2 Rootkits on Downstairs PC (28th August 2009)

This morning, Mum reported the PC would not connect to the Internet. There was not time for me to troubleshoot it before leaving, though.

During the day it got no better. Eventually she called a local PC repairer. He identified some infected files and suggested he take the machine away to fix it.

Apparently it had a pair of rootkits, which are a particularly nasty type of virus. Their names seemed to be:

Anyway, he cloned the drive and reformatted it, then re-installed the operating system. He then copied over some of the important data we had, such our parents’ documents and settings. He brought it back and it seemed OK. But after a while the infection came back, probably residing in one of my archived applications.

I disconnected the machine from the Internet, reformatted the drive and re-installed the OS. He brought the cloned drive over and the cables to connect it up. So I’ve been very carefully copying over uninfectable stuff which we want to keep.

Just now, at about 9pm on Bank Holiday Monday, I tried putting AVG on it. I downloaded the latest version using the upstairs machine. It was just a shell which downloads the rest of the application files; about 100MB in total! So I got all of these and put them on a USB stick. Took this downstairs and copied it all to the HDD, usin the folder where it downloads to.

Running the installer, I expected it to see the files where already downloaded and therefore install it without needing the Internet. After all, how else can you install this on an isolated machine? Connecting an unprotected PC to the Internet whilst 100MB of files are downloaded would be ridiculous. Right?

But, lo and behold, the installer insists it needs an Internet connection to proceed. The files are right where it will be downloading them to! (I am Ben’s puzzled frustration.)

This was far from the only crazy technical barrier I’ve come across. Simple issues, like finding where an application stores its data, are a labyrinth of manuals and versioning and configuration nuances.

Thankfully I did get a long sleep in on Monday morning. But I’d been awake until 1am (or was it 2am?) doing the OS re-installation.

So tomorrow I’ll have to call the PC repair guy to find out how to get around this. He thought the way I described would work. Maybe there’s a Download AVG in one big lump link hidden away somewhere on their website. Sigh.