In love with a killer virus . .


Here’s a software issue I have been facing quite frequently which I felt must be addressed : viruses. Considering its a pretty huge thing to talk about, please excuse me if the flow is haphazard.

Viruses come in all sizes,all file types, all illicit websites and most importantly and dangerously, in most removable drives. The problem is that viruses embed themselves in the autorun files of removable media, so that they execute every time the media is inserted. Pretty dumb, you would say, considering that most of the antivirus (AV) programs detect and remove that.Well, you get smart,so do they.

Viruses these days have attributes of “superhidden” i.e. they are not detected even if you search for hidden and system files. I have had infections of such viruses(Ntdetec1.exe) and have had 3 different AV programs (McAfee, Avast, Norton) unable to detect and remove it. Fortunately, the symptoms were pretty basic and a quick search yielded the virus name and removal methods. The sad part was that it was self-regenerating and hence very tedious to remove. It took me three hours of fiddling in DOS in Safe Mode to be rid of it.

My latest problem started 3 days ago, when I put in a pen drive to install software in a freshly Windows XP system. I fortunately had an antivirus installed, but resistance was futile,as it turned out later. The virus (Sality.aa) infects all executables(.exe) files and so gets executed everytime you run any program. The symptoms were so amazing, I fell in love with the virus while trying to get rid of it !! Here’s what it did (at least what I realised) : It removed access to Task Manager and folder options so that you couldn’t end the tasks or view hidden files(pretty basic,easy to fix). It created .exe files inside all folders with the same name as that of the parent folder(again basic,meant to laugh at stupid people). Now comes the awesome part : It doesn’t let antivirus programs start if you manually try to open them, closes all opened ones. It therefore cuts off all aid completely. It also prevents you from booting in safe mode (it simply reboots), thus closing one more avenue for rescue. One mistake I made was remove my existing AV (McAfee) thinking it was blocking others from installing, but it was like taking out the last leg from the chair…I simply couldn’t remove any problem from that point on.

I finally had to format the entire hard drive(only C: wont do)…I now have a lot of work and headache ahead to get everything back on track…So here’s what you should and shouldn’t do to guard yourself from viruses :

1. Keep a backup of data, preferably in three independent places and preferably not on pen drives.
2. Try and use pen-drives only on Linux systems. It might be small pain, but believe me, its mich better than spending 2 days trying to fight the virus and 2 days restoring everything.
3. Try and make a software DVD so that you can get back on your feet real quick.
4. Keep at least two anti-viruses handy. I personally recommend Clamwin as an additional one because its powerful and light.
5. Whenever you need to format your drives because of viruses, you will generally be unable to solve the problem unless you delete partitions and create new partitions, since you can never really be sure you are rid of the virus until you delete everything.

Finally ,the golden rule : Be smart, have backup.


Update : Nod32 has also proved ineffective again the Sality virus. It was destroyed helpless just like the other AVs.