Today I ran into two very troublesome situations. One was a failing hard drive on a long-time client’s laptop, chock full of important information, but luckily the failure was gradual enough to cause serious speed issues and force them to call me before the whole thing could become a toaster. The other was a far more difficult scenario: another returning client who uses the computer to run his business had somehow managed to pick up the worst class of computer virus I can think of: an executable-infecting virus.
You see, what these horribly nasty viruses do to your computer renders them essentially incapable of being repaired and returning to “like it never happened” functionality. In case you don’t know, an “executable” is a term for the actual file that your icons run to start the program of your choice. Essentially, they are the program. A virus that infects executables will insert the virus code into the actual program file that you run to start software…including Windows itself. I’ve only seen two infections before today that involved this class of virus, and the first one completely latched into everything, forcing a total wipe and reinstall. The second one was not quite as “zealous” and didn’t infect things as readily, so I was able to recover that system from pending doom. Today, however, is the second time I have encountered this type of infection to a point that I was incapable of repairing it. My clients can tell you that I don’t play around on the computer: I know what I’m doing and I boast extremely high success rates where other “technicians” fail miserably. I’d estimate that out of a random sample of 50 jobs, I have to do some sort of Windows reinstall on only about 1-2 of them.
Despite having six years of all-day-every-day experience tirelessly working to find every imaginable way to repair every computer problem under the sun without “major surgery” like reinstalling Windows, today I had to give in to the reinstallation machine that I so dreadfully despise, but I don’t regret doing so.
You must come to understand that even Windows itself is composed of hundreds of executable files. They are often hidden behind the scenes and carry names such as “winlogon.exe” and “svchost.exe” and “ctfmon.exe” and “userinit.exe” and “logonui.exe,” and none of these should really ring a bell in your mind because you’re not supposed to know that they’re floating back there. However, every single one of these files can be infected with a virus like this one.
Let’s put it this way: when you boot your computer, Windows loads a bunch of drivers, this thing called the HAL, and the NT kernel. Basically, a bunch of really critical core stuff that makes everything else in the machine tick. Once the pretty blue background pops up, however, those executables start firing off one by one. svchost.exe starts in the background numerous times so that your sound card, automatic updates, Internet connectivity, and other system services can start working. When you log in, logonui.exe runs, and then userinit.exe kicks in as well. The ever-popular explorer.exe loads and shows you your icons and Start menu. Any software you have installed may have startup items, such as the Adobe Reader Speed Launcher (reader_sl.exe) or the various America Online core services.
To bring all that irrelevant-sounding blah-blah-blah into perspective, nearly every single thing that runs in the list above gets infected with this kind of virus almost immediately once your machine is compromised. That means that Windows becomes a living virus. The system is infected everywhere. You can’t even boot halfway without running the virus itself, which then reinfects anything you may have cleaned. Got Adobe Creative Suite? They’re probably all toast–infected with the virus. Hearts? Infected. Solitaire? Infected. Norton 360? Infected.
I hope that this admittedly lengthy explanation brings you to appreciate the skills of a good computer technician (as well as the skills of the virus authors, who we’d all probably love to strangle one day), and the true importance of practicing good security habits when using your computer. When I originally wrote the spyware and viruses page on the company website, my intent was to help you jump-start your computer security knowledge (and break some of the misinformation that exists today), and I hope you’ll read it now if you haven’t done so already.
I need to add this detail to said page, but I will dispense it here so that it will be clear: once your computer is compromised, you have NO SECURITY AT ALL!!! Modern viruses use rootkit-like technologies to hide themselves from virus scanners and bypass security measures such as software firewalls. If you are compromised, security software is essentially rendered useless. Prevention should be your goal, not mitigation after compromise. Don’t click on anything or say “yes” to anything unless you are 120% certain that it is legitimate. Get Mozilla Firefox to avoid the plethora of security holes in Internet Explorer. Take the time to find out what can get you in deep doo-doo when browsing the Internet (“free porn” searches are the biggest culprit, though many wouldn’t admit it–see that “.exe” at the end of the file name?! It’s amazing how easy it is to infect a computer when the user is desperately looking for free porn and will download and run anything to get it.) Most importantly, if your computer seems to be slower than usual, or pausing more frequently than is normal in your daily experience, do not hesitate to call a verifiably experienced computer technician to diagnose the problem. If your water heater sprung a tiny water leak, would you hesitate to call a plumber, or would you try to patch it up until the pressure caused the leaking part to explode?
I can’t even begin to explain how frustrating it is to walk into a loyal client’s house to discover that the problem actually started months ago, and became disastrous because they chose to “live with it” and let it grow and compound rather than call me up and ask for a little bit of free assistance. (Any computer business worth their salt will take five minutes to talk to you at no charge. It’s called “customer service” and it gets left out a lot with many large businesses these days.) When I perform computer services, it is a very personal matter for me, because the results of my work (short- and long-term) define what people think of me and my skills, and I can’t do my job for someone properly if they don’t tell me that there’s a problem.
If you take anything away from reading this post, (A) learn how to avoid danger on the Internet in the first place, and (B) don’t hesitate to call an expert when things may be getting beyond your control.