OK, So Here's The Deal...

A Marine Major, Running Fool, and All-Around Smart-Ass.

Monday, July 04, 2005

Infection Imperfection

(This is a back-post for June 22. I will catch up on my normal site when I return but wanted to start posting these for general S&G as I get them done on vacation)

It happened again. I got an uber-virus on my computer and I’m not very happy about it. I truly wish I could meet with the author of this virus or any virus author so I could proceed to beat the holy living shit out of them. Then pound them until they are pink mush. And then beat them some more. And then form their geletous refuse into the shape of a human again and start all over.

As you can tell, I’m not too happy about all of this.

It happened when I innocently tried to look up some lyrics. I know that these days, Googling for song lyrics is pretty much just pulling up a list of spyware/virus sites. I had gone through this before so to try to head this off, I scrolled down a few pages in the hopes that I could get past the big ones and try to catch the lessor infected sites.


The second I hit the link, I knew I was infected. Pop-ups were coming fast and furious and my blocker was knocking them down as fast as they appeared. But then the tell-tale sign that I was infected came when my start-up monitor and another protection program came up and ask if I wanted to allow a certain executable. The good news was that it caught it but the bad news, I knew, was that it would continue to ask me over and over, in effect, screwing up my computer.

I knew I was screwed and while I knew I would get rid of it, the deep, aching feeling hit that I was going to spend too much time (defined as more than 5 seconds) undoing what some shitbag programming jackass did to me. So the steaming began.

My first reaction is to run Ad Aware. After updating it and running it, it caught the normal 15 trillion problems but I knew deep down inside that it would not fix this. I then ran Spybot Search and Destroy. Same result. I restarted my computer and still got infection warnings. Crap!!!

I then went to my Windows/system32 folder and sorted the files by date. I found a couple of .exe and .dll files that I tried to erase. Sure enough, they didn’t want to go away which meant they were in use and not for anything good, mind you.

The next thing to do was to start my computer in safe mode (gets the computer basically up but doesn’t load all the extra crap, some of which are the infected files). I went and erased the suspected .exe and .dll files. I ran both Ad Aware and Spybot S&D again (both of which take forever on my monstrous hard drives). I started the computer over and …

Still infected.

My response was not very proper. It rhymed with “suck.”

Now I knew I’d have to go to the next level of extermination: research.

The behavior was that I was getting pop up ads. How this happens I don’t know. I have a router with a firewall. I have a startup monitor. I have a watchdog program. I have Symantec Antivirus that I update and scan every night. I have Google Popup blocker. I keep updated and run Ad Aware and Spybot S&D often.

This was a very advanced program to get through all those defenses. And while I could have seen it as a worthy opponent, I didn’t. I saw it as an intrusion and a source of forced time waste.

I noted that the title bar of the pop up ads I was being served, there was something that said “Aurora – a part of the ABI Network.” OK, I knew who to bomb. Just kidding… where to start.

I found out that “ABI” stands for “A Better Network” and it was a company who supposedly served ads to people who want them. Come on guys, NO ONE wants these ads and especially when they are snuck onto your computer without a way to get them off without drastic measures.

I found a message board that talked about it and gave a few links to places I could go to get it removed. In particular, I found a script that had particular instructions to remove it and while I find it reassuring that this Trojan Horse I had stumbled on was well known, it was a new, rather nasty little bastard and it would cost me some time to rid myself of it.

Here is what it basically had me do: download two free programs (one really free and one that was a trial version). Start in safe mode and run the first one. Then run the second one. Then run Hijack This and get rid of a registry entry. Seemed simple enough, huh?

Well, then you have not been a long-time Jason-Blog reader.

I ran the first one which when unzipped created two files, one of which I was supposed to run but neither of which were named what the instructions told me they should be named. So I took a guess and not much happened, which was what it said would happen. Bad instructions, guys. You don’t tell someone that “nothing will happen” when you perform a step right because if they screwed it up (as I’m known to do from time to time to time to time…) then there is no difference in what happens if you do it right or wrong.

I then started the second program which was nothing more than a scan of my system much like Ad Aware. The problem was that my hard drive is huge and it wanted to run a scan on my backup drive, too. So with this set in motion, I went to do other things while hours passed.

When it finally decided I had had enough, it got done and I ran HiJack This, as asked. I found the registry entry and killed it.

At this point, I was supposed to start the computer in regular mode and everything was supposed to be hunky dory. And you know I just can’t let that happen so for S&G, I ran HiJack This again to see what should happen. As expected, there was no slimy bastard commie shitbag entries from spyware and I was happy. Had I effectively killed this cockroach of a program in one afternoon?

Unbelieving (or maybe just to get the thrill one more time of seeing a clean scan), I ran HiJack This one more time.

Part of me says I should have left good enough alone. The other part of me says that it’s better I found out since not knowing wouldn’t change the fact. A third side says that he likes strawberries and that he wanders if his fist can fit into his mouth. We tend to ignore that side but he takes over when in long meetings.

The entry was back.


OK, ok, maybe I screwed up the first step by picking the wrong file to run. So I went back and ran both of them. Many times. There, you bastard, did I run the right program THIS time? (yes, that’s both huffy and pissy)

It was getting late so the idea was just to set it into motion and go to bed, secure in the knowledge that I would wake up blissful and once again, fully scanned. Wow, now that sounds both dirty and scary.

I fell asleep mumbling. It bore a striking resemblance to this once again:


Subscribe to Post Comments [Atom]


  • At 10:29 PM, Blogger Kitty said…

    I was just popping by to see if you were a hottie marine :P

  • At 2:50 PM, Anonymous O! said…

    Hey! We have the same virus AND I don't care if you're a hottie marine!

  • At 9:50 AM, Anonymous Stephanie :) said…

    And let me point out, once again, these things don't happen on a MAC. But you can bet your ass that nasty code was probably written by someone using a MAC.

    LOL! at the "hottie Marine" comment. To think, I knew you way back when you were just a "hottie" eighth grader :)

  • At 3:19 PM, Blogger Viper said…


    Well, that's not for me to say but thanks for generating a lot of responses. I write a book and get nothing but silence, you write a sentence and create a work-storm.

    Tell me THAT'S fair!

  • At 3:20 PM, Blogger Viper said…


    Good, now you know how to get rid of it. If you need help (I mean with the virus, silly one) let me know.

  • At 3:23 PM, Blogger Viper said…


    And to think that you log on using your nasty sMac to ding on my blog (which is created and kept up on my trusty PC). And I agree, sMac users don't have these problems mainly because they don't have the software available to run useful programs. We take the good with the bad!!!

    (Yeah, that'sthe best I got. Lame, I know but I'm at my sister-in-law's computer, a PC laptop BTW, and don't ahve time to craft a super zingy response.)

  • At 11:54 AM, Anonymous Stephanie :) said…

    Oh no, I don't have a MAC. We used to have a MAC, and I want it back. My husband had to get all geeky and build his own PC, then he had to load it all up with everything Microsoft can get him to buy so he can play games, because as I'm sure you know, all the good games are put out for PC's first....it takes years to get them out for MAC.

    Oh, and no worries on your lack of a "zingy" response. I'm well aware of just how sharp your tongue can get :)

  • At 7:21 PM, Anonymous Ryan Waldorn said…

    What do you think about the new running rules at MCB Quantico

    c. The use of stereo/radio earphones or any other device that
    impairs normal hearing acuity when jogging, running or walking on
    road shoulders, roads, or in congested areas such as the Marine Corps
    Exchange Mall is prohibited at all times.

    that would be from
    MCBO 5560.2C, encl 7

  • At 7:22 PM, Anonymous Ryan Waldron said…

    i mispelled my own name

  • At 7:24 PM, Blogger Killjoy said…

    Ryan Waldoron, that was funny.

  • At 1:09 PM, Anonymous Ryan Waldron said…

    whats funyy that i am quoting some oddly specific paragraph from an order of a Marine Corps Base nowhere near me? or that i mispelled my name? Or just my persona?

  • At 1:55 PM, Anonymous Fish said…

    I think that ryan waldron should start his own blog. He's hilarious!!!

  • At 12:51 PM, Anonymous Stephanie :) said…

    Where are you? Did you fall off Mt. Rainier or have you fallen into your latte?
    All I can say is that must be one heck of a vacation for you to be avoiding your faithful readers for this long.

  • At 6:07 PM, Blogger Killjoy said…


    I thought it was funny that you mispelled your name and then caught yourself. I don't know why, maybe just because you were all serious and stuff at first then you spelled your name wrong. I really can't explain it, but it was funny. Do you have your own site?

  • At 7:40 PM, Blogger Viper said…


    May I point out the deep pleasure it gives me to see you argue the inherent virtues of a sMac but being forced to do so on a PC.

    Oh, the irony. Sweet, sweet irony.

  • At 7:42 PM, Blogger Viper said…


    Is that a NEW order? If so, and they enforce it, I'm screwed. I cannot run without music. I can't.

    But I'm an officer. I must follow all the rules. Set the example.


    (and for God's sake, get your name correctly! But kudos on admitting it publicly, even though that fact does not repel the inevitable comment: dumbass.)

  • At 7:45 PM, Blogger Viper said…


    Sorry, if you meant I was ignoring my posts, I explained that I was at my in-laws with a dial up and working with that was baseball-bat-to-the-screen worthy. And that would be muy uncool with the innys.

    If you meant that I was not paying respectful visits to local blog-readers, yeah, I jackassed that one completely. No excuse.

  • At 7:48 PM, Blogger Viper said…

    Killjoy---Ryan---- get a friggin' room (other than my comment site).

    Killjoy, he's a young college stud. Ryan, she's a pretty redhead. Enjoy.

    (Glad to see my comment section is being used as a flophouse in my absence. Jeez, people!)

  • At 8:21 PM, Blogger Christopher Trottier said…

    I don't even bother with Windows anymore. Too many insecurities.

  • At 1:45 PM, Blogger Ryan said…

    I do have a blog, hence the first time i posted a comment my name was a link. in fact now I have 2 blogs (well, more of a mirror blog.) and if you read my blog you know that. but i suppose that that makes little if any sense

    just go to http://doggone-friggin.blogspot.com

  • At 1:48 PM, Blogger Ryan said…

    the MCBO is updated recently. I suppose you could avoid running in those specified locations.

    -Ryan Waldron

  • At 6:19 PM, Blogger Killjoy said…

    Ryan Ryan Bo Byan, Fe Fi Fo Fyan, Me My Mo Myan, RYAN!

  • At 6:20 PM, Blogger Killjoy said…

    Oh man, I forgot the banana fana fo fyan!

  • At 7:17 PM, Blogger Viper said…

    That's it, it's official.

    Get the jacket for Killjoy. Time to go to the Drooling Academy.

  • At 9:59 PM, Blogger Ryan said…

    Sir, these seem almost like attempts to push her onto me

  • At 5:27 PM, Blogger Viper said…

    You had better hurry, she turns 30 tomorrow.


Post a Comment

<< Home