Home > Archive >  2009 >  March >  29

Spyware Protect 2009 strikes again

Sunday, March 29, 2009 by Dave Winer.

Earlier this month my netbook was infected.  Permalink to this paragraph

Yesterday, after checking into my Salt Lake City hotel, I wanted to see if their wired Internet was faster than my Sprint EVDO. So I did a Google search for "speed test" and clicked on the first three tests, Speakeasy, Speedtest and CNET. I wasn't expected to get infected, wasn't even thinking about it, so of course I didn't take notes. But a couple of them came up with empty frames after running their tests. I assumed this was because I had Java turned off. I decided the tests weren't worth the trouble so I just used the EVDO. After a bit of putzing around I went out to dinner. Permalink to this paragraph

When I came back, there was a familiar malware dialog on the display, warning that my machine had been infected and wanting me to install some software to fix it. Yeah yeah. This time I didn't click any buttons, I just let it keep warning me.  Permalink to this paragraph

I had Avast installed, but a week or so ago I had turned it off, it was too annoying. At that moment of course I wished I hadn't. I ran its scanner, it found the virus, said I had to reboot, which I did, and when it started back up it did a scan of the hard disk, but found nothing further. Then the malware started acting up again. I ran the Avast scan again, and it found it, recommended I reboot, this time I didn't.  Permalink to this paragraph

I did a Google search for "spyware protect 2009" found a Yahoo Answers page that suggested doing what I had started doing, plus running one more program, Superantispyware, which I downloaded, but chose not to run. I remembered from last time that this rootkit virus patches the hosts file, and I didn't trust anything I had downloaded after the infection. (Later I found that it had patched the hosts file, but not for this domain, so the download was likely safe, I trashed it anyway and redownloaded.) Permalink to this paragraph

I then ran Malwarebytes, it found the virus, asked me to reboot so it could remove it, I did, and this time, no more dialogs. Even so, when I did another scan of Avast, it found the rootkit, and at this point I was beginning to think there was no getting rid of the mess, but it did get rid of it. Another scan by Malwarebytes found nothing, and then Avast found nothing. I ran Superantispyware and it found nothing. So at this point, I'm convinced my machine is clean again, and I have Avast turned on. Permalink to this paragraph

Lessons learned: Permalink to this paragraph

1. Java is not the root of this problem. Permalink to this paragraph

2. Both times my machine got infected I was using a speed test site to evaluate the performance of someone else's network. My guess is that it isn't the speed test site, because Google has a pretty strict policy about malware sites, and it seems pretty unlikely they'd point to an infected site on the first page of hits on something so common and important as a network speed test. Permalink to this paragraph

3. Using Firefox is no longer a protection against malware, if it ever was. It's now popular enough that the nasty people target it, in addition to MSIE.  Permalink to this paragraph

4. While I was fighting this I was thinking this is the last time I travel with Windows. But now that things are working again, I don't feel that urgency. Human nature at work! ;-> Permalink to this paragraph


Recent stories:

A picture named dave.jpgDave Winer, 53, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.

"The protoblogger." - NY Times.

"The father of modern-day content distribution." - PC World.

One of BusinessWeek's 25 Most Influential People on the Web.

"Helped popularize blogging, podcasting and RSS." - Time.

"The father of blogging and RSS." - BBC.

"RSS was born in 1997 out of the confluence of Dave Winer's 'Really Simple Syndication' technology, used to push out blog updates, and Netscape's 'Rich Site Summary', which allowed users to create custom Netscape home pages with regularly updated data flows." - Tim O'Reilly.


Dave Winer Mailto icon

My most recent trivia on Twitter.

© Copyright 1994-2009 Dave Winer Mailto icon.

Last update: 3/29/2009; 8:03:05 PM Pacific. "It's even worse than it appears."

Click here to view blogs commenting on  RSS 2.0 feed.