Evil Windows

I spent a good portion of the day repairing a windows computer that had gotten a nasty virus.  AVG and Spybot are not catching the latest java obfuscation viruses.  This is the second time I’ve had to fix the same computer that was infected with the same worm within two months.  The symptoms are as follows….

AVG will alert on some files and remove the offending files warning about java obfuscation, but the files it removes are just the symptoms of a deeper infection which it can not detect.  Almost immediately windows begins to crash at random intervals with a blue-screen of death, but it’s still possible to boot and to use the computer until it crashes.  No matter how any anti-virus is run the virus can not be removed.  I used Spybot, AVG, and Malwarebytes Anti-Malware last time and they were all installed, updated, and running the infections occurred.  Whether those tools were used in safe mode or not there was no way to remove the virus entirely or even properly identify or even detect it.  Normally AVG is a great anti-virus, but it’s just not doing it’s job anymore.  The only solution to this virus seems to be a reinstall of windows.

In my case the reinstall was aided by having an Ubuntu Live linux CD available which gave me internet access so that I could download driver files for the motherboard’s chipset and the video card that I needed.  Because Linux can access the windows partition I simply downloaded the files using mozilla’s firefox and then made a folder on the windows partition into which I copied the files.  I exited Linux and inserted the windows vista cd and booted from that to reinstall.

One of the nicer features of Windows Vista that I don’t think was available in Windows XP is that during a reinstall it moves the copy of windows that was installed in the c:\windows directory into a new directory called c:\windows.old before installing a clean copy into the c:\windows directory so that after the reinstall is complete all of your old personal files can still be found in c:\windows.old so that you can move them back into the fresh copy of windows as needed.  Once you are satisfied that you no longer need the old copy of windows you can delete the c:\windows.old directory all together.

After I reinstalled and the new copy of windows booted for the first time I ran the *.exe files that I downloaded to install the necessary drivers to get the network card and video card working properly.

The computer now works again without any signs of virii.  Now I must use windows update (which is so slow that snails pity Bill Gates) and then reinstall AVG and Spybot, update both, apply immunization from spybot and run the full scan from AVG.  Then I can move the document files from c:\windows.old into c:\windows.

Once that’s all done the computer will only need programs reinstalled to be up and running again, but already steam games are running on it just fine.  Can I even express how much I hate windows?  No, I can not.

By the way, after you reinstall windows Steam will want to verify your computer as being the one you normally use by sending a code to the email you setup the account with.  This is a problem because a lot of servers treat it as spam including AOL and the code has to be resent after you add a certain email address listed on steam’s support website to your address book.

While that in itself can be a hassle it can turn into a real nightmare fast because if you do not complete the process the first time it won’t send another email properly.  The piece of garbage DRM program at fault is called “SteamGuard” and it is a crime against humanity.  There is a certain way that you have to do things to get it to resend the email which includes rebooting WITHOUT trying to enter your password again.  I may detail that process in another post someday, but let me just say that last time I fixed the computer in question I had far more trouble.  This time I knew what I was doing and it went well.

SteamGuard can be disabled once access to the steam has been achieved, but it’s purpose is to prevent other people from hijacking your steam account so if they could reprogram it to resend the emails as many times as needed without rebooting I would be more accepting of it.  It would also be useful to allow steamguard to be setup to send confirming codes to two different email addresses that could be setup in the support portion of the steam website in case one email address becomes inaccessible or does not work, either because the email is being blocked as spam or because the email server is down.

Another thing about steam that causes confusion is the the screen-name and password that is used to access steam is different that the ones used to access the support site.  The idea, I believe, is that if someone hijacks your steam account you can still contact tech and billing support.  However the proper way to solve the problem is to have a real confirmation process for the tech support to re-enable accounts or to reset password.  Such as confirmation process could be confirming the information on a credit card that was used to purchase a game and/or using the last four digits of a social security number and/or having tech support call the phone number used to set up the account and/or having tech support email any number of emails associated with the account.  Two of any of those options used in combination would provide as much security as most banks offer without the technical problems with the current process based entirely on software.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply