuck-in-his-old-ways syndrome. Even the most jaded MS hater can these days agree that Windows 7 is a seriously top notch OS. There is just no reason to be on XP anymore. None. You could have installed Win7 and learned its differences in less time it took you to get XP up and running.

    ‘I don’t have the scratch to buy Win7’ – No excuses, you can download and install Windows 7 for free, from MS’s official servers, and run it for 180 days before it drops into reduced functionality mode.

    Now snap out of it old man, join the rest of the world.

    1. Blake says:

      This guy does have a point.

    2. Zak McKracken says:

      I can follow you and agree, up until the thing with the demo version. If it drops to reduced mode after 180 days … well, maybe I don’t want to reinstall my OS twice a year? Or settle in, find my way, install my stuff, and then be forced half a year later to either buy W7 or go back to XP or whatever (which is probably why MS does this). Installing the demo is probably almost the same as buying the real thing, at least if you intend to actually use it on your main computer.
      I just looked it up: Windows 7 sets you back between 170 and 280 Euros over here, so it can’t be horribly cheap in the US. I understand anyone who does not want to pay that amount, especially when the “system builder” version is just half of that, and with a new complete PC it’s probably even cheaper, so the most sensible way to go to W7 is certainly when buying a new computer, not buying the standalone version or working with a demo.

      1. wootage says:

        On the subject of costs, the Family Pack of W7 ran me 150.00 US, so that’s 50 bucks a copy vs 99.00 per unit singly (and I don’t think they really check to see if everyone using it is related :) ). Not that I’m saying Shamus should buy it, but just saying, it can be had for reasonably cheap per unit in that form.

      2. Scott Richmond says:

        Yeah there are plenty of cheap ways to get Windows 7 legitimately through family packs or student rebates or whatever else. There are heaps.
        I don’t think there is really any real excuse not to get it – The price is one or two AA games, and it will provide years of increased productivity.

        1. Mari says:

          Um, if you didn’t recall Shamus pretty much hadn’t been playing new games either until his press creds came through and he was getting them free. He and Heather are in a pretty tight spot financially right now while he tries to write the great American novel. I’m pretty sure anything more than “free in perpetuity” is more than he can afford right now. Although if it’s so allfired cheap, you’re more than welcome to buy him a copy :-)

        2. Shamus says:

          Oh really? Win7 is “free” for 180 days? AND THEN WHAT?

          You guys telling me that $150 operating system is “cheap”… not according to my abacus here. But if $150 really is chump change, then the paypal button is on the right. Thanks!


          1. Simon Buchan says:

            See my comment further up :)

            EDIT: Also, it makes your background black, puts “YOU SHOULD PAY US MONEIES” in the bottom right of the screen, and throws up a popup every few hours. It’s somewhat annoying, but not disastrious

          2. Simplex says:

            You already have XP, I guess win7 upgrade should be considerably cheaper.
            And if I’m not mistaken, there are ways to install “fresh” Win7 that is meant for upgrade.

            1. Ian says:

              The Windows 7 upgrade doesn’t even attempt to do an in-place upgrade of Windows XP. I think it’ll help you migrate your settings over (I don’t do or recommend upgrades, so I haven’t tried it) but that’s the extent of it.

              And yeah, you can typically install a completely fresh copy if you skip putting the product key in during installation. Kind of weird, but it works.

          3. Scott Richmond says:

            Are you saying you can’t drop $1 into a tin every day for that 180 day period? If so, then fair enough. Clearly things are tight.
            The way I see it, the hours of your life that you spend fucking around with XP and the hours that could be saved by using any modern OS (Lets not get too biased here) would probably be worth it.
            Even then, I can guarantee you’ll find it for much cheaper if you looked.

            1. Soylent Dave says:

              Not wanting to stomp on your “anyone can afford $1/day” point, but you may find that – especially when you have children – you can try to put money aside, and then shit happens.

              And then the money you’ve been saving gets eaten by something far more important than a new operating system. Usually involving your kids.

        3. Zak McKracken says:

          You’re still assuming that one needs an excuse to not buy Windows 7?
          Do I need some kind of testimonial or medical certificate or will an informal declaration do?

          *ahem* Yeah, so I’ve been meaning to do it, but then I had some work to do, and then I didn’t have time to go to the store, and next day I thought of it, but then the internet didn’t work, and the dog ate my homework, so I had to do that all over, and then I thought, aw, maybe it’s alright if I just leave it for next week? Sorry.

          That alright with you?

          See, there are lots of things I have no “excuse” for not doing, but the thing is I don’t need one. I’ll get Win 7 exactly when it’s convenient _and_ I have the time _and_ the nerve to migrate _and_ see some sort of need to actually do it _and_ think it’s worth the money (meaning I do get a useful improvement in my own view _and_ the required amount of money is not more precious to me than that) _and_ if I feel like it.

  62. Zak McKracken says:

    Hmm… what I do in such a case:
    Fire up the neglected Linux boot on my windows machine, start clamav (wait while it’s updating…been a while) and scan the whole thing over. I did get rid of an infection that way once.
    Of course, having a Linux partition just for that reason is a bit … weird. But there are two other ways:
    1. Configure the router to block your windows machine (in or out), allow network access to the hard drive via Samba, then start _another_ Linux computer (like, your wife’s), with Clamav on it, scan, clean, go on.
    2. PartedMagic on a USB stick or CD. Helped me lots of times with lots of problems. That’s a very small and specialized Linux distro. It lets you backup complete partitions in compressed form (via network, even via internet if necessary), has a few other tools to deal with hard disk failures and related problems, and it also has … well, clamav.

    This isn’t really about Linux, I guess MacOS might do as well (is there a virus scanner for MacOS that will find windows viruses?) The thing is just that if it’s a different operating system, the same virus won’t infect it. Whenever I have the impression something might be not right, that’s what I do immediately, before the virus can spread even further.

    1. Atle says:

      Of course, having a Linux partition just for that reason is a bit … weird.

      No, it is extremely sensible. To the point where I think everyone should do just that, and have their head examined if they don’t!

      It doesn’t even take a lot of hard disk space. Much less than a gigabyte is enough using the right distro.

      Also you can backup and restore your windows system partition easily using dd.

      1. Zak McKracken says:

        Well, I still think if virus-scanning is all you ever do with that installation you might as well just put it on a stick or a CD.
        Saves you the work of making a partition available, dealing with potential boot sector and/or boot loader troubles, plus it will still work if the hard disk(s) in your computer have problems.
        I have had partedmagic on a stick for some time now, and it has saved my ass two times already, including on my work-centered Linux machine, which has a not-quite usual RAID configuration that causes troubles sometimes. Very good if you can get a fresh outside perspective in that case. Of course, with a live OS, you can’t save hardware and other configuration stuff. But if it’s just for repairs, that’s probably that big a deal anyway.

  63. Zak McKracken says:

    On the topic of virus safety: I’m pretty sure there are (or at least were at a time) viruses that can kreep onto your windows machine even without you doing anything.
    Had a Computer with win2k for a long time, in a student dorm with ~500 other computers in a LAN. Nothing bad happened. I moved out. Then, 4 years later (2007 or so), that same computer caught a virus although it was never used for anything but playing (old) games on the LAN, not even e-mail.
    It started behaving weird at some point, and doing the virus scan was like watching a horror movie.
    Whatever got on there must have got on through the SMB shares, which are theoretically not accessible from the internet, but I’ve no idea how else it could have happend. OK, that thing was pretty outdated, but still.

  64. wootage says:

    FFR, you can do a backup of your Steam games to another drive and restore them at will using their utility. You can also just copy the games out of the Steam folder and when you put them back, run the “Check local cache for integrity” thingy on the game and it will fix it right up to run. I do this because I have my Steam and other games on a 60gb SSD hooked up externally through a USB 3.0 card, so I don’t have a lot of room for old games. But the bonus is, I’ll never have to redownload them :)

  65. superglucose says:

    Hey kids, see this 4 hour process? See how he tried removing it first? That’s why Best Buy charges $200 for their service (which is now a bloody 1 year subscription to unlimited virus removals and whatever else). That’s why I offer data backups. Because we’re saving you 4-20 HOURS of work freeing you up to do other stuff.

    Now stop complaining that it’s a “rip off” because if you have a virus and can’t remove it yourself, it’s your damn fault you got it in the first place, and I obviously have technical expertise you don’t have or you wouldn’t be coming to me in the first place.

    Oh, and your car’s warranty doesn’t cover you if you drive it off a bridge, why the hell should your computer’s warranty cover you downloading and running virus.exe?

    1. X2-Eliah says:

      What if all the other stuff requires the use of the pc anyway?

    2. Khizan says:

      The only computers I’ll clean for free now are my parents’ computers.

      Anybody else, they can pay me a decent amount, or they can pay Best Buy two hundred or whatever they charge. Once people learn that getting their computer fixed is going to cost them $50 at a minimum, they start to appreciate the need to take precautions with their internet use.

      When it’s free, I find that they’ll ignore all advice given about how they should run Avast! or the like and shouldn’t click every email link and such. It’s amazing how much more willing they are to take your advice and run a virus scanner once they realize that you’re going to charge them an hourly rate, and that this includes time spent waiting for programs to update, waiting for installs to occur, etc, etc.

  66. LB says:

    Hmm. I’ve never really understood the approach of just “being careful” without anti-virus software, for people who really use the internet a lot.

    Considering how easy it is to stumble upon something bad when you’re just Googling something, like those cheats.
    Or especially on Image Search, where my AV software seems to have to block a lot of attacks.

  67. Legendary Teeth says:

    It sounds like WAMP is better now, but I always liked XAMPP. It’s been completely turnkey for a while.

  68. Luke Maciak says:

    Shamus, here is a list of useful things to try in the future. When dealing with nasty infections, my routine is usually as follows:

    Run Rkill to kill the running malware processes

    Then do a once-over by hand using Sysinternals Process Explorer:

    Kill anything that looks suspicious. This usually gets rid of most of the running crap and lets you work in peace till the next reboot.

    Clean out TEMP files

    I usually use ATF Cleaner:

    It may get rid of bunch of the randomly named files these things dump all over the system. Also, less files to scan with AV solutions.

    Combo Fix

    Combofix is like industrial strength malware assasin. In my entire IT career I only encountered one infection that could not be removed by this tool – it was some very deeply entrenched rootkit.

    Clean up with Malwarebytes/Superantispyware

    At this point you should be able to install malwarebytes and do a final sweep to make sure nothing is left.

    Dr. Web CureIt is also good for this.

  69. Loonyyy says:

    I ran into the same situation previously, on two separate occasions, whilst looking up a game wiki for a tutorial, and on a cheatsite, like you found, some advertisment ran a script of some kind and started exactly the same sort of sequence of issues. Except this one told me that taskmgr.exe was a virus, and killed it off before I could even learn the process name. It uninstalled AVG 10 and prevented me from using all exes, and kept nagging me to buy a “full version” as my machine was infested with blasterworm. Retro Virus night at the PC folks! I had blasterworm once. Like 6 years ago. Nice try Black Hats. Nice Try.
    I found that running a NoScript add-on for Firefox helped, now nothing gets to run anything without telling me, although I haven’t yet tried to test it. I have no desire to revisit 20 minutes of restarting, safe mode-ing and system restoring to get an assignment in on time.

  70. SpammyV says:

    Wow. I feel utterly lost in this conversation right now. I’m such a noob that when my computer gets hit by something similar I take it down the to PC shop and just pay to get the virus wiped off of there. They’re great guys, I just wish I didn’t have to see them so often.

  71. CalDazar says:

    I’m the person who keeps my computer running for 4 or so people.
    I can get rid of just about anything these days.
    By the end of any infection I know I’ve removed everything and I even removed some things I need to replace.

    Getting a blacklist add-on has proved the best protection against repeat infections.

  72. coluasa says:

    One reason for Windows XP Pro is that Home edition doesn’t have remote desktop running on it AFAIK. Nice to have sometimes.

    Also, these virus scams often/generally drop a hidden exe file in the hidden folder C:\Documents and Settings\\Local Settings\. This file is then run at boot up by some registry key. Using “Autoruns”, a Microsoft tool, can show you everything that starts at boot up. AutoRuns can be information overload, but may help you track down a suspicious exe that is called at startup.

  73. tremor3258 says:

    I’ve seen malicious ads snuck onto normally perfect safe sites – I do think it’s worth the hassle of running with shields up (you lost, what, four hours before having to re-download everything?)

    But I join the chorus on 7, it’s like XP with more experience points.

  74. Simplex says:

    Almost forgot, Win7 FTW

  75. Bai Shen says:

    Couple things.

    Firstly, good article about why format and reload is the only solution to a virus.

    Secondly, you can’t actually uninstall IE from XP. Windows Explorer and Internet Explorer are two sides of the same coin. So even though you won’t use IE for your browsing, I’d definitely recommend updating it to at least IE 8.

    Lastly, I’d recommend Avast for anti-virus. I’ve found that it works well and isn’t resource intensive. I’ve also heard good things about the MS solution, but I can’t remember if it runs on XP.

    Oh, and as a side note, some of those pop ups hijack the close function of the window. So clicking on the X is the same as clicking on it. The only way to stop that is to kill the process using Task Manager.

  76. Ergonomic Cat says:

    Have you considered BeOS? I never hear about it getting hacked….

    1. Zak McKracken says:

      Yeah, cool idea!
      Or failing that, you could always go to OS/2 — reeeaal multitasking, baby!

  77. TA says:

    So, with this object lesson in why antivirus is important even if you are extremely strict about what sites you do or don’t go to, are you going to run some sort of antivirus in the future?

  78. Stranger says:

    I honestly navigate my browser windows more by two-hand method these days. If I get a strange window popup like the virus mentioned here? Alt-F4 with my left hand as my right moves the mouse to reopen Firefox again. I do not tolerate that crap :)

    Partly because my mom used to call me into her computer room every two weeks or so because said exact type of popup would show up and freak her out a little. And she got infected just about the same way, which earned her a quick rundown of “how not to catch stuff when you browse”. Starting with: “CLICK ON NO POPUPS EVER. Close Firefox rather than click anything related to them. Reload your browser tabs from history and memory. And for god’s sake please stop trying to run more than 6 tabs for hours on end.”

    She still doesn’t listen to the last one.

    1. Simon Buchan says:

      Why should she? That is standard practice for browser usage.

  79. nehumanuscrede says:

    Not a fan of Linux ? Understand.
    Don’t want to dual boot on the same drive ? Understand that too.

    A fix any self-proclaimed Geek would love.

    The Sata power selection switch. Schematics are out there to build it. Fairly simple to do, works damn well. Multiple hard drives power isolated from each other. Want Linux to browse the web with ? No problem. Rotate the switch and boot.

    Want to run Windows on another drive for gaming ?
    No problem, rotate the switch and boot. Maybe a third
    drive for playing around or a serious install of Windows for
    content creation ? Yep, rotate the switch and boot.

    Is like having two or three computers all packed into one hardware chassis.

    Don’t have to worry about all the usual BS when booting multiple OS’s on the same drive. Works rather well actually.
    I have Ubuntu and two versions of Windows on my system.

    Ubuntu for standard web browsing, one gaming install of Windows, one that is Net Restricted ( via the router ) that
    runs my 3D apps.

    Unlikely I’ll ever have another computer without the drive
    selector switch on it again.

    1. Bai Shen says:

      Interesting. I did something similar a while back. But I did it by changing the boot order of the hard drives in BIOS. That way my experimentations with other drives wouldn’t mess up my RAID array.

  80. Alan says:

    Completely off topic, but as I type this there are 370 commments, and this is the second large comment post within a few days.

    I think that it is time that the commment captions such as “There are now n+1 comments, where n is a ridiculous number.” is updated.

    I think that those ones are fun…

  81. 4th Dimension says:

    For fast format-reinstalls, I use unattended edition of Windows XP (also bult my own for Win7). It installs win and most of the other necessary crap (Firefox, Office, Java, Flash, K-Lite etc).

  82. Zaghadka says:

    In XP, I have been running with a Limited User Account, also known as a “standard” account. With proper (default) access lists in place, running in that context would likely have prevented any virus from getting to your Program Files directory.

    That said, running a LUA is a royal pain-in-the-arse. I had to spend lots of time in Sysinternals procmon, trying to figure out which program wasn’t written to proper security standards, and was therefore trying to change things in HKLM from a user context, instead of using HKCU to store the settings. It required me to change permissions on some registry keys, but that’s better than having them all open for writing.

    If that last paragraph didn’t make sense, you should approach LUA like Von Helsing, and put a stake in its heart if you ever see it.

    OTOH, if that sounds like fun, you might consider it, as it will greatly enhance your security by requiring an admin token (and password) before hosing your programs directory, instead of simply a click. Actually, you’ll probably never even get to typing the password, it will just give you an error message.

    I actually had fun learning about the security settings on my software, and once you fix any “LUA bugs” it’ll run just fine in a Standard account.

    (The only problem I had with it is that there are some ugly workarounds you have to employ to get some PC Gameport game controllers to work properly. If you need to use such antique hardware, I can give you the workaround. It is probably the main reason why Gameport was dropped in Vista. It just works very poorly in a LUA context.)

  83. Atle says:

    I use Linux for everything except gaming, including scanning the Windows partition for viruses.

    The thing is, once a virus gets admin on your Windows box, in has in theory full control of your running system. That can make it really hard to get rid of.

    But booting into Linux the Windows virus is a sitting duck. It’s reduced to passive files that can easily be scanned and removed by Clam AV.

    Also I keep a raw dump of my Windows partition as a backup.
    backup: dd if=/dev/hda1 of=hda1.raw
    restore: dd if=hda1.raw of=/dev/hda1

    It just doesn’t get more simple than that.

  84. Zaghadka says:

    Hah! I love how the context driven ads serve up Symantec Norton AV, so we can all associate the abject dissatisfaction expressed with their official corp. logo and PANTONE yellow color.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply

Your email address will not be published.