Quantcast

How NOT to upgrade your computer

HomeBrewTalk.com - Beer, Wine, Mead, & Cider Brewing Discussion Community.

Help Support Homebrew Talk:

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
Get infected by adware. While trying (and failing) to clean it off, discover the same vulnerability allowed a root kit onto your machine. Take apart the machine to swap in a spare hard drive so you can install onto a clean drive preserving all your data. In the process, think you fried the motherboard when it won't power up. Replace motherboard with a new one. Discover the problem is really the power supply, so replace the power supply.

THEN, enjoy having a shiny new virus free system running Linux. :rockin:
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
No I don't have any idea how I fried the power supply. But I did forget to turn off the power before plugging the machine back in. That could have done it.

I forgot to mention, homebrew helps a lot with a proper upgrade procedure.

Debian 5.0 is kicking *** so far. I had a helluva time configuring X so my mouse buttons were mapped correctly (scrolling emulation, middle button on a different finger etc) but Xorg is ALWAYS a PITA to configure correctly so I knew what I was getting into. Installed ntfs-3g and got my data off the old drive and onto ext3 yesterday.

Now I just need to setup Samba to serve all of my files over the network to a freshly installed Windows virtual machine. That way, the next time I get a virus I can just revert the VM to the post-install snapshot, run software upgrades, and I'll be good to go.
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
I thought this was going to start and end with:

"I went to Geek Squad..."

:D
Heh. That would certainly be a mistake.

I have been building my own PCs since 1991 (I was 14 then) and am an expert Windows and Linux user.

It really p***ed me off I couldn't get the adware off, but I didn't have a spare system to toss the drive into to edit the registry and delete the hidden .dll files from there so I decided just to torch it. Probably safer anyway after I discovered I had another rootkit, who knows what else I might have missed. The stupid thing (I had the Vundo trojan, if you are wondering) seems to have installed a kernel module which wouldn't allow me to delete the files even though I had disabled the loading of them in the registry and booted into safe mode so I knew they were not opened. Plus, every time I deleted the registry keys that loaded it they magically reappeared. That's some tricky stuff. The guys who wrote that crapware had too much time on their hands.
 

s3n8

Well-Known Member
Joined
Jan 26, 2008
Messages
1,170
Reaction score
8
Location
Haymarket VA
Most rootkits are very difficult to: A. find, B. remove, and C. know they are fully cleaned. Safe mode is even a misnomer these days. You did the right thing by starting over from scratch.
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
Most rootkits are very difficult to: A. find, B. remove, and C. know they are fully cleaned. Safe mode is even a misnomer these days. You did the right thing by starting over from scratch.
Yeah Safe Mode is only really useful for recovering from a software-install-gone-wrong. Vundo and a lot of other adware hook winlogon to re-generate themselves, and since you can't do anything even in Safe Mode without winlogon running first :), you are screwed...
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
I made a list so I would remember what I need to install.

Adobe Lightroom
BeerSmith
iTunes
Firefox
Quicken
TrueCrypt
TurboTax

OpenOffice.org runs in Linux, CutePDF is replaced by the Samba PDF printer, Nero is replaced by any number of tools that run on Linux.

I use TrueCrypt with a 4096-bit key to encrypt all my Quicken and TurboTax data which I keep on an external drive, and I don't keep any sensitive info unencrypted anywhere so I know none of my data should have been compromised. My only worry is that the rootkit I found when I was poking around may have had a key sniffer back door in it, in which case my online account passwords and credit card info may have been compromised. I'll be changing all of my passwords once I figure out how I am going to keep track of them securely... considering how many websites I use it's a lot more passwords than I could possibly remember!
 

no1likesme

Well-Known Member
Joined
Dec 10, 2008
Messages
503
Reaction score
1
Location
Shepherd, MI
I thought this was going to start and end with:

"I went to Geek Squad..."

:D
I used to work for the circuit city version, That place killed my soul. I had to charge like $40 to install ram. I don't know if Geek Squad is any different but I am glad "firedog" (stupid name) doesn't exist anymore.
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
Ouch. Those places amaze me. $40 to install RAM which takes all of 30 seconds, even for someone unskilled, whereas I can go to a lube shop and get an oil change on my car for $20 (including the oil and filter which costs me $12 when I do it myself so the labor is really only like $8).
 
OP
Saccharomyces

Saccharomyces

Be good to your yeast...
Lifetime Supporter
Joined
Jun 17, 2008
Messages
5,438
Reaction score
145
Location
Pflugerville, Texas
Researched the other rootkit I found on my system. It was just a spamming worm so it looks like I'm good.

This was my first virus infection ever so it gave me a good scare. (And no, I don't run antivirus software so don't ask what tools I use. I don't use any tools except the registry editor, task manager, and msconfig to periodically check for infections!)
 

billey100

Supporting Member
HBT Supporter
Joined
Dec 26, 2008
Messages
27
Reaction score
0
Location
Seneca Falls, NY
Sac if you get a copy of Win PE that is bootable you can go in and delete those files as long as you know what .dll's were changed. I have seen some nast spyware lately and that is about the only thing to get rid of it. I usually do a search for any .dll changed within the last week if the computer will boot long enough for me to get that far, then boot to PE and command line delete those suckers.

I am sure there are a hundred ways to do it but thats the easiest way I have found. Of course had you not had the issues with the PS it would have been just as fast to swap drives and move stuff over.
 
Top