Tool Shed 4

Spent something close to 10 hours on a single computer this past week.
The issue at hand was a collection of Trojans and related malware. In the mess, I was unable to salvage anything from the file system. Even booting from a LiveCD did not offer much access to the files the client lost. We couldn’t even access the factory recovery partition. None of the standard Win7 tools were sufficient to recover things. So what we had was a major corruption of the file system itself, because everything reports that the harddrive was just peachy itself.
It all broke down when I had to use Windows Defender Offline. For once Vipre Rescue didn’t do it for me. The problem came when Defender removed Alureon.J and the file system finally tanked.
In the process I discovered someone had in the past installed a VNC application so he could fix the computer remotely, but he passed away and the thing was still there. Inevitably, those things prevent updates. I don’t doubt the guy was careful enough to secure the connection properly, but they always seem to prevent a system updating. Once it was uninstalled, the sucker tried to suddenly update everything.
It seemed the infection vector was a Linksys E900 wifi router one of the client’s family members installed. This relative didn’t live there, just wanted it for his convenience when he visited. He used the “Wifi Protected Setup” protocol, which is about as secure as stripping naked in a bad neighborhood in broad daylight. The client’s computer was “protected” by McAfee. Win7 even told her to remove the wifi router, but she thought it was just complaining about nothing.
The system stopped booting, so I first ran the Bootup Repair routine and got back in far enough to begin cleaning up. We got one tool to remove one pair of nasties, but we never could get her preferred Trend Micro Titanium to install because Alureon blocked it. So I tried Microsoft Security Essentials and it installed, and then recommended it’s Offline cleanup tool. But removing Alureon took a bite out of the file system and it simply could not recover with the tools available to me.
So we “nuked it from orbit” by reinstalling from scratch with a DVD I had. The client lost all their files.
Lessons learned: McAfee isn’t any good. VNC might be a good way for secure remote assistance, but if you aren’t careful, it can block updates. Malware can come through a badly configured router. One of the system error messages I got indicated the router was acting as a file system and fed into the damage. I didn’t pursue fixing the router, just removed it. Always keep your own copies of the OS installer you deal with, because a corrupt file system can ruin the factory provided recovery partition.
Teach folks how to use Windows Backup and a good external drive; they should come bundled with a new computer. Unfortunately, most of the backup software on external disks really suck. They are highly annoying and want to dominate what little time you have for using a computer. You need to be able to unplug it so viruses don’t infest your backups, too, and most of them whine if they aren’t plugged in 24/7. But Windows’ own backup tools are a bit hard to learn for average users, so most folks don’t mess with it.
Nobody has to tell me I could have done better, but I can’t afford some of the nifty tools other folks use. I work for donations, which sometimes means for free. I’m not a serious technician, just someone down the road ahead of most folks. Still, I put more effort into it than almost every computer shop I’ve seen. Windows 7 has some very good tools built in and I rather like working on it, but some things can’t be fixed that easily. I still think Linux works better, but this is a very bad time to learn it because no sane people are involved in interface development. XFCE is the most sane, and it’s still too radical and too limited to easily replace Windows in most people’s minds. I use it, but I don’t recommend it to your average home user. Taming the other graphical interfaces is simply way too much work because the defaults are user-hostile.
Meanwhile, I keep praying ReactOS gets good enough for general use, because common computer users are used to that, and it’s time they got a break.