Tuesday, August 26, 2008
The Worm that Never Sleeps
It all started very innocently. Or at least that’s what my son, Jason, believes. A few days ago I accidentally clicked on a pop-up and that’s probably when the worm made his first appearance.
Here’s what he looks like (right) … a legitimate-looking ad for an antivirus program, right? But I’ve already got one (Norton) so I just click the “X” in the upper right hand corner.
But then he comes right back, and this time he brings a friend (left) … an even more annoying pop-up because there’s no way to close it without making a choice between the two options it offers, “Activate Now!” or “Continue Unprotected.” So I continue unprotected, which feels scary, until I find out it’s not a real threat. It’s a worm.
My friend John M. says the worm might have been living in some of my system files for a while, just waiting for an opening. My daughter Beth sent me an email from the University of Tennessee Architecture Grad School saying the word is a hoax going to get people to buy something. But it's much more than that. And my friend John S., along with Beth, John M. and Jason, spent a lot of their personal time trying to help me kill the worm yesterday and last night. Some of it's other tricks are popups like these (right and left).
I’ve spent all morning today working on it… even said prayers to Saint George ,who slayed the dragon, (this is an icon of Saint George, right)
and Holy Archangel Michael (who ran Satan out of Heaven) this morning. (icon at left) But I’ll understand if they don’t come to my rescue, since I rarely talk to them unless I’m in a bind and need their help.
In the Old Testament, the prophet Isaiah talks about "the worm who never sleeps" ... and icons of The Last Judgement, like this one (right) sometimes show the sins of greed, sloth, anger, lust, gluttony, etc. as links that go together to make a long snake-like creature.
I can see why prophets and iconographers use the worm as verbal and visual imagery for torture that goes on forever. I've only had this worm for about 48 hours and I'm already going crazy!
Evidently the worm, which masquerades as “MS Antivirus,” won’t really hurt my computer. He will simply drive the user mad, slowly, like Chinese water torture. Even as I’m typing this post, I’m having to click on the “X” on the first pop up and the “Continue Unprotected” box in the second one about every thirty seconds or so. Yep, there they are again. And again.
So, the first advice I followed was to install and run Adware (from Cnet) but he couldn’t find the worm. Then I installed and ran Spybot’s Search & Destroy tool (also from Cnet) and he found and destroyed Adware (these warriors seem very territorial to me) but couldn’t find the worm.
Next I downloaded Symantec’s W32.Sasser.WormFix Tool, as well as the same tool for “Blaster.” And then ran through the entire process again, only this time after rebooting and opening in “Safe” mode. Neither tool found the worm.
So I tried something Jason suggested: System Restore. After being sure everything that mattered to me was backed up on my external hard drive (which I’ve been doing almost daily lately!) I went in and restored the system to the way it was 2 weeks ago… since we’re pretty sure the worm arrived only a few days ago. But that didn’t get the worm. John S. (or M? I can’t remember now!) said the worm hides itself in places that System Restore can’t get to. Great.
So today, John M. sent me this link to a site that tells how to remove the worm manually.
Manually. I decided I wasn’t strong enough, so I took a break from the computer and went to Pilates. And then to Sonic for a hamburger. And then came home and poured a glass of wine. And sheepishly glanced again at the icon of Saint George and asked his help again.
First I printed off the 7 pages of instructions from the site so that I’d have them in front of me as I worked. Here’s what the first page of the site looks like.
First I clicked on a link at the beginning that said Download SpyHunter Spyware Detection Utility, which I did, in case that was necessary to make the rest of the steps work.
Then I did the step called “Stop AntivirusMaster Processes” (with its own link).
And then “Find and Delete these AntivirusMaster files” (with another link) … and it did NOT find any of these files.
And finally “Remove AntivirusMaster Registry Values” which you have to do in the Registry Editor.
Keep in mind that I had never heard any of these words before yesterday. It’s like taking a 24-hour crash course in a foreign language.
But I make it through to the end, when it tells me it has “finished searching through the registry” and therefore didn’t find the worm.
Oh, and this is interesting: right under that is another link to download SpyHunter Spyware Detection Utility, with a message that you can use it FREE to hunt but you have to pay for it if you want it to destroy.
So, have I been using SpyHunter to hunt? But he didn’t find the worm, so why should I pay him to remove something he can’t find?
I’ve been at this for about 36 hours now, and the worm lives.
Maybe it’s time to get the red monkeys.
Or help from the Mad Hatter Hunters.
If anyone out there knows how to kill this worm, please tell me! Leave a comment below, or send an email to sjcushman at gmail dot com (written in code in case the worm is reading).
Meanwhile, I’m taking a bottle of wine over to a friend’s house and will just try to forget about him for a while. This is how I feel about my computer right now (above).