Spyware Horror Story: Extra painful XP recovery

Published by Aaron; Monroe, Mich.

Hooray for an event-filled Saturday afternoon with FailDows eXtraPainful edition (Windows XP)! I have been having a Trojan problem for the last week, but thought it was no big deal. Its name was something starting with "CC/." I forget the rest, but it didn't show up in either Symantec or McAfee's databases.

I updated my Avira AntiVir and started a full system scan. After about 40 minutes of scanning, it found one Trojan in three different parts of my hard drive. One was in the system restore files, one in my mother's documents, and one in the System32 folder. That should have been a warning of headaches soon to come. I quarantined them and told Avira to remove them on the next boot. Well, the computer rebooted on its own for some reason while I was off playing Oblivion on my new Xbox 360. It had the Blue Screen of Death, so I turned off the computer and restarted it. Well ho ho ho, merry late Christmas, the stupid virus removed my entire System32 folder. It was stripped bare. I have never heard of a virus doing that before.

I geared up for some pain. I grabbed an Ubuntu Fiesty Fawn disc and a bottle of rapid release Tylenol and got ready to back up some memories. I popped it in and ran in "live" mode. My files were perfectly OK: music, movies, photos. But when I poked around in my mom's documents, Ubuntu gave me an error. All of her data was corrupted. *Smack forehead.*

I told her about the corrupted data, and only then did she tell me about this e-mail she got from my half sister's step-grandmother. It was an e-mail about this bad virus going around that destroyed peoples hard drives. At this point I was ready to strangle my mother. Isn't it Rule No. 1 on the Internet to always avoid e-mails warning you of a virus alert? You never open it!

I ended up stumbling across a Microsoft article on using XP's installation CD to hop into recovery mode and replace the System32 files. I sighed a bit and thought, "OK, nerd, do your stuff." I drove to the opposite side of town and back to borrow said disc and then punched away. But wait; when I typed out "expand D:\i386\ntoskrnl.ex_ c:\windows\system32" in recovery mode while using the XP disc, I received an error message. It said, "Access Denied." I screamed and bashed the keyboard in.

Four hours for nothing! I ended up getting mad at the stupid machine and slapped it back to manufacturer settings. Then I had to tell my computer-ignorant mother that she lost everything. In return, I got the blame for not backing up her files.

Editor's response

There's an undercurrent to Aaron's Spyware Horror Story that's echoed in many others I read (misery loves company; so keep 'em coming), and it disturbs me. It should disturb you, too. You see, Aaron knew about the Trojan for a week, but decided to let it run its code, uninterrupted, for seven days. He didn't know if this was a low-level nuisance or a full-blown threat because he couldn't find a record online. It could have been logging his keystrokes or using his system resources to spam his friends. "No big deal," right?

Yet it became a big enough deal to get Aaron spitting mad and railing at his mom, Microsoft, and "the stupid machine." Aaron. A little introspection, please.

Helping family and friends rid themselves of malware is certainly a Samaritan service, and one that often comes with considerable frustration accompanied by colorful swearing, the vigorous tearing out of hair, and occasional high-pitched squeals. Imparting tips for safe computer behavior is another invaluably good deed that's also in your best interests, especially if you're on speed dial when things go wrong. By all means, get angry with those who make malware a profitable business, and by all means, share tips to avoid falling into e-mail scams. But if you've got no problem letting malware ferment because you can't see its results, it's time to pay a visit to the glossary for an A-to-Z refresher on what malware can do to your computer without your permission or knowledge.

Zombie computer? Definitely a big deal.