Tone Parsons

It’s a dirty damn box

My laptop has been less than pleased with the world since my trip to Boston.

While connected to the hotel’s network, it appears that it became infested with all manner of evil. I was having issues with popups, something trying to modify my registry, etc.

After installing and running 4 different spyware programs (Spybot, Ad-Aware, Defender, and Ewido) as well as my anti-virus, it became very clear that things were bad in laptop land.

Ewido found a couple of issues

After doing all of this, I thought I had it… I thought it was clean and I was good to go. I thought wrong.

Whatever was having it’s way with my laptop was hidden well. It appears that they used the Sony DRM rootkit to hide the source and I was only picking off the files that were infected (thanks a lot, Sony….. you fuckers!). I would clean it, it would stay that way for a couple of days, then all hell would break lose again.

Yesterday, I decided I’d had enough of it, backed up my documents, and re-imaged the laptop back to the way it was when our IT department assigned it to me. I was able to save everything with the exception of my archive .pst for 2006 (there goes all the email I’ve recieved for this year!). It could have been much, much worse.

The 3 main things I found while scanning the drives were:
Backdoor.Sensive.51 (who ever wrote this needs a kick in the gonads)
Downloader.Zlob.ja (aka: SpyAxe… those bastards!)
Dialer.Rpcnet.b (which doesn’t show up on google at all)

Things appear to be good now. I spent most of yesterday and last night re-installing my applications and getting it back to where it needs to be so I can do my job. Hopefully, I didn’t forget to back up anything too critical.


3 Comments so far

  1. Eve March 29th, 2006 9:24 pm

    Well that’s what you get for practicing unsafe information exchange. Always use protection!

    A dirty box is not a box one wants to play with.


  2. pigman March 30th, 2006 8:05 am

    Hey Tone .. sorry to hear about your LT getting raped. I am still home sick but I wanted you to know I called my ISP and they said they could get to your web site, so I did the classic, unplug the DSL modem, wait 5 secs, and relight.

    Works fine… wonder what is in these little Actiontech boxes that make em so unreliable?????

  3. Tone Parsons March 30th, 2006 9:41 am

    Eve… are talking about computers?

    If not… you have my undivided attention šŸ™‚

    And pigman… yeah, Actiontech routers aren’t exactly known for their reliability. I have to power cycle mine from time to time as well (it acts like it’s trained to the ISP, but it’s really in a funky state). I miss my old Cisco 675.