Wednesday, April 27, 2011

Clever Malware!

So I get a malware/Infected PC ticket assigned to me that sounds like a pain. Actually, I shouldn't say that. I don't mind those tickets really, I like cleaning up PCs. What I hate is that it takes a while, and makes me fall behind on the rest of the tickets that I have to follow up on. Like today, I left like 4 or 5 tickets untouched that were assigned to me...which is bad. We're supposed to call every ticket back, touch everything in our queue. But today, that was just not possible, unless I wanted to work an extra hour or more.

Anyway, this is not even about that. I just ran into a virus/malware I had not seen before. This one, made the computer look empty when you removed it! lol A last cry of "I got you!" before being eliminated! This was a second level ticket, and the previous tech ran the scan, found the infected objects, and removed them. After the reboot everything was empty. So this tech assumed it was still infected and escalated(poor troubleshooting skills, I know). I call the client back, get on the PC, and expect a messy long call. To my surprise, the PC was running fast, I could remote to it without issues(even 5,000 miles away! Technology ftw!).


And then I see everything is indeed missing from her desktop. Even the C: drive was empty, but the computer was running well, so I knew it wasn't empty. I decided to show hidden files, and viola! They were all there, just hidden. Next step, un-hide them. So open up the root of C:\, highlight all files and folders, right click | Properties | Uncheck "Hidden" | Select apply to this and all subfolders and files, wait for the file attributes to be applied and bam!! Done!

Take that "Ran scan, removed malware, rebooted, It's still infected, escalating ticket"! haha Weak troubleshooting skills like that are likely to keep you at tech 1 for a while ;)

Jesus(me) saves!(This PC) from certain doom(or re-image, whatever happens to be cheaper lol)!
I just thought this was a more clever than usual piece of malware. Changing the attribute of ALL FILES AND FOLDERS upon removal...It was odd. You go to Start | Programs | Empty!
Your desktop = empty!
My Computer | C: | Empty!

I always wonder who has time to write these kinds of programs? I mean, I get the scam ones. "Your PC is infected! Give us your CC info and we will remove it!". I also wonder what the success rate for those is haha. But these, relatively harmless ones? Who does them? What is the point of hiding all the files on some stranger's computer? Why?
Posted by Chuy at 1:45 PM

5 comments:

  1. AngelicaApril 27, 2011 at 1:50 PM

    People just doing them for fun, just as a challenge...they are weird haha

    ReplyDelete
  2. SergioApril 27, 2011 at 2:00 PM

    Yup, I guess some guys need to prove to themselves how capable they are by screwing with other people's computers instead of doing something useful

    ReplyDelete
  3. chaconmariApril 27, 2011 at 5:45 PM

    Lol, what amazes me is that so many people get viruses...

    ReplyDelete
  4. Raymundo GtzApril 27, 2011 at 9:54 PM

    It's not that difficult mari, specially if you get messages like
    "We have verification the password for the World of Warcraft account associated with this email address. verification password, please click the following link and follow the instructions:"

    Btw, I didn't write this, it was in my junk folder :P

    You'd be surprised of how many get scammed with this kind of emails in WoW or how many have key-loggers. And this is only a game :(

    ReplyDelete
  5. Raymundo GtzApril 27, 2011 at 10:10 PM

    BTW, great post chuy, good to know that kind of things XD

    ReplyDelete

Subscribe to: Post Comments (Atom)