Thursday, August 03, 2006

How I survived a spyware attack, and lived to talk about it.

The Shame, oh the Shame. As an uber k3wl l337 hacker boi, what market analysts would classify as "Power User"; admitting that I'd been hit by spyware is not only embarassing, its a stinging slap on my face, a pockmark on my family's lineage, the rape of my tribesmen and the desecration of my gods... or something..

I fix PCs. I build PCs. I build PCs for friends and relatives. I give them tips on using P2P software. I am a walking distro. My friends are distros. I have (120 + 120 + 250 + 80 gigs of storage.) Needless to say, I think my e-penis is huge. So when I saw this,













it was like having a rash on it.

Oh by the way. That isn't an antivirus product I am using. That is the fuckin spyware in the first place.

I got it when I went to a cracks site for an app that I REALLLY needed. I normally don't trust these sites, but my boss told me it was legit, so I beleived him. And then I got propah fucked. The trojan infected the fuck out of my notebook and slowed it down to extreme frustration mode, where every action, click, or keystroke would take a few seconds. In the background, the trojan was making busy babies, buring itself in the registry, and 'colonising' my machine.

Now I had two choices:



Or
Fight the good fight, and use all the antispyware/antimalware I could to unfuck it.

I tried:
Spybot
Windwows Defender
NOD32

None of them worked. This trojan was very kvlt.

I managed to kill some of the operations using Spybot in Safe mode which provided me temporary respite, but it still mocked me, with messages like this.








How fucked is that! You sell antispyware by making spyware that fucks up the PC, and then you link the user to your site promising him a fix when he clicks the bubble. Nice pyramid scheme there, fuckass.

Think about it. A guy actually spent a lot of time working on this, rewriting the trojan, plugging it on a site, just so he could sell his shitty antispyware.

After googling the poorly written copy in the bubble, I found out what it was:

I used Security Task Manager to kill these processes.

%system%\ixt0.dll
isnotify.exe
issearch.exe
ixt0.dll
ismon.exe

And Hijackthis in Safe mode to banish them from my PC.

But that was just temporary. it came back again!

But there are a few people fighting the good fight. God bless em. It took me some time to brute force it outta my system. My PC was finally unfucked after 3 days of firefighting.

And now I am sorted.

2 comments:

scrizer said...

noob

Hum do Harami do said...

Ah yes. Even men of a considerably less formidable reputation break down and weep like little girls on occasions like this. My friend Suresh's HD got spectacularly fucked a while back — to the point where he claims he heard tiny explosions and had smoke steaming out of his cabinet. He lost around a 100 GB worth of hard to find films, and mods.