the malware cometh
working on a student's machine. he came to me a week ago saying "i think my computer has a virus. its slow and porn pictures keep coming up."
"no problem," i said
so he comes in today with his machine. rambles a bit about how it used to be fast, etc. his virus scanner had expired long ago (even though all students are eligible to download NAV for free with unlimited updates from calpoly.edu), but he says he always installs the windows updates... sure.
so what did i find?
- no administrator password. whoa. the guy didnt even know there was an admin account (this is one of the biggest entry points for worms/virii/mal/spyware)
- no firewall enabled. not huge, but it helps to turn it on.
- no service packs installed. doh. here come the virii.
- plenty of strange programs and processes running. one even called
couponsandoffers.exe (they could at least be subtle about writing this crap)
- within 10 seconds of plugging into the network, porno popups galore.
so i decided to run
ad-aware and
spybot. much to my amusement i found:
- over 300 entries found by ad-aware of malware, etc. then 21 more after updating definitions.
- at least 100 found by spybot. then 75 more after i updated its definitions.
- an unauthorized windows key (cant do a windows update without some tweaking)
plenty of scanning, installing, patching, some rebooting, and a good amount of laughing (cause it aint
my computer) later, its running slightly faster, with far less unintended porn, and hopefully pretty well protected against future assaults. my two degrees are starting to pay off. oh wait, no they aren't. well my interest in computer security sure is. well, not
paying off, just ... uh. well, crap.
at least this guy's machine runs better now. i feel good about that. sure feels better than just replacing toner in the printers all day, thats for sure.
on iTunes:
Hey Ya from the album "Speakerboxx/The Love Below" by
Outkast
Posted by Steve on November 19, 2003 08:26 AM
| TrackBack