Tag Archives: virus scanner

The Helpdesk is Closed…Until Next Christmas



Regrettably, I don’t get to see my folks as much as I’d like….there’s 500-odd miles and a sea between us, so it was a rare pleasure for my parents to visit me over Christmas for a few days.

After a day or so, my dad says to me, “Could you have a look at my laptop?  Every now and then a strange Asian website keeps popping up.  I thought I had a virus but the virus scanner says all is well.”

So I had a look….and yup, he had a trojan.  Not a particularly nasty one and easily removed armed with instructions from the web.  It was  a variant of W32/Autorun-TR or Win32.Worm.Agent.QAL depending on your nomenclature.  I have to recommend Avira’s Antivir Rescue System which is a bootable CD that will scan the hard disk for infection – download from here.   It’s an essential item for every geek  – the Rescue System picked up the virus straight away.

However, what was more interesting was (a) how did he get the virus and (b) why didn’t his (corporate) anti-virus software pick the virus up?

Dad’s an MD for a specialised engineering firm, so he travels a little.  He’s reasonably technically-savvy but not an IT expert.  It transpired that he’d been in China recently and had shared a USB memory stick with a local agent.  This matched the modus operandi of the virus so that part of the mystery was solved.

What I couldn’t understand was, given the age of the virus (late 2008) and that the corporate antivirus software appeared to be working,  why it hadn’t the trojan been picked up as soon as the USB stick was plugged in?

A little further digging revealed the problem….although the AV software was working, it hadn’t successfully installed new virus signatures in over a year – the last successful update was from mid-2008.   The signatures seemed to download ok, but they never got installed into the AV engine properly. If I forced it to download updates, the activity bar would go to 100% and the window would close, so everything looked ok, but if I subsequently went to the dialog which showed the signature version, it was unchanged.

I’m not going to name which anti-virus software it was because I suspect part of the issue might be that my dad’s company hasn’t paid its annual licence and therefore isn’t entitled to updates.  However, I think it’s very poor that there isn’t a warning on startup clearly saying, “Virus signatures are now 18 months out of date – system at risk”.  If Dad had seen that 17 months ago, he would have been on to his IT dept straightaway to get the licences paid (or whatever remedial treatment is needed).  A severe virus outbreak could literally put the company out of business, so I suspect someone will be starting 2010 with an important task from the MD.

As geeks, we often get asked to provide a little free support at Christmas and other holidays.  While it may sometimes take us away from the drinks and the mince pies, it has to be our way of returning the favours that our friends and family do for us the rest of the time.

See you next year, Dad.


Cornflicker and the April Fool’s Day Joke of Doom



How many of the geeks out there are safe from Conflicker, a nasty little worm set to go all doomsday on us on April 1st? Hopefully, 99.9% of us are (there’s never a 100% guarantee). I know I am, as is every machine on my home network and that I have control over at work.

But what about those family members that are far away, or at least aren’t using a machine on our home networks? What happens on April 1st to them? Are they protected? And how can you help them find out if they are infected, and get them cleaned up pronto?

A great little article in USAToday listed an easy way to check and see if a machine is infected. Using the browser, go to any of these three sites:

microsoft.com
symantec.com
mcafee.com

If these sites load in any browser, then Conflicker is not installed on the machine and things are good. But to be on the safe side, you should also be sure whatever virus program is being used is updated and being updated automatically.

If you cannot get to those sites in the browser, then you have Conflicker on your PC. And this baby isn’t easy to get rid of. The article suggested two different sites to try:

Enigma’s Conflicker removal tool
Microsoft’s removal tool

The Enigma and Microsoft tools work because Conflicker doesn’t have their URLa blacklisted inside the worm. That may change as Conflicker mutates, but for now the removal tool is available (and free) from both places. I tried the Enigma one myself and downloaded and installed it very easily. The Microsoft site seemed to be overloaded and I could not fully test it, but Microsoft also claims that if you still can’t get help from their site, you can call them toll-free at 1-866-PCSAFETY.

This is one April Fool’s joke I hope we can all avoid.