Your leaking thatched hut during the restoration of a pre-Enlightenment state.

 

Hello, my name is Judas Gutenberg and this is my blaag (pronounced as you would the vomit noise "hyroop-bleuach").



links

decay & ruin
Biosphere II
Chernobyl
dead malls
Detroit
Irving housing

got that wrong
Paleofuture.com

appropriate tech
Arduino μcontrollers
Backwoods Home
Fractal antenna

fun social media stuff


Like asecular.com
(nobody does!)

Like my brownhouse:
   infected by a web page
Thursday, April 30 2009

I was infected by a trojan tonight as I was surfing the web in Firefox 3.0.8. I don't know what the site was, but I'd been surfing for content about Intel Core 2 Duos, and suddenly my computer slowed way down and threw up a big web browser window that looked like a virus scanner. As it "scanned," this "scanner" claimed to find all kinds of trouble. The trouble, of course, had come from the same people who had written this scanner. It was as if a burglar had kicked in my window and then brought in McGruff the Crime Fighting Dog to perform a little skit about the scourge of crime, followed by a sales pitch for an overpriced and ineffective form of household burglary insurance. This was the first time I'd ever been infected entirely by a web page, and using Firefox!
I immediately closed all the nefarious windows and then went into C:\windows\system32 and sorted the contents by date to see what was new. The new files had names like faveraka.dll, hugosiho.dll, pikikoka.dll, mefukere.exe, tahemena.dll, and yekikewa.dll, suggesting a possible Polynesian origin for the infection. Deleting thse files did no good, as hidden processes in the system replaced them immediately. The solution was to make functionless files with those same names and drag them into C:\windows\system32. Whatever evil programs had made it into the computer saw files with the correct names in the correct places, assumed its infection intact, and let them be. But when I rebooted the computer, these files could do nothing to perpetuate the infection and so my computer returned to health (complaining a few times along the way about how the dummy files I'd substituted couldn't be launched).
I should mention that I no longer run any kind of background-lurking antivirus software. I'd been running AVG (which is free) but, much like Symantec Antivirus, over the years it has grown to be a resource hog, and I can't tolerate having my computer slowed down 30% just because of the existence of evil in the world, particularly the kind of evil that can be avoided by anyone with the sense not to accept the gift of a "free iPod" or a piece of software to check to see if your drivers are in order. Or so I'd thought. Evidently there is an open exploit in Firefox 3.0.8, and someone had used it to set up a nasty little operation in my computer. The scary thing is this: had they been smart and not immediately bombarded me with crap and dramatically slowed down my computer, I might never have noticed. They could have installed a keylogger and god knows what and I'd have been none the wiser. This is the reason I reflexively run HijackThis at the first sign of strange behavior.


For linking purposes this article's URL is:
http://asecular.com/blog.php?090430

feedback
previous | next