Nov 9

Windows "anti-virus"

2 Comments »
Today I was asked to look at a computer that was claiming to be infested by viruses following clicking on a link from facebook. This was of course a Windows situation, so I was unsure how much help I could be given how long it's been since I had to use Windows.

Anyway, I booted up the computer which swapped incessantly due to the low memory it had, but also due to whatever malware was at play. So eventually windows booted up, launched Internet Explorer which was already suspicious, and the systray showed a flashing shield. It didn't take me too long to work out that the window full of virus reports was bogus. Eventually I killed all the running crap in the task manager (ctrl-alt-del) then loading the task manager to start closing various applications. I also closed the "WAV" and suspicious "cmd" processes that were taking much of the CPU and had no good reason to be running.

After that, I nuked the contents of "C:\Program Files\WAV" suspecting that to be the problem, and for good measure ran the registry editor (Start, Run, type regedit and hit enter) and searched for occurrences of WAV that pertained to this stuff and nuked them. That is, of course, not for the unwary. When I restarted all was well and the problem was gone. Well, I removed the shortcut on the desktop for the now non-existant WAV. I'm putting this here so it can be forwarded to a few other victims.

Friends shouldn't let friends run Windows. I know...

Posted by Colin Turner

Bookmark Windows "anti-virus" at del.icio.us Digg Windows "anti-virus" Mixx Windows "anti-virus" Bloglines Windows "anti-virus" Technorati Windows "anti-virus" Fark this: Windows "anti-virus" Bookmark Windows "anti-virus" at YahooMyWeb Bookmark Windows "anti-virus" at Furl.net Bookmark Windows "anti-virus" at reddit.com Bookmark Windows "anti-virus" at blinklist.com Bookmark Windows "anti-virus" at Spurl.net Bookmark Windows "anti-virus" at NewsVine Bookmark Windows "anti-virus" at Simpy.com Bookmark Windows "anti-virus" at blogmarks Bookmark Windows "anti-virus" with wists Bookmark Windows "anti-virus" at Ma.gnolia.com wong it! Bookmark using any bookmark manager! Stumble It!

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

2 Comments

Display comments as(Linear | Threaded)
  1. Peter Adams says:
    11/10/08 07:19:39

    The problem lies in the combination of cluelessness and paranoia. I had someone throw a wobbler on me recently because i clicked past that warning screen that comes up when you try to browse C:\WINDOWS\ yet these same people will install the first 'security' program they come across. I've heard about people who assumed they were protected from all evils because their computer came with a Norton product of some description, despite the fact they had disabled updates, disabled the program, or at times didn't even have it installed.


    I'm aware of how easy it is for the likes of us to scoff as running a PC has basically been second nature to us for a large part of our lives. It's hard for us to envisage what a computer looks like to those without that experience. I've seen people who've struggled with using a mouse and largely look upon the whole thing as a kind of magic box that they prefer to limit their exposure to.

    I recently installed the latest release of Ubuntu and it's getting close to the state where I would recommend it to 'the ordinary person', though I'd still dread the questions like: "So, how do I run Outlook on this?" For a lot of people who work with Office on a day to day basis as part of their occupation, getting Linux to work with it comfortably isn't easy. the business world is still exclusively not only a Windows environment, it's a Microsoft environment. to be part of it people NEED to run the likes of Outlook and weaning them off that is going to be a long hard slog that will probably take generations.


    It's also an issue with Linux that, because of the focus on free software, it won't handle many of the common proprietry formats 'out of the box'. Though Totem will offer to search for and install mp3/divx etc codes when encountered, which is a step forward.

    My worry is what happens when virus writers start writing virii for Linux to take advantage of the common users general ignorance. How about Browser exploits that pop up what looks like a sudo window asking for the users password? akin to those face system windows that get the punter to install some malware thinking it's a security message?

    If I was asked to install Linux on the system of an un-savvy friend or relative I'd personally feel reluctant to let them have sudo access to their own machine requiring them to contact me anytime they required something installed or maintained. With a secured openssh server installed on their machine it shouldn't be a problem.

  2. Colin Turner says:
    11/19/08 11:59:15

    Hi Peter, I agree with all these sentiments, but for example, I got tired trying to keep the malware off Karen's computer when she was running Windows. It was probably from stuff she was inadvertently tricked into installing. It was easier just to put her on Debian, no problems since, and she can use all the software she needs.

    However, I generally do the sysadmin stuff on her box, as well as my Mum's and a dozen other, and yes, I tend to rather lazily ssh into lorien (Karen's machine) and run upgrades on it while she's sitting 2 m away using it.

    CT.

Add Comment



To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
Standard emoticons like :-) and ;-) are converted to images.
You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.