Archive >  2009 >  March >  29 Previous / Next

Scripting News, the weblog started in 1997 that bootstrapped the blogging revolution.

Jay and Dave ride again! Permanent link to this item in the archive.

Four weeks in a row, the clicking and clacking blogging brothers talk about the reboot of journalism, the news of the week, and a new $1.75 million fund for investigative journalism that Jay is advising.

Hope you enjoy! ;->

Spyware Protect 2009 strikes again Permanent link to this item in the archive.

Earlier this month my netbook was infected.

Yesterday, after checking into my Salt Lake City hotel, I wanted to see if their wired Internet was faster than my Sprint EVDO. So I did a Google search for "speed test" and clicked on the first three tests, Speakeasy, Speedtest and CNET. I wasn't expected to get infected, wasn't even thinking about it, so of course I didn't take notes. But a couple of them came up with empty frames after running their tests. I assumed this was because I had Java turned off. I decided the tests weren't worth the trouble so I just used the EVDO. After a bit of putzing around I went out to dinner.

When I came back, there was a familiar malware dialog on the display, warning that my machine had been infected and wanting me to install some software to fix it. Yeah yeah. This time I didn't click any buttons, I just let it keep warning me.

I had Avast installed, but a week or so ago I had turned it off, it was too annoying. At that moment of course I wished I hadn't. I ran its scanner, it found the virus, said I had to reboot, which I did, and when it started back up it did a scan of the hard disk, but found nothing further. Then the malware started acting up again. I ran the Avast scan again, and it found it, recommended I reboot, this time I didn't.

I did a Google search for "spyware protect 2009" found a Yahoo Answers page that suggested doing what I had started doing, plus running one more program, Superantispyware, which I downloaded, but chose not to run. I remembered from last time that this rootkit virus patches the hosts file, and I didn't trust anything I had downloaded after the infection. (Later I found that it had patched the hosts file, but not for this domain, so the download was likely safe, I trashed it anyway and redownloaded.)

I then ran Malwarebytes, it found the virus, asked me to reboot so it could remove it, I did, and this time, no more dialogs. Even so, when I did another scan of Avast, it found the rootkit, and at this point I was beginning to think there was no getting rid of the mess, but it did get rid of it. Another scan by Malwarebytes found nothing, and then Avast found nothing. I ran Superantispyware and it found nothing. So at this point, I'm convinced my machine is clean again, and I have Avast turned on.

Lessons learned:

1. Java is not the root of this problem.

2. Both times my machine got infected I was using a speed test site to evaluate the performance of someone else's network. My guess is that it isn't the speed test site, because Google has a pretty strict policy about malware sites, and it seems pretty unlikely they'd point to an infected site on the first page of hits on something so common and important as a network speed test.

3. Using Firefox is no longer a protection against malware, if it ever was. It's now popular enough that the nasty people target it, in addition to MSIE.

4. While I was fighting this I was thinking this is the last time I travel with Windows. But now that things are working again, I don't feel that urgency. Human nature at work! ;->


Last update: Sunday, March 29, 2009 at 8:02 PM Pacific.

A picture named dave.jpgDave Winer, 53, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.

"The protoblogger." - NY Times.

"The father of modern-day content distribution." - PC World.

One of BusinessWeek's 25 Most Influential People on the Web.

"Helped popularize blogging, podcasting and RSS." - Time.

"The father of blogging and RSS." - BBC.

"RSS was born in 1997 out of the confluence of Dave Winer's 'Really Simple Syndication' technology, used to push out blog updates, and Netscape's 'Rich Site Summary', which allowed users to create custom Netscape home pages with regularly updated data flows." - Tim O'Reilly.

Dave Winer Mailto icon

My most recent trivia on Twitter.

My Wish List

On This Day In: 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998.

March 2009
Feb   Apr

Click here to see a list of recently updated OPML weblogs.

Click here to read blogs commenting on today's Scripting News.

Morning Coffee Notes, an occasional podcast by Scripting News Editor, Dave Winer.

Click here to see an XML representation of the content of this weblog.

Click here to view the OPML version of Scripting News.

© Copyright 1997-2009 Dave Winer.

Previous / Next