Mystery malware

11 February 2008 - 20:27

It's probably just a coincidence that my last posting was about malware, but today I got hit by something suspicious. I don't really know what happened. I downloaded a trial version of a program I was going to review, from a reputable download source. When I clicked on the installer to run it, Comodo BOClean popped up to say it had detected a Trojan Horse, and stopped the program from running.

BOClean is a free and well regarded anti-malware, though like any such programs it can suffer from false alarms. I uploaded the file for scanning at VirusTotal and none of its scanners found anything wrong. Nevertheless, BOClean was not going to let me run it, so I submitted the sample to Comodo, deleted it, and downloaded the program from another source.

A bit later on I started editing some web pages using the brilliant PSPad editor, and found that the built-in previewer was coming up "Address not available" on some pages, not others. After scratching my head for half an hour, I submitted a plea for help on PSPad's forum, before discovering that Internet Explorer 7 was coming up "Address not available" when I tried to access anything on the web! Was my face red! Obviously PSPad uses IE7 to display web page previews. IE6 and Firefox (which I normally use) were both fine, though.

At this point, I decided that IE7 must have just got its knickers in a twist, so I restarted the computer. Something was clearly wrong, as it took several minutes for the desktop to load, and when it did, there was no network connectivity whatever. I decided System Restore was my best hope of a solution. Unfortunately, the last restore point was three weeks ago. Fortunately, I had Windows Vista on another partition (that's something I don't often say!) so I booted into that, backed up that morning's work, then restarted XP and did a restore. This brought everything back to normal, but I then had to spend an hour or so restoring from the backup all the things that had changed in the last three weeks. What a bind!

So what went wrong? Had BOClean really found a Trojan, but failed to stop it doing its nefarious work? Or had BOClean itself screwed up my network connectivity? I'll probably never know. But it does re-emphasize just how vulnerable Windows is. According to anti-virus vendor Sophos, thousands of websites are being infected with malware every day, which then infects everyone that visits that site. So who knows where I got whatever it is that mucked up my computer. You just can't trust anything these days.

Used tags: , , , , , , ,

« More malware than eve… | Home | Going PHP »

no comments

Trackback link:

Please enable javascript to generate a trackback url

Leave a comment
  
Remember personal info?

Emoticons / Textile
  (Register your username / Log in)

Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.

Archives

September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008

Topics

Business
Computers
Internet
News
Other stuff
Soapbox
Software
Tips and tricks
Web development
Windows