coneblog

I’m looking at the screen on my spouse’s laptop, at the blank IE window that just popped up. The malicious Adware code is vainly trying to load components that I have erased off the Drive. It is badly damaged, with most if its code stripped away. It is trapped, with access to its adware site restricted. But it is still running.

Malicious, Infectious Code; every last piece of you is going into the bit bucket.

I’ve been battling this Adware infection over the last several days. I’ve now logged over eight hours on this problem, more than enough to just replace the machine at my full billing rate. But still fragments remain.

I go back to the tutorials on mvps.org/winhelp2002/unwanted.htm. I follow a link to Merijn.org. I download Hijackthis, run it, and pour over the entrails of my Win 98 SE machine’s registry, boot run applications, and suspicious Active X controls.

Note to self: what do families do who don’t have an IT consultant on call who is comfortable with Regedit and erasing files from Windows/system32? Do auto mechanics wonder the same thing as they fix the family car?

I wander far across the internet terrain, over mountainous listings of boot time run files, the good, the unnecessary, and the ugly. I cross the unfathomable desert of registry entry GUIDs, trying to distinguish the harmless Google search tool entry from the sinister LOP.com infection. I find oases of help and encouragement. I follow the faint traces of the adventurers that came before me – links to sites, and postings on forums. I pick through the tattered fragments of scan logs from unknown machines, looking for clues and direction.

As an aside, it is difficult to believe that this level of effort, with this many tools and sources, and this level of technical expertise, is required to remove something not asked for or wanted in the first place.

I was trained as a life scientist and biochemist, and a part of me can’t but admire the skill and tenacity of these code organisms in finding their niches in the fertile ecosystem of the internet/wintel global environment. The other part of me wants to strangle somebody.

More hours hence, I am completing a complicated sequence that I found among the 400 plus entries in the Spywareinfo website: forums.spywareinfo.com/index.php?showforum=18 . In its ritualistic structure, strong sequencing, and reliance on words of power such as “deep scan” and “safe mode”, the sequence reminds me more of a magical incantation than a software maintenance procedure. Nonetheless, I boot in safe mode, run a final Hijackthis scan, and “fix” the last, elusive wintools infection component. A reboot, and I’m in IE, looking at my normal homepage.

I browse the web aimlessly. Minutes pass. Nothing happens, nothing pops up. The scans all come up clean. Is this it? Have I beaten it? Have I rooted out every last trace of the malicious adware? Or is it [dut dut DAAAAAH] only at bay, hiding, waiting for the quiet moment when my spouse, The Reverend, is editing a Sunday Service Bulletin in Word before showing itself again?

Only time will tell.