DJSkyler.com

Yeah, my Windows XP Service Pack 2 system was hobbled by some sort of virus this week. After I came home from work on Tuesday night, I started the computer and everything seemed to boot up just fine. But when I moused into “All Programs” and clicked on Yahoo Messenger to start, all I got was a momentary hourglass icon and then nothing. I clicked again and got the same result. Then I tried to start up Firefox…..hourglass icon by the mouse arrow but no Firefox. Shortly after, clicking on any button had no response, the system seemed frozen.

I knew this was bad news, but not the worst. A total disaster would be a blue screen of death or no startup at all. At least the system was starting up.

How could I have gotten a virus? I really haven’t been downloading much from the newsgroups lately. But I have been chatting with someone in the Philippines over Yahoo Messenger. They have many problems with their computer and seem to have little knowledge (or interest) in virus protection. Could they have sent me an infected .jpeg over YM? I can only guess.

I rebooted, and discovered I could get results by requesting programs within the first 60-90 seconds of startup. After that the system would freeze up again. So I got into the Windows Task Manager and could see that after starting, the memory usage was climbing to a continous 100%, a memory flood. My system has a gig of memory, but 100% usage of it results in no available memory to start up any other programs. The guilty file was one of the variants of svchost.exe. This file is an important component of the XP operating system, and it often appears multiple times in the Processes list. When I ended that one process of svchost.exe, the system seemed to run normally again. But I knew this solution could only be temporary and it might get worse if I didn’t deal with it.

I searched on svchost.exe in Google, and found ask-leo.com. My symptons were apparently a known condition and probably meant I had a virus. The site offered a great checklist of tasks to help deal with the problem.

The first was to get a Windows Update from Microsoft, but unfortunately my system couldn’t complete that task for some reason. So I went to the next task, which was a complete virus scan. I figured it was best to go into safe mode to do this, as for all I knew this virus was eating up my data or converting my computer into some sort of zombie. Then I couldn’t figure out how to boot in safe mode, there’s no easy button for it. I had to research to find that you open “Run” and command “msconfig” to open the “System Configuration Utility.”

After that it was a lot of waiting, as my Avast Antivirus program took hours and hours to virus-check the 150 gigs of data currently residing on my hard drives. I had to sleep, so this took me into the next day. The results of the scan was unsatisfactory, it found some low-priority spyware, corrupted files or unexecuted worms still zipped up from newsgroup downloads, but nothing that seemed serious. I deleted what was found, but a reboot into standard mode confirmed I still had a problem.

A round of Spybot - Search and Destroy revealed that an exception had been created to my Firewall settings, so I suspect the virus was readying my system to download something else.

Another website suggested that many viruses disguise themselves as svchost.exe, running from an improper folder. But a system search for that file name only showed three versions of svchost.exe on my computer, all over a year old. A new virus file would of course only be days old.

A check of my firewall settings showed the Windows Security Center was completely shut down on my system. Evidently, the bad variant of svchost.exe that I was stopping in the Windows Task Manager was responsible for the Security Center.

So then I tried Trendmicro’s free online virus scan. This again took a couple of hours, but it did find different problems as opposed to Avast’s scan. When I clicked the button to remove the problems, my Firefox browser crashed. So I had to do the scan all over from the beginning with Internet Explorer. Hours later, when that task completed, I found that it detected many more viruses or spyware programs than it had in Firefox. I clicked the button to remove the problems, and it seemed to hang. But I was patient and let the computer sit for a few hours. The browser eventually refreshed to report that all detected problems had been removed.

By this time I am into Thursday. A boot-up in standard mode showed that…I still had the same problem. But now I am able to achieve a Microsoft Windows scan for Updates. One of updates offered is the “Windows Malicious Software Removal Tool - September 2006 (KB890830).”

I chose and downloaded all the available updates and restarted my system once more. It was fixed! No more hang, no more memory flood from svchost.exe.

The Software Removal Tool is made to deal with the Blaster, Sasser and MyDoom, but they do not cause the symptons I had, nor did I get a startup notification one is supposed to see if you were indeed infected with those. So I can only assume it was another of the Windows updates that solved my problem.

You can imagine I am very much relieved that this seems to be over. The only consequence to my system from this episode seems to be that my Adobe Photoshop CS “de-activated” itself due to “too many changes in my configuration.” This type of assessment would normally make me nervous, but I know that Adobe’s current registration system is overly severe. So while I fix that I guess I’ll upgrade to CS2.

It sucked to lose a couple of days on my computer, but at the same time it is very satisfying to know that I had enough rudimentary knowledge to get myself out of this without causing further damage or having to hand my system over to somebody else.